?
Solved

Setting 2008 Domain Policy

Posted on 2008-10-21
10
Medium Priority
?
340 Views
Last Modified: 2012-05-05
Hi, we currently have 3 DC's, all using win 2008 Server.  With Win 2000 Server, when we set a domain policy on one DC, the other two would pick it up.  When we try this with the 2008 DC's, the other two DC's don't pick it up.  My question is, how do we set a domain policy on one DC, and have it used by the other two?

Thanks
0
Comment
Question by:crobotti
  • 5
  • 4
10 Comments
 
LVL 58

Expert Comment

by:tigermatt
ID: 22770645

If all the DCs are member of the same domain then they should replicate in due course and the setting will be visible in Group Policy Management on the other DCs after a while.

If the DCs are in the same site, the default settings mean replication should be almost instantaneous, although this may not be the case.

-tigermatt
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 22770662

Sorry, just to clarify my above post, any changes to Active Directory (Group Policy, User Accounts, Computer Accounts etc.) should automatically replicate to the other Domain Controllers in the domain after a while, but it all depends on the configured replication topology for the network. If the DCs are not members of the same domain, then they have completely separate Active Directory domains and therefore Group Policy will not be the same between them; if they are members of the same domain, you may have to wait a while for replication to take place.

-tigermatt
0
 
LVL 31

Expert Comment

by:Henrik Johansson
ID: 22772207
As stated, this shall work automatically. Check with AD Sites and Services that replication links are configured correctly.

Is replication working when modifying users?
Firewall/DNS/routing issue?
Anything in eventlogs?
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 

Author Comment

by:crobotti
ID: 22778229
Maybe I mistated my question.  In Win 2000 AD, when we wanted to change a domain policy, we would right click the domain name in AD Users and Computers, select Properties, and from the Policy tab, we would change the domain policies.  In Win 2008 AD, this option is not available as a right click.  My question is, where to change the Policies that affect the whole domain, is it by running gpedit from a DC (which may take a while to propagate), or would that only change the Policies local to that DC?

User replication has no issues, same with firewall/DNS/routing.  Also, all DC's are located in the same building, in two different subnets.  But as above, routing isn't an issue.

Sorry for not stating this better for you all, bit I greatly appreciate the help
0
 
LVL 58

Accepted Solution

by:
tigermatt earned 2000 total points
ID: 22779048

Ah, I understand you now! There's a much better tool out there which overwrites the right-click > Group Policy option known as Group Policy Management, which essentially enables you to see where all policies are linked across the domain in much more detail. This is installed by default on Server 2008 and is the tool to use when you are making GPO changes. Access it from Start > (Control Panel >) Administrative Tools > Group Policy Management.

-tigermatt
0
 

Author Comment

by:crobotti
ID: 22780182
I don't see it listed.  This DC was originally Win 2000 Server upgraded to Win 2008 Server with the quick stop at Win 2003 Server.  Maybe I'll need to install it?  If so, any ideas on that?

Thanks
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 22780298

Just to check, you are looking in the same place I am looking, and you see Services, Active Directory icons etc. in there?
0
 

Author Closing Comment

by:crobotti
ID: 31508420
It wasn't installed by default, this may be because we upgraded from Win 2000 Server.  But by clicking on Start\Administrative Tools\Server Manager, we were able to add it thru Features. Thanks for all your help on this
0
 

Author Comment

by:crobotti
ID: 22780456
It wasn't installed by default, this may be because we upgraded from Win 2000 Server. But by clicking on Start\Administrative Tools\Server Manager, we were able to add it thru Features.
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 22780488
That was going to be my next port of call :)

Glad it sorted it, and you can now Group Policy-away!
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Understanding the various editions available is vital when you decide to purchase Windows Server 2012. You need to have a basic understanding of the features and limitations in each edition in order to make a well-informed decision that best suits …
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

569 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question