1

Our company has a domain forest with two domains (domain.EMEA and domain.GLOBAL)

We previously acquired a company (domain.LOCAL) and all the workstations at this site are members of domain.LOCAL, but the users are members of domain.EMEA

There are one-way trusts from domain.LOCAL to domain.EMEA and domain.GLOBAL

I am working on migrating users from domain.EMEA to domain.GLOBAL, and to do so I need to temporarily make the users at the site administrators of their workstations.

To do this I was hoping to create a security group in domain.LOCAL, add the users from the site, and push the security group to the workstations local administrators group.

What i am finding though is that all the group policies appear to be coming from the domain to which the user is a member, even though the workstations is a member of domain.LOCAL.

Can anyone point me in the right direction to make the domain.LOCAL GPO's apply to the domain.LOCAL workstations, or alternatively suggest another way to accomplish making these users local administrators.

Note: Due to the size of the parent company, getting a group policy created and pushed in either domain.EMEA or domain.GLOBAL is extremely complicated, and can take many weeks to accomplish. Working via domain.LOCAL would be preferable...

BParker
  • 287
  • 3
  • 16

1 Answers1

1

From my understanding, I guess this is something to do with the concept titled "Loopback processing Mode " in Windows. This is clearly elaborated here. You could find a similar version here also. Let me know whether this works for you or not. It would also help me to understand this concept much better.

serverstackqns
  • 722
  • 2
  • 16
  • 39
  • OK, looks like I've got a bit of reading to do, but having given it a quick scan over, it definitely seems to be talking about what it is i am trying to accomplish! As soon as I get a chance to make some headway, I'll report back! – BParker Jan 15 '15 at 17:18