Description Fields in 4716

Subject:

The ID and logon session of the user that excercised modified the trust.

• Security ID:  The SID of the account.
• Account Name: The account logon name.
• Account Domain: The domain or - in the case of local accounts - computer name.
• Logon ID is a semi-unique (unique between reboots) number that identifies the logon session.  Logon ID allows you to correlate backwards to the logon event (4624) as well as with other events logged during the same logon session.

Trusted Domain:

The other domain in this trust relationship which despite the word "Trusted" may be a trusting or trusted domain or both.  See Trust Information.

• Domain Name: the DNS name of the domain
• Domain ID: the pre-Win2k (NetBIOS) name of the domain

New Trust Information:

All the information that defines the type of trust after this change, whether it is one way or mutual, transitivity, etc.

• Trust Type:  

  1	TRUST_TYPE_DOWNLEVEL	The other domain is pre-Win2k (NTLM only supported)
  2	TRUST_TYPE_UPLEVEL	The other domain is Win2k or later (Windows Kerberos supported)
  3	TRUST_TYPE_MIT	Other domain is actually an MIT Kerberos Realm (probably UNIX)
  4	TRUST_TYPE_DCE	The trusted domain is a DCE realm

• Trust Direction:

  Disabled	0x0
  Inbound	0x1
  Outbound	0x2
  Bidirectional	0x3

• Trust Attributes: A bitwise value compromised of any of the following
  • TRUST_ATTRIBUTE_NON_TRANSITIVE 1
  • TRUST_ATTRIBUTE_UPLEVEL_ONLY 2
  • TRUST_ATTRIBUTE_FILTER_SIDS 4
  • TRUST_ATTRIBUTE_FOREST_TRANSITIVE 8
• SID Filtering:  Enabled (always enabled for domains within the same forest).  http://technet2.microsoft.com/windowsserver/en/library/01e5cf71-b317-4967-82a2-75b7b632b7461033.mspx?mfr=true