How to add the AD Group of another domain to the local administrators of the server in current domain using powershell or CMD

Question

I have an AD Group called "test users" in "domain1", this group needed to be added to the local administrator group in the servers which are in "domain2".

The same process I was doing manually by logging in to each server and then the Administrators group in lusrmgr.msc and then changing the location from domain2 to domain1 following by searching for the required group and adding it to the server.

Can anyone help me in doing the same process through powershell or cmd ? I was searching in stack overflow for multiple options but nothing have the similar scenario

Thanks in Advance!!!

Answer 1

Something like this should do it. In the example below we are adding the "test users" group from the domain ($domain), to the local administrators group on the server ($server)

$domain = "DomainName"
$server = "serverName"
$DomainGroup = [ADSI]"WinNT://$domain/test users" 

#Get Local Group object 
$LocalGroup = [ADSI]"WinNT://$Server/Administrators" 

#Assign DomainGroup to LocalGroup 
$LocalGroup.Add($DomainGroup.Path) 

Alternatively you can run the following on the server:

net localgroup "administrators" "$domain\test users" /add

Answer 2

You can try this:

$group=Get-ADGroup -Server DCdomain1 -Identity "test users" #get your group as object , parameter -server indicates to hostname of domain controller in domain1
Add-ADGroupMember -Identity 'local admins' -Members $group -Server DCdomain2 # add to local admins group in domain 2 your group from domain1.

possible with trust between domains