We are migrating server data to new hardware and the new server is in a different domain (Domain2), which is the forest root of the domain where the server currently resides (Domain1). We are using robocopy which is working well except that, once some folders are copied, the user doing the copy no longer has permissions to make changes as we must copy all security with the files and folders. The folders which lose the permissions have access for Domain Admins from Domain1 so the administrator from Domain2 no longer has rights. What we really need to do is allow the user doing the copy to belong to the Domain Admin groups in both domains as this group has full permissions at each server (for each domain). When I try to add a user or group from one domain into the domain admins group in the other domain, I do not have the option of adding any users or groups, only contacts. There is definitely a 2-way trust between the domains but I assume it's just because of the type of group which Domain Admins is ? Is there a way round this by maybe creating new groups at each side and adding those to Domain Admins etc ? Thanks

Create a Universal group, add Domain Admins from both domains to the Universal group, assign permissions for the Universal group on the data in question. Paul Adare CTO IdentIT Inc. ILM MVP

Hi Thanks for your response. I really want/need to do this without changing any permissions on the data. Domain Admins appears to have full permissions on most of the data I have checked on the source server/domain. That's why I was hoping there was some way of just getting the admin user added to the destination Domain Admins group. Thanks

Domain Admins is a global group. Global groups can include other groups and accounts only from the domain in which the group is defined. You're going to have to rethink your approach here.Paul Adare CTO IdentIT Inc. ILM MVP

OK - thanks