You can use a Group Policy "startup" script using the net localgroup
"localgroupname" "domaingroup" \add command in a batch file or use
Restricted Groups. You could make the domain global group the restricted
group and specify the localgroup in "this group is a member of" at the OU
level with a GPO configured with restricted groups and add the computers to
the OU that you want this to happen to. The link below explains more on
G. --- Steve
Restricted Groups work well, but be careful with these and test before
you deploy widely. Remember that these will completely overwrite the
local group rather than being additive.
It depends how you configure RG as there are two ways. One that does as you
describe and the other that makes sure that the RG is a member of the group
you specify in which case it will not replace membership in the local group
you specify it to me a member of. Testing and backing up first is always
good advice. --- Steve
Ask a Question
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.
