Case 0: Just acme.com TLN Old Ftinfo: (null) New Ftinfo: TLN: acme.com Result Ftinfo: TLN: acme.com Case 1: acme.com and ms.com TLN Old Ftinfo: (null) New Ftinfo: TLN: acme.com TLN: ms.com Result Ftinfo: TLN: acme.com TLN: ms.com ( TlnNew) Case 2: Same but switch the alphabetical order Old Ftinfo: (null) New Ftinfo: TLN: acme.com TLN: z.au Result Ftinfo: TLN: z.au ( TlnNew) TLN: acme.com Case 3: Have no TLN for the forest (Should fail w/ ERROR_INVALID_PARAMETER) Old Ftinfo: (null) New Ftinfo: TLN: z.au DsMergeForestTrustInformationW failed: Status = 87 0x57 ERROR_INVALID_PARAMETER Case 4: Build acme.com again Old Ftinfo: (null) New Ftinfo: TLN: acme.com Result Ftinfo: TLN: acme.com Case 5: Add a new ms.com TLN Old Ftinfo: TLN: acme.com New Ftinfo: TLN: acme.com TLN: ms.com Result Ftinfo: TLN: acme.com TLN: ms.com ( TlnNew) Case 6: Ensure the new bit doesn't go away Old Ftinfo: TLN: acme.com TLN: ms.com ( TlnNew) New Ftinfo: TLN: acme.com TLN: ms.com Result Ftinfo: TLN: acme.com TLN: ms.com ( TlnNew) Case 7: Exact match on corp.acme.com TLN Old Ftinfo: (null) New Ftinfo: TLN: corp.acme.com Result Ftinfo: TLN: corp.acme.com Case 8: Only child of corp.acme.com TLN (Should fail w/ ERROR_INVALID_PARAMETER) Old Ftinfo: (null) New Ftinfo: TLN: x.corp.acme.com DsMergeForestTrustInformationW failed: Status = 87 0x57 ERROR_INVALID_PARAMETER Case 9: Ensure a disabled TLN stays disabled Old Ftinfo: TLN: acme.com TLN: ms.com ( TlnAdmin) New Ftinfo: TLN: acme.com TLN: ms.com Result Ftinfo: TLN: acme.com TLN: ms.com ( TlnAdmin) Case 10: Ensure all bits are preserved in a TLN Old Ftinfo: TLN: acme.com TLN: ms.com ( TlnNew TlnAdmin TlnConflict 0xFFFFFFF8) New Ftinfo: TLN: acme.com TLN: ms.com Result Ftinfo: TLN: acme.com TLN: ms.com ( TlnNew TlnAdmin TlnConflict 0xFFFFFFF8) Case 11: Ensure a disabled TLN stays disabled in a child Old Ftinfo: TLN: acme.com TLN: ms.com ( TlnAdmin) New Ftinfo: TLN: acme.com TLN: a.ms.com Result Ftinfo: TLN: acme.com TLN: a.ms.com ( TlnAdmin) Case 12: Ensure a disabled TLN does *not* disable a parent Old Ftinfo: TLN: acme.com TLN: b.a.ms.com ( TlnAdmin) New Ftinfo: TLN: acme.com TLN: a.ms.com Result Ftinfo: TLN: acme.com TLN: a.ms.com ( TlnNew) Case 13: Ensure a TLNEX is ignored in new Old Ftinfo: (null) New Ftinfo: TLN: acme.com TEX: a.acme.com Result Ftinfo: TLN: acme.com Case 14: Ensure a TLNEX is copied from old Old Ftinfo: TLN: acme.com TEX: a.acme.com New Ftinfo: TLN: