Views:

View and understand the meaning of trust attributes applied to trusted domains in Active Directory (on-premises).

Trust attributes in Active Directory (on-premises) define the limitations of a trust relationship between domains in Active Directory (on-premises). Understanding the trust attributes for a domain can help you when trying to restrict or allow access to certain domains.
The following table lists the trust attributes available for trusted domains in the Trusted domains tab of Identity Inventory for Active Directory (on-premises).

Trust attribute
Description
NON_TRANSITIVE
Restricts trusts from being used transitively or applied between domains not directly linked
UPLEVEL_ONLY
Only permits clients using Windows 2000 or higher to use the trust link
QUARANTINED_DOMAIN
Marks the domain as quarantined and restricts trusts to established security identifier (SID) filtering rules
FOREST_TRANSITIVE
Indicates the trust relationship is a cross-forest trust between the root domains of two forests
CROSS_ORGANIZATION
Indicates the trust relationship is with a domain or forest outside of the organization
WITHIN_FOREST
Indicates the trust relationship is within the same forest
TREAT_AS_EXTERNAL
Indicates the trust relationship should be treated as an external trust in established security identifier (SID) filtering rules
USES_RC4_ENCRYPTION
Indicates the domain is running a non-Windows Kerberos distribution that uses RC4 keys for encryption
CROSS_ORGANIZATION_NO_TGT_DELEGATION
Indicates any tickets granted through the trust relationship must not be trusted for delegation purposes
CROSS_ORGANIZATION_ENABLE_TGT_DELEGATION
Indicates any tickets granted through the trust relationship must be trusted for delegation purposes
PIM_TRUST
Indicates a cross-forest trust that should be treated as a Privileged Identity Management (PIM) trust in security identifier (SID) filtering rules
DISABLE_AUTH_TARGET_VALIDATION
Indicates domain name validation during NTLM pass-through authentication is disabled