Setting security rights on a group from other domain

Hey everyone,

My first script!

I’ve written my own script to obtain rights on a folder or file of a specific group, and give those exact same rights to a different group.

My script:

 $directory = "C:\Testshare\"
 
 $CSVLocation = "C:\scripts\Groupscsv.csv"
  
 <#Example CSV:
    SourceGroup;TargetGroup
    *SG-Office-Kit*;SG-PROD-Kit
    *SG-Office-Poeder*;SG-PROD-Poeder
    #>
 
 $Groups = (Import-csv $CSVLocation -Delimiter ";")
 
 $FolderChilds = Get-ChildItem $directory -Recurse
 
 foreach($Group in $Groups)
    {
    $SourceGroup = $Group.SourceGroup
    $TargetGroup = $Group.TargetGroup
 
        foreach($Folder in $FolderChilds)
        {
        $FolderACL = Get-Acl -Path $Folder.FullName
              
            If ($FolderACL.AccessToString -like $SourceGroup)
            {
               $Folderacl.Access | ForEach-Object {if ($_.identityReference.value -like $Sourcegroup)
               {
               $Ar = New-Object  system.security.accesscontrol.filesystemaccessrule($TargetGroup,$_.FileSystemRights,$_.InheritanceFlags,$_.PropagationFlags,$_.AccessControlType)
               $FolderACL.SetAccessRule($Ar)
                Set-Acl -Path $Map $FolderACL
                }
                
            write-host $TargetGroup "is now a member of" $Map "with the rights:" $_.FileSystemRights   
            }
         }      
    }
 }
 
 
 
 

It works great, when you’re only working with 1 domain.
Problem is, I’m working with two domains.
We have an office domain, and we have a production domain.
Our Fileserver is in the office domain.

I need to copy the rights from the office groups to the production groups.
If I execute my script on the fileserver it says the security groups do not exist, because it looks for the groups in the office domain instead of production domain.
If I execute my script from the DC of the production domain on \\fileserver\share, it will still look for the groups on the office domain because the fileserver is member of the office domain.

Having looked for quite some time on the internet, I couldn’t find anything!
Jeffrey Snover told me to post here if I get stuck, so here goes

Do you guys have any idea how to make it change location?

If you do not get what I’m trying to explain, here’s a different explanation:
When I’m on my DC in production domain and go to a share on the fileserver in the office domain and try to add a group or user on the security tab. You see the ‘From this location:’ field. That one is set to the Office domain because the fileserver lies in the Office Domain, eventhough I’m accessing the share from the production domain. If I try to give rights through Powershell, Powershell also tries to find the gruops in the Office domain. So I’m stuck because I don’t know how to make it add a group from a different domain.