acme.com Result Ftinfo: TLN: acme.com TEX: a.acme.com Case 15: Trivial single domain forest Old Ftinfo: (null) New Ftinfo: TLN: acme.com Dom: corp.acme.com (CORP_NB) S-1-5-1 Result Ftinfo: TLN: acme.com Dom: corp.acme.com (CORP_NB) S-1-5-1 Case 16: Ensure a disabled domain remains disabled Old Ftinfo: TLN: acme.com Dom: corp.acme.com (CORP_NB) ( SidAdmin) S-1-5-1 New Ftinfo: TLN: acme.com Dom: corp.acme.com (CORP_NB) S-1-5-1 Result Ftinfo: TLN: acme.com Dom: corp.acme.com (CORP_NB) ( SidAdmin) S-1-5-1 Case 17: Drop duplicate new TLN entries Old Ftinfo: (null) New Ftinfo: TLN: acme.com TLN: acme.com Result Ftinfo: TLN: acme.com Case 18: ... even if the duplicate is subordinate Old Ftinfo: (null) New Ftinfo: TLN: acme.com TLN: a.acme.com Result Ftinfo: TLN: acme.com Case 19: ... even if there are many of them Old Ftinfo: (null) New Ftinfo: TLN: acme.com TLN: acme.com TLN: a.acme.com TLN: b.acme.com TLN: ms.com Result Ftinfo: TLN: acme.com TLN: ms.com ( TlnNew) Case 20: Try multiple domain entries Old Ftinfo: (null) New Ftinfo: TLN: acme.com Dom: corp.acme.com (CORP_NB0) S-1-5-1 Dom: c1.corp.acme.com (CORP_NB1) S-1-5-2 Dom: c2.corp.acme.com (CORP_NB2) S-1-5-3 Result Ftinfo: TLN: acme.com Dom: corp.acme.com (CORP_NB0) S-1-5-1 Dom: c1.corp.acme.com (CORP_NB1) S-1-5-2 Dom: c2.corp.acme.com (CORP_NB2) S-1-5-3 Case 21: Duplicate Sids are bad Old Ftinfo: (null) New Ftinfo: TLN: acme.com Dom: corp.acme.com (CORP_NB0) S-1-5-1 Dom: c1.corp.acme.com (CORP_NB1) S-1-5-2 Dom: c2.corp.acme.com (CORP_NB2) S-1-5-1 Result Ftinfo: TLN: acme.com Dom: corp.acme.com (CORP_NB0) S-1-5-1 Dom: c1.corp.acme.com (CORP_NB1) S-1-5-2 Case 22: ... even if there are many of them Old Ftinfo: (null) New Ftinfo: TLN: acme.com Dom: corp.acme.com (CORP_NB0) S-1-5-1 Dom: c1.corp.acme.com (CORP_NB1) S-1-5-2 Dom: c2.corp.acme.com (CORP_NB2) S-1-5-1 Dom: c3.corp.acme.com (CORP_NB3) S-1-5-1 Dom: c4.corp.acme.com (CORP_NB4) S-1-5-1 Result Ftinfo: TLN: acme.com Dom: corp.acme.com (CORP_NB0) S-1-5-1 Dom: c1.corp.acme.com (CORP_NB1) S-1-5-2 Case 23: Ensure multiple disabled domains remain disabled Old Ftinfo: TLN: acme.com Dom: corp.acme.com (CORP_NB0) S-1-5-1 Dom: c1.corp.acme.com (CORP_NB1) ( SidAdmin) S-1-5-2 Dom: c2.corp.acme.com (CORP_NB2) S-1-5-3 Dom: c3.corp.acme.com (CORP_NB3) ( SidAdmin) S-1-5-4 Dom: c4.corp.acme.com (CORP_NB4) S-1-5-5 New Ftinfo: TLN: acme.com Dom: corp.acme.com (CORP_NB0) S-1-5-1 Dom: c1.corp.acme.com (CORP_NB1) S-1-5-2 Dom: c2.corp.acme.com (CORP_NB2) S-1-5-3 Dom: c3.corp.acme.com (CORP_NB3) S-1-5-4 Dom: c4.corp.acme.com (CORP_NB4) S-1-5-5 Result Ftinfo: TLN: acme.com Dom: corp.acme.com (CORP_NB0) S-1-5-1 Dom: c1.corp.acme.com (CORP_NB1) ( SidAdmin) S-1-5-2 Dom: c2.corp.acme.com (CORP_NB2) S-1-5-3 Dom: c3.corp.acme.com (CORP_NB3) ( SidAdmin) S-1-5-4 Dom: c4.corp.acme.com (CORP_NB4) S-1-5-5 Case 24: Don't let an old disabled domain entry go away Old Ftinfo: TLN: acme.com Dom: corp.acme.com (CORP_NB) ( SidAdmin) S-1-5-1 New Ftinfo: TLN: acme.com Result Ftinfo: TLN: acme.com Dom: corp.acme.com (CORP_NB) ( SidAdmin) S-1-5-1 Case 25: ... even if there's no TLN for the domain entry Old Ftinfo: TLN: acme.com Dom: ms.com (CORP_NB) ( SidAdmin) S-1-5-1 New Ftinfo: TLN: acme.com Result Ftinfo: TLN: acme.com Dom: ms.com (CORP_NB) ( SidAdmin) S-1-5-1 Case 26: Add a new domain Old Ftinfo: TLN: acme.com Dom: corp.acme.com (CORP_NB0) S-1-5-1 Dom: c1.corp.acme.com (CORP_NB1) S-1-5-2 Dom: c2.corp.acme.com (CORP_NB2) S-1-5-3 New Ftinfo: TLN: acme.com Dom: corp.acme.com (CORP_NB0) S-1-5-1 Dom: c1.corp.acme.com (CORP_NB1) S-1-5-2 Dom: c2.corp.acme.com (CORP_NB2) S-1-5-3 Dom: c3.corp.acme.com (CORP_NB3) S-1-5-4 Dom: c4.corp.acme.com (CORP_NB4) S-1-5-5 Result Ftinfo: TLN: acme.com Dom: corp.acme.com (CORP_NB0) S-1-5-1 Dom: c1.corp.acme.com (CORP_NB1) S-1-5-2 Dom: c2.corp.acme.com (CORP_NB2) S-1-5-3 Dom: c3.corp.acme.com (CORP_NB3) S-1-5-4 Dom: c4.corp.acme.com (CORP_NB4) S-1-5-5 Case 27: Delete old domains Old Ftinfo: TLN: acme.com Dom: corp.acme.com (CORP_NB0) S-1-5-1 Dom: c1.corp.acme.com (CORP_NB1) S-1-5-2 Dom: c2.corp.acme.com (CORP_NB2) S-1-5-3 Dom: c3.corp.acme.com (CORP_NB3) S-1-5-4 Dom: c4.corp.acme.com (CORP_NB4) S-1-5-5 New Ftinfo: TLN: acme.com Dom: corp.acme.com (CORP_NB0) S-1-5-1 Dom: c1.corp.acme.com (CORP_NB1) S-1-5-2 Dom: c2.corp.acme.com (CORP_NB2) S-1-5-3 Result Ftinfo: TLN: acme.com Dom: corp.acme.com (CORP_NB0) S-1-5-1 Dom: c1.corp.acme.com (CORP_NB1) S-1-5-2 Dom: c2.corp.acme.com (CORP_NB2) S-1-5-3 Case 28: Ensure there's a TLN for every domain Old Ftinfo: (null) New Ftinfo: TLN: acme.com Dom: corp.ms.com (CORP_NB0) S-1-5-1 Dom: c1.corp.ms.com (CORP_NB1) S-1-5-2 Dom: c2.corp.ms.com (CORP_NB2) S-1-5-3 Result Ftinfo: TLN: acme.com TLN: corp.ms.com Dom: corp.ms.com (CORP_NB0) S-1-5-1 Dom: c1.corp.ms.com (CORP_NB1) S-1-5-2 Dom: c2.corp.ms.com (CORP_NB2) S-1-5-3 Case 29: Ensure all of the possible