<meta charset="UTF-8">
<meta name="robots" content="noindex,nofollow" />
<link rel="shortcut icon" type="image/x-icon" href="/wiki/images/favicon.ico" />
<link rel="icon" type="image/x-icon" href="/wiki/images/favicon.ico" />

<pre>
!!! Overview
[{$pagename}] (often referred to as a [Trusted Domain Object] or [TDO]) is a [Microsoft Active Directory] [ObjectClass Type] that represents a domain that is trusted by, or trusting, the local [AD DOMAIN].[{$pagename}] is an [AD DOMAIN] that the local system [trusts] to [authenticate] users. In other words, if a user or [application] is [authenticated] by a [{$pagename}], this [authentication] is accepted by all [AD DOMAINs] that [trust] the authenticating [AD DOMAIN].

Each subordinate [AD DOMAIN] automatically has a two-way [trust] [relationship] with the main [AD DOMAIN]. By default, this trust is transitive, meaning that if a system trusts [AD DOMAIN] A, it also trusts all domains that [AD DOMAIN] A trusts.

One-way [trusts] are also supported for [Microsoft Windows] earlier than [Windows Server 2000], which do __NOT__ support transitive, two-way trusts.

The [Local Security Authority] ([LSA]) has an object type, [{$pagename}], that is used to store information about [trust] [relationships], including the name and [Security Identifier] ([SID]) of the [{$pagename}], the [INTERDOMAIN_TRUST_ACCOUNT] in the domain to use for [authentication] requests, name and [SID] translation requests, and the names of [Domain Controllers] in the trusted [AD DOMAIN].

On [Domain Controllers], the [LSA] creates an instance of a [{$pagename}] Entry for each [AD DOMAIN] trusted by the local system.

For example, if a [Windows XP] workstation trusts a [Windows Server 2000] [Domain Controller] that in turn [trusts] four other systems, the workstation, connected using transitive trust, will have five [{$pagename}] objects on its local system.!! [LDAP] [ObjectClass] Definition
The [ObjectClass Type] is defined as:
* [OID]: [1.2.840.113556.1.5.34]
* [ObjectClass-Name]: [{$pagename}]
* SUP: [Container]
* [STRUCTURAL]
* [SchemaIDGUID]: [bf967ab8-0de6-11d0-a285-00aa003049e2]
* [MUST]:
** []
* [MAY]:
** [msDS-SupportedEncryptionTypes]
** [trustType]
** [trustPosixOffset]
** [trustPartner]
** [trustDirection]
** [trustAuthOutgoing]
** [trustAuthIncoming]
** [trustAttributes]
** [securityIdentifier]
** [msDS-TrustForestTrustInfo]
** [mS-DS-CreatorSID]
** [initialAuthOutgoing]
** [initialAuthIncoming]
** [flatName]
** [domainIdentifier]
** [domainCrossRef]
** [additionalTrustedServiceNames]
** [msDS-IngressClaimsTransformationPolicy]
** [msDS-EgressClaimsTransformationPolicy]
* [Extended Flags]: 
** [X-ORIGIN]: [MS-ADSC]!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [2.266 Class trustedDomain|https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-adsc/8dccfa3a-9f60-4691-919b-7851ea6c83a9|target='_blank'] - based on information obtained 2019-05-15 

</pre>