6.1.6.7.15 trustType

The trustType attribute is an integer value that dictates what type of trust has been designated for the trusted domain. Following are the valid values, corresponding to the TrustType field in LSAPR_TRUSTED_DOMAIN_INFORMATION_EX, as specified in [MS-LSAD] section 2.2.7.9. The trustType contains one of the following values:

TTD (TRUST_TYPE_DOWNLEVEL, 0x00000001): The trusted domain is a Windows domain not running Active Directory.

TTU (TRUST_TYPE_UPLEVEL, 0x00000002): The trusted domain is a Windows domain running Active Directory.

TTM (TRUST_TYPE_MIT, 0x00000003): The trusted domain is running a non-Windows, RFC4120-compliant Kerberos distribution. This type of trust is distinguished in that (1) a SID is not required for the TDO, and (2) the default key types include the DES-CBC and DES-CRC encryption types (see [RFC4120] section 8.1).

TTDCE (TRUST_TYPE_DCE, 0x00000004): Historical reference; this value is not used in Windows.

TTAAD (TRUST_TYPE_AAD, 0x00000005): The trusted domain is in Azure Active Directory.

Note: This trustType is supported by the operating systems specified in [MSKB-5025305], [MSKB-5025298], [MSKB-5025297], [MSKB-5026362], and [MSKB-5026370], each with its related MSKB article download installed.