flag bits are preserved Old Ftinfo: TLN: acme.com Dom: corp.acme.com (CORP_NB) ( SidAdmin SidConflict NbAdmin NbConflict 0xFFFFFFF0) S-1-5-1 New Ftinfo: TLN: acme.com Dom: corp.acme.com (CORP_NB) S-1-5-1 Result Ftinfo: TLN: acme.com Dom: corp.acme.com (CORP_NB) ( SidAdmin SidConflict NbAdmin NbConflict 0xFFFFFFF0) S-1-5-1 Case 30: Ensure that a netbios admin disabled bit doesn't disappear Old Ftinfo: TLN: acme.com Dom: corp.acme.com (CORP_NB0) S-1-5-1 Dom: c1.corp.acme.com (CORP_NB1) S-1-5-2 Dom: c2.corp.acme.com (CORP_NB2) S-1-5-3 Dom: c3.corp.acme.com (CORP_NB3) S-1-5-4 Dom: c4.corp.acme.com (CORP_NB4) ( SidAdmin) S-1-5-5 New Ftinfo: TLN: acme.com Dom: corp.acme.com (CORP_NB0) S-1-5-1 Dom: c1.corp.acme.com (CORP_NB1) S-1-5-2 Dom: c2.corp.acme.com (CORP_NB2) S-1-5-3 Dom: c3.corp.acme.com (CORP_NB3) S-1-5-4 Result Ftinfo: TLN: acme.com Dom: corp.acme.com (CORP_NB0) S-1-5-1 Dom: c1.corp.acme.com (CORP_NB1) S-1-5-2 Dom: c2.corp.acme.com (CORP_NB2) S-1-5-3 Dom: c3.corp.acme.com (CORP_NB3) S-1-5-4 Dom: c4.corp.acme.com (CORP_NB4) ( SidAdmin) S-1-5-5 Case 31: ... but that a netbios conflict does Old Ftinfo: TLN: acme.com Dom: corp.acme.com (CORP_NB0) S-1-5-1 Dom: c1.corp.acme.com (CORP_NB1) S-1-5-2 Dom: c2.corp.acme.com (CORP_NB2) S-1-5-3 Dom: c3.corp.acme.com (CORP_NB3) S-1-5-4 Dom: c4.corp.acme.com (CORP_NB4) ( SidConflict) S-1-5-5 New Ftinfo: TLN: acme.com Dom: corp.acme.com (CORP_NB0) S-1-5-1 Dom: c1.corp.acme.com (CORP_NB1) S-1-5-2 Dom: c2.corp.acme.com (CORP_NB2) S-1-5-3 Dom: c3.corp.acme.com (CORP_NB3) S-1-5-4 Result Ftinfo: TLN: acme.com Dom: corp.acme.com (CORP_NB0) S-1-5-1 Dom: c1.corp.acme.com (CORP_NB1) S-1-5-2 Dom: c2.corp.acme.com (CORP_NB2) S-1-5-3 Dom: c3.corp.acme.com (CORP_NB3) S-1-5-4 Case 32: ... Get it right even if the NB entry moves to different sid Old Ftinfo: TLN: acme.com Dom: corp.acme.com (CORP_NB0) S-1-5-1 Dom: c1.corp.acme.com (CORP_NB1) S-1-5-2 Dom: c2.corp.acme.com (CORP_NB3) S-1-5-3 Dom: c3.corp.acme.com (CORP_NB2) ( SidAdmin SidConflict) S-1-5-4 New Ftinfo: TLN: acme.com Dom: corp.acme.com (CORP_NB0) S-1-5-1 Dom: c1.corp.acme.com (CORP_NB1) S-1-5-2 Dom: c2.corp.acme.com (CORP_NB2) S-1-5-3 Dom: c3.corp.acme.com (CORP_NB3) S-1-5-4 Result Ftinfo: TLN: acme.com Dom: corp.acme.com (CORP_NB0) S-1-5-1 Dom: c1.corp.acme.com (CORP_NB1) S-1-5-2 Dom: c2.corp.acme.com (CORP_NB2) S-1-5-3 Dom: c3.corp.acme.com (CORP_NB3) ( SidAdmin SidConflict) S-1-5-4 Yee haw. We're done.