I'm trying to use the directory utility or dsconfigad to add a machine to a AD Child Domain. The account that has admin privileges is in the forest level and I've not had any luck. It seems that the utilities are not aware of domain\username or username@domain where this username has privileges to add machine to domain.
dsconfigad -a MACHINENAME -u "FOREST\USERNAME" -domain CHILD.FOREST
using windows machines, I've verified that this admin user has the correct delegations to add machines to the child domain