AD GPO settings migration


My network is nicely setup and Group Policies are used extensively like everyone else no doubt. IS there a way to migrate Group Policies to a new server on a new network (to 2008 nserver maybe) or some way of easily doucumenting all the settings?

Many thanks
LVL 13
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Pete LongTechnical ConsultantCommented:
Use the group policy management console you can back up and restore policies with it
leegclystvaleAuthor Commented:
Thanks Pete. To a new server totally? new network? windows 2003 to 2008 server?


Be careful here. You're trying to migrate GPOs across to a brand new domain, and across different Operating Systems too. Server 2003 and 2008 use different methods to display the policies to you, changing from ADM files in 2003 and below to ADMX files (XML based - just like Microsoft's revamp in Office 2007's file formats) in Vista and Server 2008.

You may be able to backup and restore your policies using the GPMC, but I wouldn't recommend it primarily as a result of the different network operating systems. You will more than likely run into issues, and of course the last thing you want is to have Group Policy not work, causing security issues on your network.

The other problem you will find is unless you have extensive documentation of every GPO change, you will probably find references to servers and other locations on the old network, which would all need to be sifted through and updated or removed, and security identifiers (SIDs) for references users and groups will also be different, potentially causing issues with Active Directory.

My suggestion would be to take the approach of rebuilding GPO from scratch. It's not the nicest of jobs, I know, but I always do it, since the volume of issues you could be hit with just seems stupid to try and play with them for a day to get them to migrate, when you can re-create and re-configure them in half that time.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
leegclystvaleAuthor Commented:
Thanks Petelong and Tigermatt.
I'll award the points to tigermatt as he has pointed out the disadvantages of your solution and they seem quite extensive to me anyway. Appreciate the suggestion as a possibility.
Thanks for a great response tigermatt
leegclystvaleAuthor Commented:
Good logic matt. Thanks for your time.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.