Make a user from one domain a member of Domain Admins of another domain

windows active-directory

You can't do what you're asking. Users from one domain can be added to the "Builtin\Administrators" group of another domain, which will allow them to manage all Domain Controllers in that domain, but this isn't the same as giving them Domain Admin, which provides implicit admin rights on all members of the domain.

This is typically accomplished in one of two ways:

  1. Each admin has one Domain Admin account per domain that they must manage.

  2. Their admin account from their "home" domain is added to the Builtin\Administrators group and is made a local admin on all domain members via GPO restricted groups of GPP group preferences.

As you've said, global groups can only contain security principals from their own domain and the Domain Admin's group scope cannot be altered.

To address your edits - they will have similar permissions to the Domain Admins group at that point.

Related

/var/log/httpd/access_log no longer being written
ping -a sometimes returns host name and sometimes returns FQDN. Why? Does this mean DNS is corrupt somehow?
How to debug sporadic outbound connection timeouts?
Cannot remote desktop into a non-domain joined workgroup Windows Hyper-V Server 2012R2 [closed]
Nginx custom internal error page when upstream is down
Automation in Windows Instances on Amazon EC2
Is a gradual migration from a workgroup to a domain possible?
What will happen if a PoE powered patch cable is plugged into a normal RJ-45 plug?
IIS 7.5 inconsistently Gzips files (with PHP & ASP.NET)
Apache virtual host - one site, two IP addresses [closed]
Why my nginx server receives requests targeting ads.yahoo.com?
What does "single-bit ECC errors were detected on the RAID controller" mean?