Link to home
Start Free TrialLog in
Avatar of lucianolima
lucianolima

asked on

How to add group to local administrators without removing the existing groups

Hello everybody,

I'm in the computer migration process using ADMT.

The migration will take place between the Forest A to Forest B.

I'm having a big problem to include a group domain B (which will be the new domain that will receive the accounts of computers) in the Local Administrator group of computers that will be migrated.

I've tried to make the process with the GPO Restricted Groups using the option This group is a member of and users and other existing groups in the Local Administrator group is removed when the GPO is applied.

I've tried using the GPO Local Users and Groups in Computers\Preferences Control Panel Settings and when I add a group domain B Administrators from the group created in domain A the Administrators group is simply removed from the group.

I'm doing something wrong?

There is another way to solve this problem?
Avatar of Emmanuel Adebayo
Emmanuel Adebayo
Flag of United Kingdom of Great Britain and Northern Ireland image

What level of authetication did you have between the two forest?

You will needd to Create a two-way, forest trust with forest-wide authentication.

regards
Avatar of lucianolima
lucianolima

ASKER

Hello Emmanuel,

I have Two-way trust with Forest-Wide Authentication.

Do you have any other ideas of what can be?
Obviously if the trust is in place i would use a PowerShell script >> https://gallery.technet.microsoft.com/scriptcenter/Add-AD-UserGroup-to-Local-fe5e9239

Also the group policy preferences should work although never tried via that method across domains, so are you adding it under preferences and setting it to update the local administrators group? and its just removing it?
ASKER CERTIFIED SOLUTION
Avatar of lucianolima
lucianolima

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial