In an AD environment, trust is a relationship between two domains or forests which allows users of one domain or forest to access resources in the other domain or forest.
So the trust configuration then allows the permissions to be applied through ACL. So between different domains or forests, it is the combination of Trust + ACM that allows the correct access of resources.
Trust can be:
The object created after the trust relationship establishment is called Trusted Domain Objects (TDOs), is stored in Active Directory so that the information can be retrieved when required
<aside> ⚠️ The trust, as mentioned before, allows users of the Trusted Domain to access resources in the Trusting Domain, provided that the necessary ACLs are configured.
</aside>
A transitive trust is one in which the trust relationship that is extended to one domain is automatically extended to all other domains that trust that domain
Transitive: Can be extended to establish trust relationships with other domains. All the default intra-forest trust relationships (Tree-root, ParentChild) between domains within a same forest are transitive two-way trusts. Domains in same forest have an implicit two-way trust with other domains. There is a trust key between the parent and child domains.
Non Transitive: Cannot be extended to other domains in the forest. Can be two-way or one-way.
This is the default trust (called external trust) between two domains in different forests when forests do not have a trust relationship
Parent-child trust: It is created automatically between the new domain and the domain that precedes it in the namespace hierarchy, whenever a new domain is added in a tree. For example, prod.cybercorp.lab is a child of cybercorp.lab, in this case the trust is automatically two-way transitive.
