Overview#Trusted Domain Object (TDO) is an Microsoft Active Directory entity (LDAP Entry) represented as a TrustedDomain ObjectClass Type
Trusted Domain Object is a AD DOMAIN that the local system trusts to authenticate users. In other words, if a user or application is authenticated by a Trusted Domain Object, this authentication is accepted by all AD DOMAINs that trust the authenticating domain.
Each subordinate domain automatically has a two-way trust relationship with the main domain. By default, this trust is transitive, meaning that if a system trusts Domain A, it also trusts all domains that Domain A trusts.
The Local Security Authority (LSA) has an object type, TrustedDomain, that is used to store information about trust relationships, including the name and Security Identifier (SID) of the Trusted Domain Object, the account in the domain to use for authentication requests, name and SID translation requests, and the names of Domain Controllers in the trusted domain.
For example, if a Windows XP workstation trusts a Windows Server 2000 Domain Controller that in turn trusts four other systems, the workstation, connected using transitive trust, will have five TrustedDomain objects on its local system.