6.1.6.7 Essential Attributes of a Trusted Domain Object

TDOs are stored in the System container, with a CN representing the fully qualified domain name (FQDN) (2) of the trusted domain. For example, if a.example.com trusts b.example.com, an object would be created in the System container with a CN of b.example.com. The System container can be found by using the function GetWellknownObject(NC, default NC, GUID_SYSTEM_CONTAINER_W). For more information, see section 3.1.1.1.

The contents of TDOs are described by the trustedDomain schema object [MS-ADSC]. The following table details those attributes that are essential to a well-functioning interdomain trust, with links to specific sections detailing their relevance and format when these attributes are present.

Attribute name	Reference
flatName	MS-ADA1
isCriticalSystemObject	MS-ADA1
msDS-SupportedEncryptionTypes	MS-ADA2, MS-ADTS section 6.1.6.9.1
msDS-TrustForestTrustInfo	MS-ADA2, MS-ADTS section 6.1.6.9.3
nTSecurityDescriptor	MS-ADA3
objectCategory	MS-ADA3
objectClass	MS-ADA3
securityIdentifier	MS-ADA3
trustAttributes	MS-ADA3
trustAuthIncoming	MS-ADA3, MS-ADTS section 6.1.6.9.1
trustAuthOutgoing	MS-ADA3, MS-ADTS section 6.1.6.9.1
trustDirection	MS-ADA3
trustPartner	MS-ADA3
trustPosixOffset	MS-ADA3, MS-ADTS section 6.1.6.9.4
trustType	MS-ADA3