How can I set the 'The other domain supports Kerberos AES Encryption' setting programmatically?

stackprotector

8/20/23, 4:44 PM

In the GUI (Active Directory Domains and Trusts MMC Snap-in (domain.msc)), you can set the "The other domain supports Kerberos AES Encryption" setting for a trust relationship:

I am looking for a way to set this setting programmatically. I already reviewed the Install-ADDSDomain PowerShell cmdlet and also the netdom TRUST tool, but both do not seem to include an option to set the Kerberos AES encryption setting.

Can someone tell me, how I can set this setting programmatically?

128

0 + 0

scripting

windows

kerberos

trust-relationship

windows-server-2019

Score:0

Server

stackprotector

8/21/23, 7:59 AM

This can be done with ksetup:

ksetup /setenctypeattr <THE_OTHER_DOMAIN> AES128-CTS-HMAC-SHA1-96 AES256-CTS-HMAC-SHA1-96

See also this documentation. Be aware where you execute this command for which domain. You can only use it to set the encryption types for the other domain. So if you are on a DC of child.contoso.com, you can issue:

ksetup /setenctypeattr contoso.com AES128-CTS-HMAC-SHA1-96 AES256-CTS-HMAC-SHA1-96

If you are on a DC of contoso.com, you can issue:

ksetup /setenctypeattr child.contoso.com AES128-CTS-HMAC-SHA1-96 AES256-CTS-HMAC-SHA1-96

Other combinations are not possible and you may face the following problems:

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: How can I set the 'The other domain supports Kerberos AES Encryption' setting programmatically?

TH: ฉันจะตั้งค่า 'โดเมนอื่นรองรับ Kerberos AES Encryption' โดยทางโปรแกรมได้อย่างไร

RO: Cum pot seta programatic setarea „Celălalt domeniu acceptă criptarea Kerberos AES”?

RU: Как программно установить параметр «Другой домен поддерживает шифрование Kerberos AES»?

VI: Làm cách nào tôi có thể đặt cài đặt 'Miền khác hỗ trợ Mã hóa Kerberos AES' theo chương trình?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.