# Trusts ## General * Relationship between two domains or forest * Trusted Domain Objects (TDOs) represent trust relationship in a domain * Types of trusts * One-way: users in trusted domain can access resources in the trusting domain * Two-way trust: users of both domains can access resources in the other domain * Transitive: If A and B trust each other and B and C trust each other, A and C also trust each other (default between domains in same forest) * Non-transitive: cannot be extended to other domains in the forest (default between two domains in different forests) * Automatic trust: created automatically when creating new subdomain (parent-child, tree-root) * Shortcut trusts: used to reduce access time in complex trust scenarios * External trusts: between two domains in different forests when forests do not have a turst relationships * Forest trusts: between forest root domains ## Get All Trusts for the Current Domain ```powershell # AD Module Get-ADTrust Get-ADTrust -Filter * | Select Source,Target,Direction # PowerView Get-NetDomainTrust ``` ## Get Trusts for Specific Domain ```powershell # AD Module Get-ADTrust -Identity test.lab.local # PowerView Get-NetDomainTrust -Domain test.lab.local ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://wiki.bufu-sec.com/active-directory/enumeration/trusts.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.