Adding remote Domain Admins to local Administrators with GPO

Discussion in 'Active Directory' started by Mirco Wilhelm, Jun 28, 2007.

  1. Hi,

    this is my scenario:

    I want to move computer accounts from one AD domain to another using ADMT 3.0.

    To do this I only need to add the Account ADMT is running on to the local
    Administrators group of every computer in the source domain.

    So I added the Restricted Group (Target\Domain Admins is member of
    Builtin\Administrators) to the Default Domain Policy of the source domain.

    According to hte GPMC Policy Results Wizard this is applied to the
    computers. But the entry is missing from the Administrators member list.

    I took a look at the netlogon.log and it states:
    "No system mapping was found for Target\Domain Admins"

    This is odd, because I can add the Domain Admins group manually and I can do
    remote task from the target domain in the source domain, as long as I don't
    need lokal administrator privileges.

    The target domain currently hold a copy of the source DNS zone and the
    source has a copy of the target zone.

    As soon as I add the Domain Admins group manually the ADMT Agent will run
    successfuly.


    Where is my problem with the system mapping coming from?
     
    Mirco Wilhelm, Jun 28, 2007
    #1
    1. Advertisements

  2. Mirco Wilhelm

    Jorge Silva Guest

    Hi
    Did you already tried the same but to a different security group?
    --
    I hope that the information above helps you.
    Have a Nice day.

    Jorge Silva
    MCSE, MVP Directory Services
     
    Jorge Silva, Jun 28, 2007
    #2
    1. Advertisements

  3. Well, I managed to get rid of the netlogon error by creating a new GPO for
    the restricted Groups instead of using an existing GPO.

    I found out that the computer doesn't apply any changes to the group
    policies in the old domain so I put one test system into the new domain
    manually to find that again none of the settings in my GPOs where applied to
    the system.

    ciao Mirco
     
    Mirco Wilhelm, Jun 28, 2007
    #3
  4. Mirco Wilhelm

    Jorge Silva Guest

    if GPO isn't applying you need to check why, search for errors and
    Configurations, DNS, etc...

    --
    I hope that the information above helps you.
    Have a Nice day.

    Jorge Silva
    MCSE, MVP Directory Services
     
    Jorge Silva, Jun 28, 2007
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.