We are in the midst of migrating all of our users and machines to a new forest and domain. It will be a slow transition, so the idea is to build a two way transitive trust between the two forests (already done). Then add the enterprise admins from the new forest to the old forest's enterprise admins group. We'd like to just sign on as the new enterprise/domain admin and have it have the same permissions that the existing domain admin does. This is a simple one domain per forest set up.
I can not seem to allow members from the new forest to the old forest's groups. The "Entire Location" tree when selecting a new group member's location only shows the old domain. I am able to add the new forest members to computer's ACLs, but I'd rather just have the new forest admin log in as a member of the existing group.
The new forest is a 2008 functional level and the old is 2003.
Is this possible? what am i missing?