6.1.6.8 Essential Attributes of Interdomain Trust Accounts

  • Article

TDOs contain all the information regarding trusts. Trusts that have the trustDirection attribute equal to TRUST_DIRECTION_INBOUND or TRUST_DIRECTION_BIDIRECTIONAL, however, also have associated user accounts called interdomain trust accounts within the default container for users defined in section 6.1.1.4.6. The TDO O1 and the interdomain trust account object O2 for the same trust are associated through the partner domain's NetBIOS name, used to form the following values: the flatName attribute of O1 and the sAMAccountName attribute of O2. Given the partner domain's NetBIOS <NetBIOS Name>, O1!flatName=<NetBIOS Name> and O2!samAccountName=<NetBIOS Name>$.

The following table lists the attributes that MUST be set in an interdomain trust account.

Attribute name

Reference

cn (RDN)

[MS-ADA1]

objectClass

[MS-ADA3]

sAMAccountName

[MS-ADA3]

sAMAccountType

[MS-ADA3]

userAccountControl

[MS-ADA3]