Trusted Domain Object


Trusted Domain Object (TDO) is an Microsoft Active Directory entity (LDAP Entry) represented as a TrustedDomain ObjectClass Type

Trusted Domain Object is a AD DOMAIN that the local system trusts to authenticate users. In other words, if a user or application is authenticated by a Trusted Domain Object, this authentication is accepted by all AD DOMAINs that trust the authenticating domain.

Each subordinate domain automatically has a two-way trust relationship with the main domain. By default, this trust is transitive, meaning that if a system trusts Domain A, it also trusts all domains that Domain A trusts.

One-way trusts are also supported for operating systems earlier than Windows Server 2000, which do not support transitive, two-way trusts.

The Local Security Authority (LSA) has an object type, TrustedDomain, that is used to store information about trust relationships, including the name and Security Identifier (SID) of the Trusted Domain Object, the account in the domain to use for authentication requests, name and SID translation requests, and the names of Domain Controllers in the trusted domain.

On Domain Controllers, the LSA creates an instance of a TrustedDomain object for each domain trusted by the local system.

For example, if a Windows XP workstation trusts a Windows Server 2000 Domain Controller that in turn trusts four other systems, the workstation, connected using transitive trust, will have five TrustedDomain objects on its local system.

More Information#

There might be more information for this subject on one of the following: