Chapter 18. Managing AD trusts
Your AD forest is a security boundary that you can use to stop unauthorized access to your environment. If your organization could exist in isolation and not have any interaction with other organizations, security would be simple. Unfortunately, that’s not the case in most organizations—potentially there are customers, suppliers, partner organizations, other parts of your organization, and companies that your organization is acquiring or with which they’re merging, all requiring access to resources in your AD environment.
The method you’ll use to control, manage, and secure this external access is creating AD trusts between your environment and the external environment. You can then control who can gain access to your environment and what they can do once they have that access.
Just as you’d only give someone a key to your front door if you trusted them, you should only allow access to your Active Directory if you trust those accessing it.
Note
Trust management is an activity that you have to perform in conjunction with the administrator of the other domain. You can create, modify, and delete trusts at your end of the link, but you need the other administrator to perform the same tasks at their end as well.