AutomatedLab
Trust Auto-created without Configuration Option
Description
Creating a lab with multiple forest automatically creates a bidirectional trust. This requires deleting it either manually or with custom code if another configuration is desired (which is pretty much always the case when I need more than one forest).
Expected behavior
There being a configuration option to at least disable this behavior. Even more awesome would be a way to custom-define the trust relationship explicitly:
$param = @{
Forest1 = 'contoso.com'
Forest2 = 'fabrikam.com'
Direction = 'Outgoing'
EnableAes = $true
SelectiveAuth = $true
}
Add-LabDomainTrust @param
Actual behavior
Creates forest trusts without choice or option.
Steps to reproduce
Create lab with more than one forest.
Environment details
PowerShell Version
Name Value
---- -----
PSVersion 7.1.3
PSEdition Core
GitCommitId 7.1.3
OS Microsoft Windows 10.0.19042
Platform Win32NT
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
WSManStackVersion 3.0
AutomatedLab components
Name Version
---- -------
AutomatedLab 5.34.0
AutomatedLab.Common 2.0.216
AutomatedLabDefinition 5.34.0
AutomatedLabNotifications 5.34.0
AutomatedLabUnattended 5.34.0
AutomatedLabWorker 5.34.0
Oh right, for the notes: I've got a working workaround for myself, so there's no immediacy on this, just thought I'd bring it up, as I could see trust-related items being a major reason for including more than one forest in a given lab. Code:
function New-LabADTrust
{
[CmdletBinding()]
param (
[string[]]
$ComputerName,
[string]
$RemoteForest,
[ValidateSet('Bidirectional', 'Outbound', 'Inbound')]
[string]
$Direction = 'Bidirectional'
)
$forest = Get-LabDomainDefinition | Where-Object Name -eq $RemoteForest
if (-not $forest) { throw "Unknown forest: $RemoteForest" }
Invoke-LabCommand -ActivityName "Creating Forest Trust" -ComputerName $ComputerName -ScriptBlock {
param (
$RemoteForest,
$Direction,
[PSCredential]
$RemoteCredential
)
$remoteContext = New-Object -TypeName "System.DirectoryServices.ActiveDirectory.DirectoryContext" -ArgumentList @(
"Forest",
$RemoteForest,
$RemoteCredential.UserName,
$RemoteCredential.GetNetworkCredential().Password
)
$remoteForestObject = [System.DirectoryServices.ActiveDirectory.Forest]::getForest($remoteContext)
$localforest = [System.DirectoryServices.ActiveDirectory.Forest]::getCurrentForest()
$allTrusts = $localforest.GetAllTrustRelationships()
$trustToTarget = $allTrusts | Where-Object {
$_.SourceName -eq $RemoteForest -or
$_.TargetName -eq $RemoteForest
}
if ($trustToTarget) { $localforest.DeleteTrustRelationship($remoteForestObject) }
$localForest.CreateTrustRelationship($remoteForestObject, $Direction)
} -ArgumentList $RemoteForest, $Direction, $forest.GetCredential()
}
This issue has been automatically marked as stale because it has not had activity from the community in the last 30 days. It will be closed if no further activity occurs within 10 days. If the issue is labelled with any of the work labels (e.g bug, enhancement, documentation, or tests) then the issue will not auto-close.
![stale[bot] avatar](https://avatars.githubusercontent.com/in/1724?v=4 "Published by a pub.dev verified publisher"){kind=small}
Assigning this issue to a milestone so that it is not marked as stale, even though I have no idea how to implement this at the moment
I will take care of this, but I guess after my vacation which ends beginning of August.
