Domain trust is a feature in Windows Active Directory that allows users in one domain to access resources in another domain. It is a way to establish a relationship of trust between two domains, allowing users in one domain to be authenticated by the domain controller of another domain.
When a trust is established between two domains, it allows users in one domain to access resources in another domain, such as shared files or printers. This is done by creating a trust relationship between the two domains, which is used to authenticate users in one domain to the other.
A trust relationship can be created in several ways. One way is to establish a one-way trust relationship, in which one domain trusts another domain, but not vice versa. A two-way trust relationship is also possible, in which both domains trust each other.
Trust relationships are transitive in nature, meaning that if domain A trusts domain B, and domain B trusts domain C, then domain A trusts domain C. This creates a chain of trust between multiple domains.
The trust relationship is created using the Active Directory Domains and Trusts snap-in, where the administrator of one domain establishes the trust relationship with another domain. The administrator must provide the name of the other domain, as well as the username and password of an account with permissions to create the trust relationship. Once the trust relationship is established, the domains can share resources and users can be authenticated across domains.
It's important to note that trust relationships are different than forest trust, which is used to establish trust between different forests, and external trust, which is used to establish trust between a domain and a non-Windows Kerberos realm.
