You have two options.
You could place the following command in a logon script -> "net localgroup
administrators OLDDOMAIN\User1 /add > NUL" watch the wrap and without the
Or you could use restricted groups in AD.
Start Active Directory Users and Computers from any domain controller.
Create an organizational unit, and then move all of the appropriate
workstations and member servers to that organizational unit. Create a global
group in that organizational unit, and then add the appropriate users to
IMPORTANT: Complete the remaining steps from a Windows 2003-based member
server or a Windows 2000/XP Professional-based workstation with the Adminpak
Start Active Directory Users and Computers, right-click the organizational
unit, and then click Properties.
Click the Group Policy tab, click NEW, and then name the policy.
Click the policy, and then click Edit.
Right-click Restricted Groups (under Computer Configuration\Windows
Settings\Security Settings\Restricted Groups), and then click Add Group.
Click Browse. Focused on the local computer, click the group to which you
want your global group to be a member (in this case, the "Administrators"
group), click ADD, and then click OK. You are returned to the group policy
and you see the administrators group listed in the Restricted Groups window.
Right-click the group, and then click Security.
To the right side of the Members of this Group box, click ADD, and then
Locate the group in the organizational unit that you want to place in the
administrators group, and then add it the group. After you do so, close the
At a command prompt, type gpupdate /force, and then press ENTER.
"Michelle Wilson" <mawi...@usna.edu> skrev i en meddelelse