Links

🛠️ Trusts

This is a work-in-progress. It's indicated with the 🛠️ emoji in the page name or in the category name. Wanna help? Please reach out to me: @_nwodtuhs

Theory

Active Directory trusts are mechanisms that allow to interconnect domain and forests. Once a trust relationship is established between a trusting domain (A) and a trusted domain (B), users from the trusted domain can authenticate to the trusting domain's resources. In other -more technical- terms, trusts extend the security boundary of a domain or forest.
Trusts come in many shapes and forms : one-way, two-way, transitive, shortcut trusts, etc. Understanding the trusts is essential to abuse them.

Direction

  • one-way vs two-way

Transitivity

  • transitive
  • non-transitive

Trusts types

  • parent-child
  • tree-root
  • shortcut
  • forest
  • external
  • realm
// make a table that sums all this up
Trust type
Transitivity
Direction
Auth. mechanisms
Notes
Parent-Child
Transitive
Two-way
Kerberos V5 or NTLM
Created automatically when a child domain is added.
Tree-Root
Transitive
Two-way
Kerberos V5 or NTLM
Created automatically when a new Tree is added to a forest.
Shortcut
Transitive
One-way or Two-way
Kerberos V5 or NTLM
Created Manually. Used in an AD DS forest to shorten the trust path to improve authentication times.
Forest
Transitive
One-way or Two-way
Kerberos V5 or NTLM
Created Manually. Used to share resources between AD DS forests.
External
Non-transitive
One-way
NTLM Only
Created Manually. Used to access resources in an NT 4.0 domain or a domain in another forest that does not have a forest trust established.
Realm
Transitive or non-transitive
One-way or Two-way
Kerberos V5 Only
Created Manually. Used to access resources between a non-Windows Kerberos V5 realm and an AD DS domain.

Practice

Resources

Notes and thoughts