45 DBs * 16 groups/Domain/DB = 720 logins.

Each login maps to a DB user, which is a member of a db role.

The roles already exist, as do the DB users for the logins from DomainA.

I was hoping to be able to link the logins from DomainB to those existing DB users, which would save me 2 steps: creating DB users for DomainB groups, and linking those new DB users to their roles.

As I said, it's not so bad: I was able to automate it in the end.

And as long as I don't have to manage the groups' members, I'm happy.