TrustedDomain (often referred to as a Trusted Domain Object or TDO) is a Microsoft Active Directory ObjectClass Type that represents a domain that is trusted by, or trusting, the local AD DOMAIN.

TrustedDomain is an AD DOMAIN that the local system trusts to authenticate users. In other words, if a user or application is authenticated by a TrustedDomain, this authentication is accepted by all AD DOMAINs that trust the authenticating AD DOMAIN.

Each subordinate AD DOMAIN automatically has a two-way trust relationship with the main AD DOMAIN. By default, this trust is transitive, meaning that if a system trusts AD DOMAIN A, it also trusts all domains that AD DOMAIN A trusts.

One-way trusts are also supported for Microsoft Windows earlier than Windows Server 2000, which do NOT support transitive, two-way trusts.

The Local Security Authority (LSA) has an object type, TrustedDomain, that is used to store information about trust relationships, including the name and Security Identifier (SID) of the TrustedDomain, the INTERDOMAIN_TRUST_ACCOUNT in the domain to use for authentication requests, name and SID translation requests, and the names of Domain Controllers in the trusted AD DOMAIN.

On Domain Controllers, the LSA creates an instance of a TrustedDomain Entry for each AD DOMAIN trusted by the local system.

For example, if a Windows XP workstation trusts a Windows Server 2000 Domain Controller that in turn trusts four other systems, the workstation, connected using transitive trust, will have five TrustedDomain objects on its local system.

LDAP ObjectClass Definition#

The ObjectClass Type is defined as:

More Information#

There might be more information for this subject on one of the following: