What level of support is there for supporting multiple active directory domains that have trust relationships established with each other (either one/two/external/forest).

If I have an environment with DomA <> DomB, it would currently appear that I would need to create two separate SSSD domains in my .conf file, one for each domain as well as create a computer account in each domain and associated keytab entries on the local host.  In effect, the machine would be "joined" to two domains at once.

Would this work?  Is there another way where one can be joined only to a single domain and still authenticated trusted users?

The only documentation I can find regarding AD and trusts involves IPA trusted domains.

Thank you.