Solved

How to add domain admin user of different domains to domain admin groups between two different trusted domains

Posted on 2015-01-09
8
4,169 Views
Last Modified: 2015-01-10
Hello everyone,

I am trying to add a domain admin of domain 1 to a domain admins group of domain 2. I delegated control of Active directory of domain 1 and 2 to eachother's administrator users but when I try to add domain admin to admin admin groups of domain 2 I am unable to find the domain 2 listed under Locations.
domain-admins.jpg
0
Comment
Question by:Mohammed Hamada
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +1
8 Comments
 
LVL 3

Expert Comment

by:Bahloul
ID: 40540176
0
 
LVL 16

Accepted Solution

by:
Joshua Grantom earned 250 total points
ID: 40540244
You cannot add users from another domain to Domain Admins because it is a domain local group and you cannot change it to a Universal group.

What you may be able to do is create a new universal security group, and delegate Domain Admin rights to that group with the delegation wizard.

OR

To allow admins to manage both domains, you usually have to add them to the Enterprise Admins group.

Enterprise Admins allow cross-forest and cross-domain management.
0
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 250 total points
ID: 40540377
What have been said is correct. You cannot add directly to the domain admins group in another domain due to be Domain Local Group. You can however like Joshua already state is add the users from the first domain into a group in the second domain. The difference here is I would not create a Universal Group because this will then be replicated forest wide using Global Catalog which will increase replication.

I personally would use a Global Group because it is more controlled as well because you can only add users and not groups. Having Universal is nice but can be dangerous if you added an entire group to a Domain Admin enabled security group.

Will.
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
LVL 24

Author Comment

by:Mohammed Hamada
ID: 40540881
Would that allow me to  add both DCs to failover cluster ? I have FTP server setup on both DCs and I created a forest trust between them both and validated trust.

When I try to add both server to the cluster it doesn't work and says I don't have administrative rights for the second DC.
0
 
LVL 16

Expert Comment

by:Joshua Grantom
ID: 40540900
if you use an account that is in the enterprise admins group, you should have access to both DC's.

Domain Admins only have administrative rights to their specific domain.
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40540904
Forest trust allow you to access resources and manage other domains. You cannot use clustering across different forests. Also I would NOT be installing an FTP server on your DC big security risk. Another thing is a DC has more restrictive security anyways which will also cause issues with your FTP server is setup to share specific directories.

Will.
0
 
LVL 3

Expert Comment

by:Bahloul
ID: 40540931
FTP by default is not secure otherwise you may use ftps / ssl that will increase the security also don't use it on the default port and make it on another server not DC.
0
 
LVL 24

Author Comment

by:Mohammed Hamada
ID: 40541889
This is just a lab, it's not going to go further than local lan! Thank you all for your comments.
0

Featured Post

10 Questions to Ask when Buying Backup Software

Choosing the right backup solution for your organization can be a daunting task. To make the selection process easier, ask solution providers these 10 key questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question