#ifndef DEFINES_ONLY #include #include appicon ICON "trustdom.ico" #endif //!DEFINES_ONLY #define VER_FILETYPE VFT_APP #define VER_FILESUBTYPE VFT2_UNKNOWN #define VER_FILEDESCRIPTION_STR "TRUSTDOM - Manage Trust Links" #define VER_INTERNALNAME_STR "trustdom.exe" #define VER_FILEVERSION 1,4,0,0 #define VER_FILEVERSION_STR "1.4.0.0" #define VER_FILEVERSION_LSTR L"1.4.0.0" #include "common.ver" #define IDS_USAGE 100 #define IDS_GENERATERANDOMSID_F 200 #define IDS_INVALID_DOMAIN_NAME 210 #define IDS_DSGETDCNAME_F 300 #define IDS_DSGETDCNAME_FRET 301 #define IDS_DSGETDCNAME_FFORCE 302 #define IDS_DSGETDCNAME_DC_D 303 #define IDS_DSGETDCNAME_MIT 304 #define IDS_LSAOPENPOLICY_F1 305 #define IDS_ACCESS_DENIED 306 #define IDS_ERROR_FORMAT 307 #define IDS_LOCAL 308 #define IDS_PASSWORD_PROMPT 309 #define IDS_MIT_LOCAL_ONLY_BOTH 310 #define IDS_GETDOMAININFOFORDOMAIN_D 400 #define IDS_PRIMARY_D 401 //#define IDS_GETDOMAININFOFORDOMAINPRI_D 402 #define IDS_DOMAINNAMED 403 #define IDS_LSAENUMERATETRUSTEDDOMAINSEX_D 404 #define IDS_LSAENUMERATETRUSTEDDOMAINS_D 405 #define IDS_NETUSERENUM_D 406 #define IDS_LSACREATETRUSTEDDOMAINEX_F 407 #define IDS_NETUSERADD_F 408 #define IDS_NERR_UserExists 409 #define IDS_LSACREATETRUSTEDDOMAIN_F 410 #define IDS_STATUS_OBJECT_NAME_COLLISION 411 #define IDS_LSACREATESECRET_F 420 #define IDS_LSASETSECRET_F 421 #define IDS_GETTRUSTLINKS_F 422 #define IDS_NO_TRUST_OBJECT_D 423 #define IDS_LSAQUERYTRUSTEDDOMAININFOBYNAME_F 424 #define IDS_LSASETTRUSTEDDOMAININFOBYNAME_F 425 #define IDS_LSAOPENTRUSTEDDOMAIN_F 426 #define IDS_NONNULL_SID 427 #define IDS_DELETION_F 428 #define IDS_SECRET_NOT_FOUND_D 429 #define IDS_LSAOPENSECRET_F 430 #define IDS_LSADELETE_F 431 #define IDS_NETUSERDEL_F 432 #define IDS_UNKNOWN_OPTION 433 #define IDS_DOMARGUMENTS 434 #define IDS_WARNING 435 #define IDS_ERROR 436 #define IDS_PARENT_REQ_BOTH 437 #define IDS_LOCAL_DEL_TRUST_F 438 #define IDS_REMOTE_DEL_TRUST_F 439 #define IDS_LOCAL_CHK_TRUST_F 440 #define IDS_REMOTE_CHK_TRUST_F 441 #define IDS_NT4_REQ_DOWNLEVEL 445 #define IDS_CREATE_TRUST_F 446 #define IDS_COMMAND_FAILED 447 #define IDS_FORCENT4 450 #define IDS_PROCESSDOM 500 #define IDS_DELTRUSTFROMTO 501 #define IDS_CHKTRUSTFROMTO 502 #define IDS_LSAQUERYNULLSID 510 #define IDS_LSASETNULLSID 511 #define IDS_NULLSID 512 #define IDS_LSATRUSTHANDLE 550 #define IDS_LSADELOBJ 551 #define IDS_VERIFY_VALID 660 #define IDS_VERIFY_INVALID_INCOMING 661 #define IDS_VERIFY_INVALID_OUTGOING 662 #define IDS_VERIFY_CHECK 663 #define IDS_VERIFY_UNMAPPABLE 664 #ifndef DEFINES_ONLY STRINGTABLE DISCARDABLE BEGIN IDS_USAGE, "\ TRUSTDOM - (ver %ws) - Manage Trust Links\n\ Usage:\n\ trustdom [[domain[:dc],]target_domain[:dc]] [Options]\n\n\ Displays/creates/deletes trust links with/between the specified target\n\ domain(s). It can be used remotely, from another machine.\n\ If a pair is specified, the link will be between the two domains.