For years, Microsoft has stated that the forest is the security boundary in Active Directory. Many organizations have built their Active Directory trust architectures with this in mind, trusting that the compromise of one forest can not be leveraged to compromise a foreign forest. However, in late 2018 we discovered that this was not the case. By combining a legacy printer protocol "feature" with several architectural flaws in Active Directory, the compromise of one forest could be leveraged to compromise a foreign forest and all resources within it. We will deep dive into the architectural components that enable this trust violation, demonstrate a fully weaponized attack with available tools, and cover the new fundamental fix for this vulnerability Microsoft is pushing out in 2019.