Requirements to allow User Accounts from another Domain to be Active Roles Administrators
In environments with multiple Active Directory Domains, it might be necessary for User accounts from other domains to be granted Active Roles Administrator access.
A two-way, transitive trust is required between the Domain hosting the Active Roles service account and the Domain hosting the User accounts which need to be Active Roles Administrators.
Review the registry key noted in this resource and ensure that this key contains the name of a Group in the format Domain\groupName
This Group must be of type Domain Local. If it is not currently this type, then it needs to be changed to this type. If the contents of the above registry key are changed, then the ActiveRoles Service needs to be restarted in order for the changes to come into effect.
Populate the above Group with members. These can be from both the local or trusted Domain.