Solved

Setting 2008 Domain Policy

Posted on 2008-10-21
10
337 Views
Last Modified: 2012-05-05
Hi, we currently have 3 DC's, all using win 2008 Server.  With Win 2000 Server, when we set a domain policy on one DC, the other two would pick it up.  When we try this with the 2008 DC's, the other two DC's don't pick it up.  My question is, how do we set a domain policy on one DC, and have it used by the other two?

Thanks
0
Comment
Question by:crobotti
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
10 Comments
 
LVL 58

Expert Comment

by:tigermatt
ID: 22770645

If all the DCs are member of the same domain then they should replicate in due course and the setting will be visible in Group Policy Management on the other DCs after a while.

If the DCs are in the same site, the default settings mean replication should be almost instantaneous, although this may not be the case.

-tigermatt
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 22770662

Sorry, just to clarify my above post, any changes to Active Directory (Group Policy, User Accounts, Computer Accounts etc.) should automatically replicate to the other Domain Controllers in the domain after a while, but it all depends on the configured replication topology for the network. If the DCs are not members of the same domain, then they have completely separate Active Directory domains and therefore Group Policy will not be the same between them; if they are members of the same domain, you may have to wait a while for replication to take place.

-tigermatt
0
 
LVL 31

Expert Comment

by:Henrik Johansson
ID: 22772207
As stated, this shall work automatically. Check with AD Sites and Services that replication links are configured correctly.

Is replication working when modifying users?
Firewall/DNS/routing issue?
Anything in eventlogs?
0
The Ultimate Checklist to Optimize Your Website

Websites are getting bigger and complicated by the day. Video, images, custom fonts are all great for showcasing your product/service. But the price to pay in terms of reduced page load times and ultimately, decreased sales, can lead to some difficult decisions about what to cut.

 

Author Comment

by:crobotti
ID: 22778229
Maybe I mistated my question.  In Win 2000 AD, when we wanted to change a domain policy, we would right click the domain name in AD Users and Computers, select Properties, and from the Policy tab, we would change the domain policies.  In Win 2008 AD, this option is not available as a right click.  My question is, where to change the Policies that affect the whole domain, is it by running gpedit from a DC (which may take a while to propagate), or would that only change the Policies local to that DC?

User replication has no issues, same with firewall/DNS/routing.  Also, all DC's are located in the same building, in two different subnets.  But as above, routing isn't an issue.

Sorry for not stating this better for you all, bit I greatly appreciate the help
0
 
LVL 58

Accepted Solution

by:
tigermatt earned 500 total points
ID: 22779048

Ah, I understand you now! There's a much better tool out there which overwrites the right-click > Group Policy option known as Group Policy Management, which essentially enables you to see where all policies are linked across the domain in much more detail. This is installed by default on Server 2008 and is the tool to use when you are making GPO changes. Access it from Start > (Control Panel >) Administrative Tools > Group Policy Management.

-tigermatt
0
 

Author Comment

by:crobotti
ID: 22780182
I don't see it listed.  This DC was originally Win 2000 Server upgraded to Win 2008 Server with the quick stop at Win 2003 Server.  Maybe I'll need to install it?  If so, any ideas on that?

Thanks
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 22780298

Just to check, you are looking in the same place I am looking, and you see Services, Active Directory icons etc. in there?
0
 

Author Closing Comment

by:crobotti
ID: 31508420
It wasn't installed by default, this may be because we upgraded from Win 2000 Server.  But by clicking on Start\Administrative Tools\Server Manager, we were able to add it thru Features. Thanks for all your help on this
0
 

Author Comment

by:crobotti
ID: 22780456
It wasn't installed by default, this may be because we upgraded from Win 2000 Server. But by clicking on Start\Administrative Tools\Server Manager, we were able to add it thru Features.
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 22780488
That was going to be my next port of call :)

Glad it sorted it, and you can now Group Policy-away!
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was supporting a handful of Windows 2008 (non-R2) 2 node clusters with shared quorum disks. Some had SQL 2008 installed and some were just a vendor application that we supported. For the purposes of this article it doesn’t really matter which so w…
Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question