\n\ Default action: '-out', that is a one-way trust is created, as follows:\n\ \040 an outbound trust on the local/specified domain\n\ \040 an inbound trust on the specified target domain\n\ Examples: \040trustdom DOMB \040 one-way trust from local domain to DOMB \040trustdom DOMX,DOMY \040 one-way trust from DOMX to DOMY \040trustdom SOMEDOM -list \040 list trusts for domain SOMEDOM; without the domain name would mean 'local' Arguments:\n\ \040domain/target_domain\n\ \040 - Domains (flat or DNS names)\n\ \040 For multiple DC domains, you can specify the DC to \040 connect to in the form 'domain:dc' Options: \040-list - list all trust links of the specified target domain\n\ \040 (or local domain if none is specified) and exit (all other\n\ \040 commands are ignored)\n\ \040-untrust - Breaks the trust\n\ \040-sidcheck - Check the sids in the specified trust link\n\ \040-verify - Verify the current domain trusts for viability\n\ \040-both - Establishes a two way trust (bidirectional)\n\ \040-out - Establishes an outbound trust [default]\n\ \040-in - Establishes an inbound trust\n\ \040 Specifying '-in -out' is equivalent with '-both'\n\ \040-localonly - All operations (create/delete) are applied only for the\n\ \040 trust objects on the first/local DC (use with care)\n\ \040-downlevel - Creates a downlevel trust\n\ \040-mit - Creates MIT Kerberos trust (enables 'localonly' and 'both')\n\ \040-parent - Establishes a two way parent/child trust;\n\ \040 set the parent bit in the trust object on the child machine\n\ \040-pw:password - Optional password to set on the object as CLEARTEXT only.\n\ \040 Use '*' to enter password in no-echo mode\n\ \040-debug - Detailed messages about operation\n\ \040-force - Force application of the settings, even if they are illegal\n\ \040 or the target domain is nonexistent/nonaccessible\n\ \040 e.g., setting a trust to a NT4 machine without\n\ \040 specifying 'downlevel'; (use with care)\n\ \040-nt4 - force nt4 style operation even if domains are NT5\n\ \040-sidlist - list SIDs too (enables 'list' option; NT5 only)\n\ The comma-separated fields displayed with the '-list/-sidlist' command:\n\ \040name of domain (if possible, the DNS name)\n\ \040direction of trust: I(nbound), O(utbound), B(idirectional)\n\ \040type of trust: T_downlevel, T_uplevel, T_mit, T_DCE\n\ \040trust attributes (as 4 separate fields; a missing attribute is replaced by _):\n\ \040 A_NonTran,A_UpLevelOnly,A_TreeParent,A_TreeRoot\n\ \040sid from the trust object (if '-sidlist' is specified)\n" IDS_GENERATERANDOMSID_F "GenerateRandomSID failed: err 0x%08lx\012" IDS_INVALID_DOMAIN_NAME "Invalid domain name: %ws\n" IDS_DSGETDCNAME_F "DsGetDcName for %ws failed: 0x%08lx;" IDS_DSGETDCNAME_FRET " ...now returning Status 0x%08lx (STATUS_NO_SUCH_DOMAIN)\012" IDS_DSGETDCNAME_FFORCE " ...'-force' option specified; ignoring the previous DsGetDcName error\012" //IDS_DSGETDCNAME_DC_D "DC used for domain %ws: %ws (flags:0x%08lx)\012" IDS_DSGETDCNAME_DC_D "DC used for domain %ws: %ws\012" IDS_DSGETDCNAME_MIT "For a MIT trust: assuming %ws is a Unix machine...\n" IDS_LSAOPENPOLICY_F1 "LsaOpenPolicy on %ws failed with " IDS_ACCESS_DENIED "STATUS_ACCESS_DENIED\012" IDS_ERROR_FORMAT "err 0x%08lx\012" IDS_LOCAL "(local)" IDS_PASSWORD_PROMPT "Password : " IDS_MIT_LOCAL_ONLY_BOTH "MIT trusts: always local only and both; enabling 'localonly' and 'both' options\n" IDS_GETDOMAININFOFORDOMAIN_D "GetDomainInfoForDomain for %ws: LsaQueryInformationPolicy(%ws) returned 0x%lx\012" IDS_PRIMARY_D "Trying (Primary)...