Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

How to add group to local administrators without removing the existing groups

Posted on 2014-12-18
4
Medium Priority
?
215 Views
Last Modified: 2014-12-24
Hello everybody,

I'm in the computer migration process using ADMT.

The migration will take place between the Forest A to Forest B.

I'm having a big problem to include a group domain B (which will be the new domain that will receive the accounts of computers) in the Local Administrator group of computers that will be migrated.

I've tried to make the process with the GPO Restricted Groups using the option This group is a member of and users and other existing groups in the Local Administrator group is removed when the GPO is applied.

I've tried using the GPO Local Users and Groups in Computers\Preferences Control Panel Settings and when I add a group domain B Administrators from the group created in domain A the Administrators group is simply removed from the group.

I'm doing something wrong?

There is another way to solve this problem?
0
Comment
Question by:lucianolima
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 18

Expert Comment

by:Emmanuel Adebayo
ID: 40506871
What level of authetication did you have between the two forest?

You will needd to Create a two-way, forest trust with forest-wide authentication.

regards
0
 
LVL 1

Author Comment

by:lucianolima
ID: 40506902
Hello Emmanuel,

I have Two-way trust with Forest-Wide Authentication.

Do you have any other ideas of what can be?
0
 

Expert Comment

by:Yusaf (Joe) Sneddon
ID: 40506911
Obviously if the trust is in place i would use a PowerShell script >> https://gallery.technet.microsoft.com/scriptcenter/Add-AD-UserGroup-to-Local-fe5e9239

Also the group policy preferences should work although never tried via that method across domains, so are you adding it under preferences and setting it to update the local administrators group? and its just removing it?
0
 
LVL 1

Accepted Solution

by:
lucianolima earned 0 total points
ID: 40509754
Hello everybody,

I solved the problem as follows:

I created a GPO and added a traditional .bat script in the Logon Script in User Configuration\Policies\Windows Settings\Scripts (Logon \ Logoff) the following command:

net localgroup "administrators" "domainname\domain admins" / add
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question