This Post Focuses on Trust.... What does it takes to "Trust" Someone... :)
Here, In this Lab, We have a Parent Domain (Parent.com - Obviously) and a Child Domain (No Point for guessing... Child.com)
Lets move into the sea of Active Directory.... The ADSIEDIT Snap-In....
We will discuss the various objects related to Trust in Active Directory. Lets browse to the "Domain Partition" -> CN=System
tustedDomain
Also known as a TDO (Trusted Domain Object), It is located at the following Location
<Domain Partition> --> CN=System --> CN=<Trusted Domain Name>
TDO consist of the following Information about a Trust:
1. trustAttributes
2. trustAuthIncoming
3. trustAuthOutgoing
4. trustDirection
5. trustPartner
6. trustPosixOffset
7. trustType
trustAttributes
The trustAttributes attribute contains the value of a trust relationship
0x00000001 - The trust is Non-Transitive
0x00000002 - The trust is valid only for Windows 2000 (and newer) computers
0x00000008 - Forest Trust
0x00000010 - Trust is to a domain or forest that is not part of the organization
0x00000020 - Trusted domain is within the same forest
0x00000040 - External Trust
trustAuthIncoming
This attribute specifies authentication information for the incoming portion of a trust
trustAuthOutgoing
This attribute specifies authentication information for the outgoing portion of a trust
trustDirection
Disabled 0x00000000
Inbound 0x00000001
Outbound 0x00000002
Bidirectional 0x00000003
trustPartner
Name of the Domain with which the Trust is Established
trustType
What type of trust has been designated for the trusted domain
1 - The trusted domain is a Microsoft Windows® domain not running Active Directory
2 - The trusted domain is a Windows domain running Active Directory
3 - The trusted domain is running a non-Windows Kerberos distribution
When a Trust is Created, A User Account with the "Trusting Domain NETBIOS Name$" Is also Created in the Users container in Active Directory
The trust accounts are named after the NETBIOS domain name of the trusting domain with a dollar sign ($) appended
You will also notice the domain object in the configuration partition. This is because the configuration and the schema partition are common between all the domains. So a "crossRef" object is created for the trusted domain in the "CN=Partitions" in configuration partition.
Here, In this Lab, We have a Parent Domain (Parent.com - Obviously) and a Child Domain (No Point for guessing... Child.com)
Lets move into the sea of Active Directory.... The ADSIEDIT Snap-In....
We will discuss the various objects related to Trust in Active Directory. Lets browse to the "Domain Partition" -> CN=System
tustedDomain
Also known as a TDO (Trusted Domain Object), It is located at the following Location
<Domain Partition> --> CN=System --> CN=<Trusted Domain Name>
TDO consist of the following Information about a Trust:
1. trustAttributes
2. trustAuthIncoming
3. trustAuthOutgoing
4. trustDirection
5. trustPartner
6. trustPosixOffset
7. trustType
trustAttributes
The trustAttributes attribute contains the value of a trust relationship
0x00000001 - The trust is Non-Transitive
0x00000002 - The trust is valid only for Windows 2000 (and newer) computers
0x00000008 - Forest Trust
0x00000010 - Trust is to a domain or forest that is not part of the organization
0x00000020 - Trusted domain is within the same forest
0x00000040 - External Trust
trustAuthIncoming
This attribute specifies authentication information for the incoming portion of a trust
trustAuthOutgoing
This attribute specifies authentication information for the outgoing portion of a trust
trustDirection
Disabled 0x00000000
Inbound 0x00000001
Outbound 0x00000002
Bidirectional 0x00000003
trustPartner
Name of the Domain with which the Trust is Established
trustType
What type of trust has been designated for the trusted domain
1 - The trusted domain is a Microsoft Windows® domain not running Active Directory
2 - The trusted domain is a Windows domain running Active Directory
3 - The trusted domain is running a non-Windows Kerberos distribution
When a Trust is Created, A User Account with the "Trusting Domain NETBIOS Name$" Is also Created in the Users container in Active Directory
The trust accounts are named after the NETBIOS domain name of the trusting domain with a dollar sign ($) appended
You will also notice the domain object in the configuration partition. This is because the configuration and the schema partition are common between all the domains. So a "crossRef" object is created for the trusted domain in the "CN=Partitions" in configuration partition.
