Chapter 5 - Working with Trusts and Organizational Units

Abstract

Trust relationships essentially define the ways in which users can access network resources across domains and forests. It is observed that the user cannot access any file, folder, or printer without a trust between the domain to which a user belongs and the domain in which a resource resides. Therefore, it is important for network administrators to understand how the built-in trusts in the Active Directory (AD) network function and how to create explicit trusts in order to provide access among domains. This chapter addresses two important components of Active Directory—namely, trust relationships and organizational units (OUs). It discusses the different types of trusts that exist in the Active Directory environment and explains how to create shortcut, external, realm, and cross-forest trusts. The chapter also explores how to verify and remove trusts and how to secure trusts using security identifiers (SID) filtering. Furthermore, the chapter discusses the creation and management of OUs, how to apply group policy to OUs, and how to delegate control of an OU.