Add Security Groups from Trusted Domain to Trusting Domain Local Groups

I needed a quick way to add domain global groups from a trusting domain to domain local groups in the trusting domain with the same name for a project I was undertaking. The trusting domain was Windows 2003 and we did not have access to any AD Powershell module in the trusting domain so the only way to do this is using DSMOD. Here is the powershell script I made and ran from the trusted domain side to quickly add the trusted groups to the domain local groups of the trusting domain. It produces a batch file you run on the trusting domain DC so that it gives you a chance to review the commands being executed.

$bat = New-Item -Path C:\legacygroupadd.bat -ItemType File -Force
Import-Module ActiveDirectory
$newgroups = Get-ADGroup -searchbase "ou=groups,ou=rs,dc=ad,dc=domain,dc=com" -Filter *
Foreach ($g in $newgroups){ 
 $legacyquery = cmd.exe /c dsquery group -name $g.Name -d legacydomain.local -u legacyndomain\mvale -p MyP@ssw0rd
 if ($legacyquery){
 $write = "dsmod group $($legacyquery) -addmbr $($g.DistinguishedName) -d legacydomain.local -u legacydomain\mvale -p MyP@ssw0rd" 
 Add-Content -Path $bat -Value $write
 }
}

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s