Introduction

Trust relationships define the ways in which users can access network resources across domains and forests. Without a trust between the domain to which a user belongs and the domain in which a resource resides, the user won t be able to access that file, folder, printer, or other resource. Hence, it is important for network administrators to understand how the built-in (implicit) trusts in the Active Directory network function, and how to create explicit trusts to provide access (or faster access) between domains.

Organizational units (OUs) are container objects within the directory structure that can be used, as the name implies, to organize resources, including (but not limited to) users, groups, and computers. Group policies can be applied to OUs, and administration of an OU can be delegated, making it easy to perform tasks that need to apply to only select objects.

This chapter addresses these two important components of Active Directory: trust relationships and OUs. You ll learn about the different types of trusts that exist in the Active Directory environment, both implicit and explicit, and you ll learn to create shortcut, external, realm, and cross-forest trusts. You ll also learn to verify and remove trusts, and how to secure trusts using SID filtering.

Next, we discuss the creation and management of OUs and you learn to apply group policy to OUs and how to delegate control of an OU. We show you how to plan an OU structure and strategy for your organization, considering delegation requirements and the security group...