How to create AD group in multiple domains

Let's say I'm a domain Admin from domain A and domain A have a trust wit domain B, C and D. So I need to create a group with my domain A credential for domain B, C and D.
How can I do it ?
Steve BonaInformation Technology SpecialistAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Alex Green3rd Line Server SupportCommented:
drop it in your forest root and make it universal.
0
Alex Green3rd Line Server SupportCommented:
actually, the more i read the question the less it makes sense, are you trying to create a group or are you wanting domain admin rights across all domains?
0
ITguy565Commented:
@Alex,

I was just thinking the same thing.. @steve, Please Clarify this question as in its current context it creates confusion.
0
Do You Have a Trusted Wireless Environment?

A Trusted Wireless Environment is a framework for building a complete Wi-Fi network that is fast, easy to manage, and secure.

Shaun VermaakTechnical Specialist/DeveloperCommented:
Same forest? Use Enterprise Admins group
0
Alex Green3rd Line Server SupportCommented:
I was thinking that, but he's not being very clear on his issue.
0
Steve BonaInformation Technology SpecialistAuthor Commented:
Sorry maybe it wasn'nt clear enough..
All 4 domains A,B,C and D have a trust. My domain admin account just belong to domain A, so i need to create a same DL (Domain Local) group on each other domain, which will have a delegation on particular OU's User to change the password. I don't need to connect every time on each domain to create that same group. That's why i need to make a script from domain A that will go on each target domain and create the group name: "DL-ADM-CSI" for me. Let's say in real i have more than 5 domains all have a trust.
I hope it's clear enough to help me .
0
Shaun VermaakTechnical Specialist/DeveloperCommented:
Are they in the same forest?
0
Steve BonaInformation Technology SpecialistAuthor Commented:
No they are in different Forest but all have a trust forest
0
Dustin SaundersDirector of OperationsCommented:
You shouldn't need to create container groups in the target domain--

Wherever you need to add permissions, so long as the trust has been established, on the security tab hit 'Locations' and then choose the trusted domain.  Depending on the direction of the trust, authenticate with permission to contact the domain controller and you can add objects from the trusted domain.

CrossTrustPermissions.png
If you are going to do container groups, the group does have to be local.
0
Steve BonaInformation Technology SpecialistAuthor Commented:
I don't want to create a container Group, i just want to create a group on each domain from my domain A, instead of connecting localy on each domain and create a group since my domain admin account from domain A have the permission to create objet on the target domains.
0
Dustin SaundersDirector of OperationsCommented:
The powershell for that is pretty simple, though unless you're doing bulk operations it might be easier to just open the multiple domains in AD Users & Computers.

$groupName = "EXAMPLE"
$domains = "DOMAINA.SOMETHING.COM","DOMAINB.SOMETHING.COM","DOMAINC.SOMETHING.COM"

foreach ($domain in $domains)
{
    New-ADGroup -Server $domain -GroupCategory Security -GroupScope DomainLocal -SamAccountName $groupName -Name $groupName
}

Open in new window


Will create group named EXAMPLE on each domain specified.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Dustin SaundersDirector of OperationsCommented:
That's creating a container group for Domain A accounts, though.  You don't need to duplicate those efforts for most things though, unless you're doing a lot of nesting, as you can just give you DOMAINA groups permissions directly on objects in DOMAINB, C, D....

Here in Domain B I'm just using Locations to add Domain A objects direct permissions.

CrossTrustPermissions2.png
0
Steve BonaInformation Technology SpecialistAuthor Commented:
Thanks you that's work for me !!!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Powershell

From novice to tech pro — start learning today.