Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How to add domain admin user of different domains to domain admin groups between two different trusted domains

Posted on 2015-01-09
8
Medium Priority
?
4,640 Views
Last Modified: 2015-01-10
Hello everyone,

I am trying to add a domain admin of domain 1 to a domain admins group of domain 2. I delegated control of Active directory of domain 1 and 2 to eachother's administrator users but when I try to add domain admin to admin admin groups of domain 2 I am unable to find the domain 2 listed under Locations.
domain-admins.jpg
0
Comment
Question by:Mohammed Hamada
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +1
8 Comments
 
LVL 3

Expert Comment

by:Bahloul
ID: 40540176
0
 
LVL 16

Accepted Solution

by:
Joshua Grantom earned 1000 total points
ID: 40540244
You cannot add users from another domain to Domain Admins because it is a domain local group and you cannot change it to a Universal group.

What you may be able to do is create a new universal security group, and delegate Domain Admin rights to that group with the delegation wizard.

OR

To allow admins to manage both domains, you usually have to add them to the Enterprise Admins group.

Enterprise Admins allow cross-forest and cross-domain management.
0
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 1000 total points
ID: 40540377
What have been said is correct. You cannot add directly to the domain admins group in another domain due to be Domain Local Group. You can however like Joshua already state is add the users from the first domain into a group in the second domain. The difference here is I would not create a Universal Group because this will then be replicated forest wide using Global Catalog which will increase replication.

I personally would use a Global Group because it is more controlled as well because you can only add users and not groups. Having Universal is nice but can be dangerous if you added an entire group to a Domain Admin enabled security group.

Will.
0
Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

 
LVL 24

Author Comment

by:Mohammed Hamada
ID: 40540881
Would that allow me to  add both DCs to failover cluster ? I have FTP server setup on both DCs and I created a forest trust between them both and validated trust.

When I try to add both server to the cluster it doesn't work and says I don't have administrative rights for the second DC.
0
 
LVL 16

Expert Comment

by:Joshua Grantom
ID: 40540900
if you use an account that is in the enterprise admins group, you should have access to both DC's.

Domain Admins only have administrative rights to their specific domain.
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40540904
Forest trust allow you to access resources and manage other domains. You cannot use clustering across different forests. Also I would NOT be installing an FTP server on your DC big security risk. Another thing is a DC has more restrictive security anyways which will also cause issues with your FTP server is setup to share specific directories.

Will.
0
 
LVL 3

Expert Comment

by:Bahloul
ID: 40540931
FTP by default is not secure otherwise you may use ftps / ssl that will increase the security also don't use it on the default port and make it on another server not DC.
0
 
LVL 24

Author Comment

by:Mohammed Hamada
ID: 40541889
This is just a lab, it's not going to go further than local lan! Thank you all for your comments.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
Here's a look at newsworthy articles and community happenings during the last month.
In this Micro Tutorial viewers will learn how to restore their server from Bare Metal Backup image created with Windows Server Backup feature. As an example Windows 2012R2 is used.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

664 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question