Add Security Groups from Trusted Domain to Trusting Domain Local Groups
I needed a quick way to add domain global groups from a trusting domain to domain local groups in the trusting domain with the same name for a project I was undertaking. The trusting domain was Windows 2003 and we did not have access to any AD Powershell module in the trusting domain so the only way to do this is using DSMOD. Here is the powershell script I made and ran from the trusted domain side to quickly add the trusted groups to the domain local groups of the trusting domain. It produces a batch file you run on the trusting domain DC so that it gives you a chance to review the commands being executed.
$bat = New-Item -Path C:\legacygroupadd.bat -ItemType File -Force
Import-Module ActiveDirectory
$newgroups = Get-ADGroup -searchbase "ou=groups,ou=rs,dc=ad,dc=domain,dc=com" -Filter *
Foreach ($g in $newgroups){
$legacyquery = cmd.exe /c dsquery group -name $g.Name -d legacydomain.local -u legacyndomain\mvale -p MyP@ssw0rd
if ($legacyquery){
$write = "dsmod group $($legacyquery) -addmbr $($g.DistinguishedName) -d legacydomain.local -u legacydomain\mvale -p MyP@ssw0rd"
Add-Content -Path $bat -Value $write
}
}
Mark is an Independent Microsoft Teams Consultant with over 15 years experience in Microsoft Technology. Mark is the founder of Commsverse, a dedicated Microsoft Teams conference and former MVP. You can follow him on twitter @UnifiedVale