<meta charset="UTF-8">
<meta name="robots" content="noindex,nofollow" />
<link rel="shortcut icon" type="image/x-icon" href="/wiki/images/favicon.ico" />
<link rel="icon" type="image/x-icon" href="/wiki/images/favicon.ico" />

<pre>
!!! Overview
The [{$pagename}] is a [user-Account-Control Attribute Value] (2048) that is a permit to [TrustedDomain] an account for a system domain that trusts other [AD DOMAINs].


When a Trust is established a [Secure connection] is set up later by the [Netlogon service] in the trust [AD DOMAIN] using the trust information that was stored by the user manager. After the trust is established, the RESOURCE [PDC Emulator FSMO Role] changes the trusted [AD DOMAIN]
object [password]. By default Every 7 days, the [PDC Emulator FSMO Role] will generate and set a new trust [credentials], contact the  [PDC Emulator FSMO Role] in the trusted domain, and update the Incoming trust [credentials]. All other [Domain Controllers] in the trusted [AD DOMAIN] will replicate the new [credentials], but to ensure that the trust is not immediately broken until [Replication] occurs, the last [credentials] used will be retained in the SAM database until the next change.

[{$pagename}]s [credentials] cannot be used in a normal session [Microsoft Active Directory] logon process and attempts will show the error &quot;0xc0000198, Status_Nologon_Interdomain Trust_Account&quot;

* Inbound trust [credentials] are stored in [trustAuthIncoming], on the &quot;trusted&quot; side of a trust
* Outbound trust [credentials] are stored in [trustAuthOutgoing], on the &quot;trusting&quot; end of a trust

In the special case of two-way trusts (like Parent-Child trusts or transitive [AD Forest] trusts between internal forests) the [{$pagename}] object on each side of the trust will maintain [credentials] per direction not by the [Trusted Domain Objects]


Unlike the [WORKSTATION_TRUST_ACCOUNT], as used for [Microsoft Windows] [Clients] and [GMSA] accounts, [{$pagename}]s also have the [user-Account-Control Attribute Value] [PASSWD_NOTREQD] set. Since this [Microsoft Active Directory][specification] does not fit well with most [Password Policies|Password Policy] and [Auditors|Auditing] 


!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }] 
----
* [#1] - [Q128489: Inter-Domain Trust Account Passwords|https://support.microsoft.com/support/kb/articles/Q158/1/48.ASP|target='_blank'] - based on information obtained 2015-06-11 
* [#2] - [[MS-ADTS]: Essential Attributes of Interdomain Trust Accounts|https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/ac527b5b-0e88-48a1-8c73-497d40388d04|target='_blank'] - based on information obtained 2020-10-01 

	































</pre>