A – Clarification: My answer is based on the following presumptions. Windows 2k3, AD, and trusts between domains.
In the parent domain you have a admin account you use regularly. It is monitored for changes and you review those logs – right. Make this account a member of the ‘Enterprise Administrators’. On each child domain add this account to the ‘Domain Administrators’ and you are good to go. That account is in effect the same as the local administrator on each server. Now having given the keys to the entire system to this account, Disable It! Only enable this account when needed and TURN IT OFF when finished.
The need is not unique, but the solution is very dangerous.