Following the setting up of a one-way Forest Trust between our domain and our associated company, I have created some universal groups and asked the other company to nest our universal groups inside universal groups in their domain so our users get access to resources on their side. They say they need an account to enable them to do this. Do I just give them an account with Account Operator privileges? Surely this will enable them to make any changes to accounts on our Domain? Do I just disable this account after they have made the changes, and then re-enable it when I wish them to make changes in the future? I want to maintain security as best as possible. Thanks.