How Fusion SMB Handles Trusted and Untrusted Domains
Trusted and Untrusted Domains
Domains are either trusted or not trusted from the perspective of Fusion SMB. And whether they are trusted or not, is a configuration that is native to Active Directory. In other words, Fusion SMB supports all trust types since Fusion SMB only cares that a domain is trusted (or not). How that domain achieves trust is outside the scope of Fusion SMB.
Keeping that in mind, for any domain that is trusted, the following are supported for trusted domains:
- Authentication for user of trusted domains
- Append SID and name of trusted domain into the list of known trusted domains
- Resolve SID-to-UID for users/group of trusted domains
Active Directory Trust Types and Their Properties:
| Trust Type | Transitivity | Direction | Description |
|---|---|---|---|
| Parent-Child | Transitive | Two-way (only) | Automatically created when a child domain joins a forest. bidirectional trust within the same forest. |
| Tree-Root | Transitive | Two-way (only) | Links root domains of different trees in the same forest. Enables full forest-wide trust. |
| Shortcut (Cross-link) | Transitive | One-way or Two-way | Manually created to optimize authentication between domains in the same forest. Skips walking the trust path. |
| Realm | Configurable | One-way or Two-way | Connects an AD domain to a non-Windows Kerberos realm. |
| Forest | Transitive | One-way or Two-way | Links two separate AD forests for cross-forest resource access. Requires DNS resolution. |
| External | Non-transitive | One-way (default) or Two-way (rare) | Connects to external domains (e.g., legacy NT domains or untrusted AD forests). Trust does not extend beyond the two domains. |
Further Reading
How trust relationships work for forests in Active Directory | Microsoft Learn