I found this code. static void rescan_forest_trusts( void ) /* The only transitive trusts supported by Windows 2003 AD are (a) Parent-Child, (b) Tree-Root, and (c) Forest. The first two are handled in forest and listed by DsEnumerateDomainTrusts(). Forest trusts are not so we have to do that ourselves. What I feel: 1. We should update the code comments for with "Windows 2016" trust support, If supported. 2. Or we should make this as generic statement.