shong1997
asked on
ADMT Migration Group Policy Effects
Environment:
Two AD Forests
Source domain is Windows 2003
Target domain is Windows 2008
Two-way transitive trust between two forests
SID History is enabled and SID Filtering is disabled on the trust
All users with SID History and computers were succesfully migrated from the source domain to the target domain using ADMT. The users are able to log in to the target domain, but now they're getting user-based GPOs from the source domains in addition to GPOs applied on the target domain. Any ideas on how users would receive GPOs from the source domain even though their user objects are now resided in the target domain?
Thanks,
Two AD Forests
Source domain is Windows 2003
Target domain is Windows 2008
Two-way transitive trust between two forests
SID History is enabled and SID Filtering is disabled on the trust
All users with SID History and computers were succesfully migrated from the source domain to the target domain using ADMT. The users are able to log in to the target domain, but now they're getting user-based GPOs from the source domains in addition to GPOs applied on the target domain. Any ideas on how users would receive GPOs from the source domain even though their user objects are now resided in the target domain?
Thanks,
ASKER
I understand that ADMT does not migrate GPOs. GPOs are configured in the target domain and linked to appropriate OUs. However, after the migration of users/computers, I logged in to a migrated computer as one of the migrated users. I ran GPResult.exe and saw some user-based GPOs from the old domain are still being applied to the user. Any ideas?
I have never had such issue,just run gpupdate /force & reboot your computer twice & see if it works.
I read somewhere GPO can be applied but when you remove the GPO settings are not removed.AS GPO application works with registry modification & since you remove the GPO there is no modification you are doing. The policy is already applied & its still there even if you remove the GPO.
I read somewhere GPO can be applied but when you remove the GPO settings are not removed.AS GPO application works with registry modification & since you remove the GPO there is no modification you are doing. The policy is already applied & its still there even if you remove the GPO.
ASKER
Hi Awinish,
I ran 'GPUpate.exe /force' and rebooted the system as suggested. I ran 'GPresult' again and what I found is very interesting - there are two sets of RSOP result showing on the screen. The first RSOP result shows the user is getting GPOs from both the source and the target. The second RSOP result shows the user is only getting GPOs from the target. Does this have to do with the fact that I chose "Add" instead of "Replace" mode to update local profiles on the computer?
I ran 'GPUpate.exe /force' and rebooted the system as suggested. I ran 'GPresult' again and what I found is very interesting - there are two sets of RSOP result showing on the screen. The first RSOP result shows the user is getting GPOs from both the source and the target. The second RSOP result shows the user is only getting GPOs from the target. Does this have to do with the fact that I chose "Add" instead of "Replace" mode to update local profiles on the computer?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The computer you have added contains the GPO setting from previous domain & it gets applied.