From Windows systems tools like PowerView (PowerShell) and netdom may be used to enumerate trusts :
netdom
From domain-joined hosts, the netdom cmdlet can be used.
netdom trust /domain:DOMAIN.LOCAL
PowerView
Alternatively, PowerSploit's PowerView (PowerShell) supports multiple commands for various purposes.
# Enumerate domain trust relationships of the current user's domainGet-NetDomainTrustGet-NetDomainTrust –Domain [DomainName]Get-NetDomainTrust-SearchBase "GC://$($ENV:USERDNSDOMAIN)"# Enumerate forest trusts from the current domain's perspectiveGet-NetForestTrustGet-NetForestDomain-Forest [ForestName]# Enumerate all the trusts of all the domains foundGet-NetForestDomain|Get-NetDomainTrust# Enumerate and map all domain trustsInvoke-MapDomainTrust#Get users with privileges in other domains inside the forestGet-DomainForeingUser#Get groups with privileges in other domains inside the forestGet-DomainForeignGroupMember
The global catalog is a partial copy of all objects in an Active Directory forest, meaning that some object properties (but not all) are contained within it. This data is replicated among all domain controllers marked as global catalogs for the forest. Trusted domain objects are replicated in the global catalog, so we can enumerate every single internal and external trust that all domains in our current forest have extremely quickly, and only with traffic to our current PDC.