We can easily manage the user and group accounts in a single domain. However, if we have multiple domain, we may need an effective method to manage the accounts. This article will introduce some methods to achieve this.
Test Environment:
Domain1: Root Domain: test.server.com DC: Windows server 2012 Test Group1: newtest1
Domain2: Child Domain: BICHSO.test.server.com DC: Windows server 2012 R2 Test Group2: test002
Domain3: Child Domain: VM4.test.server.com DC: Windows server 2008 R2 Test Group3: vm4test
Method 1: Use AD cmdlet with the “–server” parameter and credential like Remove-ADGroupMember –server –credential
Example1: Add and Remove the user in domain 2 to the group in domain 1
Figure 1: Add and Remove the user in domain 2 to the group in domain 1
The Powershell script in the screenshot listed as below:
$g = Get-ADGroup newtest1 –Server test.server.com
Add-ADGroupMember $g –Members $u –Server test.server.com –Credential TEST\Administrator
Get-ADGroup newtest1 –Properties * -Server test.server.com | select members
Remove-ADGroupMember $g –Members $u –Server test.server.com –Credential TEST\Administrator
Get-ADGroup newtest1 –Properties * -Server test.server.com | select members
Please Note:
This method works on Windows Server 2012 and later, however, you will receive the powershell script error when use the cmdlet “Remove-ADGroupMember” On Windows Server 2008 R2 like:
“Remove-ADGroupMember: The specified account name is not a member of the group.”
In this case, you can use the ADSI introduced in method2.