asked on
How to add group to local administrators without removing the existing groups
Hello everybody,
I'm in the computer migration process using ADMT.
The migration will take place between the Forest A to Forest B.
I'm having a big problem to include a group domain B (which will be the new domain that will receive the accounts of computers) in the Local Administrator group of computers that will be migrated.
I've tried to make the process with the GPO Restricted Groups using the option This group is a member of and users and other existing groups in the Local Administrator group is removed when the GPO is applied.
I've tried using the GPO Local Users and Groups in Computers\Preferences Control Panel Settings and when I add a group domain B Administrators from the group created in domain A the Administrators group is simply removed from the group.
I'm doing something wrong?
There is another way to solve this problem?
I'm in the computer migration process using ADMT.
The migration will take place between the Forest A to Forest B.
I'm having a big problem to include a group domain B (which will be the new domain that will receive the accounts of computers) in the Local Administrator group of computers that will be migrated.
I've tried to make the process with the GPO Restricted Groups using the option This group is a member of and users and other existing groups in the Local Administrator group is removed when the GPO is applied.
I've tried using the GPO Local Users and Groups in Computers\Preferences Control Panel Settings and when I add a group domain B Administrators from the group created in domain A the Administrators group is simply removed from the group.
I'm doing something wrong?
There is another way to solve this problem?
Windows Server 2008
Last Comment
lucianolima
ASKER
Hello Emmanuel,
I have Two-way trust with Forest-Wide Authentication.
Do you have any other ideas of what can be?
I have Two-way trust with Forest-Wide Authentication.
Do you have any other ideas of what can be?
Obviously if the trust is in place i would use a PowerShell script >> https://gallery.technet.microsoft.com/scriptcenter/Add-AD-UserGroup-to-Local-fe5e9239
Also the group policy preferences should work although never tried via that method across domains, so are you adding it under preferences and setting it to update the local administrators group? and its just removing it?
Also the group policy preferences should work although never tried via that method across domains, so are you adding it under preferences and setting it to update the local administrators group? and its just removing it?
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
You will needd to Create a two-way, forest trust with forest-wide authentication.
regards