Skip to main content
Version: 3024.10

How Fusion SMB Handles Trusted and Untrusted Domains

Trusted and Untrusted Domains

Domains are either trusted or not trusted from the perspective of Fusion SMB. And whether they are trusted or not, is a configuration that is native to Active Directory. In other words, Fusion SMB supports all trust types since Fusion SMB only cares that a domain is trusted (or not). How that domain achieves trust is outside the scope of Fusion SMB.

Keeping that in mind, for any domain that is trusted, the following are supported for trusted domains:

  • Authentication for user of trusted domains
  • Append SID and name of trusted domain into the list of known trusted domains
  • Resolve SID-to-UID for users/group of trusted domains

Active Directory Trust Types and Their Properties:

Trust TypeTransitivityDirectionDescription
Parent-ChildTransitiveTwo-way (only)Automatically created when a child domain joins a forest. bidirectional trust within the same forest.
Tree-RootTransitiveTwo-way (only)Links root domains of different trees in the same forest. Enables full forest-wide trust.
Shortcut (Cross-link)TransitiveOne-way or Two-wayManually created to optimize authentication between domains in the same forest. Skips walking the trust path.
RealmConfigurableOne-way or Two-wayConnects an AD domain to a non-Windows Kerberos realm.
ForestTransitiveOne-way or Two-wayLinks two separate AD forests for cross-forest resource access. Requires DNS resolution.
ExternalNon-transitiveOne-way (default) or Two-way (rare)Connects to external domains (e.g., legacy NT domains or untrusted AD forests). Trust does not extend beyond the two domains.

Further Reading

How trust relationships work for forests in Active Directory | Microsoft Learn