HackNotes

Appearance

Trusts ​

Trusts in Active Directory define relationships between domains and forests, allowing users in one domain to access resources in another. Enumerating trusts can help identify potential attack paths and lateral movement opportunities.

Trust Direction ​

Trusts can be one-way or two-way. In a one-way trust, one domain trusts another, but the reverse is not true. In a two-way trust, both domains trust each other.

One-way trustOne-way trust: Users in the trusted domain can access resources in the trusting domain.

Two-way trustTwo-way trust: Users of both domains can access resources in the other domain.

Transitivity ​

Trusts can be transitive or non-transitive. In a transitive trust, if Domain A trusts Domain B and Domain B trusts Domain C, then Domain A trusts Domain C. In a non-transitive trust, the trust relationship is limited to the two domains involved.

TransitivityTransitive trust: Trust relationships are passed on to other domains.

Default Trusts ​

By default, Active Directory creates the following trust relationships:

  • Parent-Child Trust: When a new child domain is created, a two-way transitive trust is established between the parent and child domains. For example, if us.example.local is the child domain of example.local, a trust relationship is created between them.
  • Tree Root Trust: When multiple child domains are created under a parent domain, a two-way transitive trust is established between the root domain and the child domains.
Default TrustsDefault trust relationships in Active Directory

External Trusts ​

An external trust is a trust relationship between two domains in different forests. External trusts can be one-way or two-way and is non-transitive by default.

External TrustExternal trust relationship between two domains in different forests

Forest Trusts ​

A forest trust is a trust relationship between root domains of two different forests. Forest trusts can be one-way or two-way and are transitive by default.

Forest TrustForest trust relationship between two forests

Trust Enumeration ​

Get a list of all domain trusts ​

Retrieve a list of all domain trusts for the current domain:

powershell
Get-DomainTrust
Get-DomainTrust –Domain example.local
powershell
Get-ADTrust
Get-ADTrust –Identity example.local