Solved

Setting 2008 Domain Policy

Posted on 2008-10-21
10
334 Views
Last Modified: 2012-05-05
Hi, we currently have 3 DC's, all using win 2008 Server.  With Win 2000 Server, when we set a domain policy on one DC, the other two would pick it up.  When we try this with the 2008 DC's, the other two DC's don't pick it up.  My question is, how do we set a domain policy on one DC, and have it used by the other two?

Thanks
0
Comment
Question by:crobotti
  • 5
  • 4
10 Comments
 
LVL 58

Expert Comment

by:tigermatt
ID: 22770645

If all the DCs are member of the same domain then they should replicate in due course and the setting will be visible in Group Policy Management on the other DCs after a while.

If the DCs are in the same site, the default settings mean replication should be almost instantaneous, although this may not be the case.

-tigermatt
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 22770662

Sorry, just to clarify my above post, any changes to Active Directory (Group Policy, User Accounts, Computer Accounts etc.) should automatically replicate to the other Domain Controllers in the domain after a while, but it all depends on the configured replication topology for the network. If the DCs are not members of the same domain, then they have completely separate Active Directory domains and therefore Group Policy will not be the same between them; if they are members of the same domain, you may have to wait a while for replication to take place.

-tigermatt
0
 
LVL 31

Expert Comment

by:Henrik Johansson
ID: 22772207
As stated, this shall work automatically. Check with AD Sites and Services that replication links are configured correctly.

Is replication working when modifying users?
Firewall/DNS/routing issue?
Anything in eventlogs?
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 

Author Comment

by:crobotti
ID: 22778229
Maybe I mistated my question.  In Win 2000 AD, when we wanted to change a domain policy, we would right click the domain name in AD Users and Computers, select Properties, and from the Policy tab, we would change the domain policies.  In Win 2008 AD, this option is not available as a right click.  My question is, where to change the Policies that affect the whole domain, is it by running gpedit from a DC (which may take a while to propagate), or would that only change the Policies local to that DC?

User replication has no issues, same with firewall/DNS/routing.  Also, all DC's are located in the same building, in two different subnets.  But as above, routing isn't an issue.

Sorry for not stating this better for you all, bit I greatly appreciate the help
0
 
LVL 58

Accepted Solution

by:
tigermatt earned 500 total points
ID: 22779048

Ah, I understand you now! There's a much better tool out there which overwrites the right-click > Group Policy option known as Group Policy Management, which essentially enables you to see where all policies are linked across the domain in much more detail. This is installed by default on Server 2008 and is the tool to use when you are making GPO changes. Access it from Start > (Control Panel >) Administrative Tools > Group Policy Management.

-tigermatt
0
 

Author Comment

by:crobotti
ID: 22780182
I don't see it listed.  This DC was originally Win 2000 Server upgraded to Win 2008 Server with the quick stop at Win 2003 Server.  Maybe I'll need to install it?  If so, any ideas on that?

Thanks
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 22780298

Just to check, you are looking in the same place I am looking, and you see Services, Active Directory icons etc. in there?
0
 

Author Closing Comment

by:crobotti
ID: 31508420
It wasn't installed by default, this may be because we upgraded from Win 2000 Server.  But by clicking on Start\Administrative Tools\Server Manager, we were able to add it thru Features. Thanks for all your help on this
0
 

Author Comment

by:crobotti
ID: 22780456
It wasn't installed by default, this may be because we upgraded from Win 2000 Server. But by clicking on Start\Administrative Tools\Server Manager, we were able to add it thru Features.
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 22780488
That was going to be my next port of call :)

Glad it sorted it, and you can now Group Policy-away!
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was asked if I could set up a fax machine so that incoming faxes were delivered to people's Exchange inboxes and so that they could send faxes from their desktops without needing to print the document first.  I knew it was possible but I had no id…
I was supporting a handful of Windows 2008 (non-R2) 2 node clusters with shared quorum disks. Some had SQL 2008 installed and some were just a vendor application that we supported. For the purposes of this article it doesn’t really matter which so w…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question