"Note that the Active Directory domain is not the security boundary; the AD forest is." - Sean Metcalf (ref)
nltest
and .NET:child.megacorp.local
);DC01$
, 31337
);S-1-5-21-4266912945-3985045794-2943778634
);S-1-5-21-2284550090-1208917427-1204316795
);00ff00ff00ff00ff00ff00ff00ff00ff
);megacorp.local
):EnableTGTDelegation
is enabled for the trusted forest:netdom trust b.net /d:a.net /enablesidhistory:yes
) then the forest trust is treated as external.