\012" IDS_DOMAINNAMED "DNSDomainName: %wZ\012" IDS_LSAENUMERATETRUSTEDDOMAINSEX_D "LsaEnumerateTrustedDomainsEx for %wZ returned 0x%08lx (%lu entries)\012" IDS_LSAENUMERATETRUSTEDDOMAINS_D "LsaEnumerateTrustedDomains for %wZ returned 0x%08lx (%lu entries)\012" IDS_NETUSERENUM_D "NetUserEnum for %wZ returned 0x%08lx (%lu entries)\012" IDS_LSACREATETRUSTEDDOMAINEX_F "LsaCreateTrustedDomainEx on %wZ for %ws failed with 0x%lx\012" IDS_STATUS_OBJECT_NAME_COLLISION "On %wZ there is already a trust object to %ws\n" IDS_NETUSERADD_F "NetUserAdd on %ws for %ws failed: err 0x%08lx\012" IDS_NERR_UserExists "On %ws user %ws already exists\n" IDS_LSACREATETRUSTEDDOMAIN_F "LsaCreateTrustedDomain failed: err 0x%08lx\012" IDS_LSACREATESECRET_F "LsaCreateSecret failed: err 0x%08lx\012" IDS_LSASETSECRET_F "LsaSetSecret failed: err 0x%08lx\012" IDS_GETTRUSTLINKS_F "GetTrustLinks on %wZ failed: err 0x%08lx\012" IDS_NO_TRUST_OBJECT_D "On %wZ, no trust object to %wZ found...\012" IDS_LSAQUERYTRUSTEDDOMAININFOBYNAME_F "LsaQueryTrustedDomainInfoByName on %wZ for %wZ failed: err 0x%08lx\012" IDS_LSASETTRUSTEDDOMAININFOBYNAME_F "LsaSetTrustedDomainInfoByName on %wZ for %wZ failed: err 0x%08lx\012" IDS_LSAOPENTRUSTEDDOMAIN_F "LsaOpenTrustedDomain failed: err 0x%08lx\012" IDS_NONNULL_SID "DeleteTrustLinks: cannot get a nonNULL sid for the trust to %wZ\012" IDS_DELETION_F "Deletion of trusted domain object on %wZ failed with 0x%lx\012" IDS_SECRET_NOT_FOUND_D "Secret %wZ not found. Ignoring...\012" IDS_LSAOPENSECRET_F "LsaOpenSecret failed: err 0x%08lx\012" IDS_LSADELETE_F "LsaDelete on secret %wZ failed: err 0x%08lx\012" IDS_NETUSERDEL_F "NetUserDel for user %ws failed: err 0x%08lx\012" IDS_UNKNOWN_OPTION "Unknown option: %s\012" IDS_DOMARGUMENTS "Trust Link between domains: [%ws%ws%ws],[%ws%ws%ws]\012" IDS_WARNING "Warning" IDS_ERROR "Error" IDS_PARENT_REQ_BOTH "%ws: '-parent' REQUIRES '-both'\012" IDS_LOCAL_DEL_TRUST_F "Local: Deleting trust things failed with 0x%lx\012" IDS_REMOTE_DEL_TRUST_F "Remote: Deleting trust things failed with 0x%lx\012" IDS_LOCAL_CHK_TRUST_F "Local: Checking trust things failed with 0x%lx\012" IDS_REMOTE_CHK_TRUST_F "Remote: Checking trust things failed with 0x%lx\012" IDS_NT4_REQ_DOWNLEVEL "%ws: NT4 DCs REQUIRE '-downlevel'\012" IDS_CREATE_TRUST_F "Creating trust from %ws to %ws failed with 0x%lx\012" IDS_COMMAND_FAILED "The command failed: err 0x%0lx\012" IDS_FORCENT4 "...'-nt4' flag used; force NT4 style trust operation for domain %ws\n" IDS_PROCESSDOM "-- Processing domain: %wZ...\n" IDS_DELTRUSTFROMTO "-- Deleting on domain %wZ trust to domain %wZ...\n" IDS_CHKTRUSTFROMTO "-- Checking on domain %wZ trust to domain %wZ...\n" IDS_LSAQUERYNULLSID "NULL sid returned by LsaQueryTrustedDomainInfoByName\n" IDS_LSASETNULLSID "LsaSetTrustedDomainInfoByName: NULL sid\n" IDS_NULLSID "#### NULL sid\n" IDS_LSATRUSTHANDLE "Handle returned by LsaOpenTrustedDomain: 0x%08lx (Status: 0x%08lx)\n" IDS_LSADELOBJ "Attempting deleting LSA Object with handle 0x%08lx\n" IDS_VERIFY_VALID "\nThe following trusts verfied correctly:\n" IDS_VERIFY_INVALID_INCOMING "\nThe following trusts where invalid in the inbound direction:\n" IDS_VERIFY_INVALID_OUTGOING "\nThe following trusts where invalid in the outbound direction:\n" IDS_VERIFY_CHECK "Validating trust from domain %wZ to domain %wZ\n" IDS_VERIFY_UNMAPPABLE "unmapped error code 0x%lx\n" END #endif //!DEFINES_ONLY