AD GPO settings migration

Posted on 2008-11-14
Last Modified: 2012-05-05

My network is nicely setup and Group Policies are used extensively like everyone else no doubt. IS there a way to migrate Group Policies to a new server on a new network (to 2008 nserver maybe) or some way of easily doucumenting all the settings?

Many thanks
Question by:leegclystvale
    LVL 57

    Expert Comment

    by:Pete Long
    Use the group policy management console you can back up and restore policies with it
    LVL 13

    Author Comment

    Thanks Pete. To a new server totally? new network? windows 2003 to 2008 server?
    LVL 58

    Accepted Solution



    Be careful here. You're trying to migrate GPOs across to a brand new domain, and across different Operating Systems too. Server 2003 and 2008 use different methods to display the policies to you, changing from ADM files in 2003 and below to ADMX files (XML based - just like Microsoft's revamp in Office 2007's file formats) in Vista and Server 2008.

    You may be able to backup and restore your policies using the GPMC, but I wouldn't recommend it primarily as a result of the different network operating systems. You will more than likely run into issues, and of course the last thing you want is to have Group Policy not work, causing security issues on your network.

    The other problem you will find is unless you have extensive documentation of every GPO change, you will probably find references to servers and other locations on the old network, which would all need to be sifted through and updated or removed, and security identifiers (SIDs) for references users and groups will also be different, potentially causing issues with Active Directory.

    My suggestion would be to take the approach of rebuilding GPO from scratch. It's not the nicest of jobs, I know, but I always do it, since the volume of issues you could be hit with just seems stupid to try and play with them for a day to get them to migrate, when you can re-create and re-configure them in half that time.

    LVL 13

    Author Comment

    Thanks Petelong and Tigermatt.
    I'll award the points to tigermatt as he has pointed out the disadvantages of your solution and they seem quite extensive to me anyway. Appreciate the suggestion as a possibility.
    Thanks for a great response tigermatt
    LVL 13

    Author Closing Comment

    Good logic matt. Thanks for your time.

    Featured Post

    Find Ransomware Secrets With All-Source Analysis

    Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

    Join & Write a Comment

    I had a question today where the user wanted to know how to delete an SSL Certificate, so I thought that I would quickly add this How to! Article for your reference. WHY WOULD YOU WANT TO DELETE A CERTIFICATE? 1. If an incorrect certificate was …
    A quick step-by-step overview of installing and configuring Carbonite Server Backup.
    To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
    This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

    730 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now