Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Administrative Templates

Posted on 2010-11-24
5
Medium Priority
?
427 Views
Last Modified: 2012-05-10
Hi guys,
I hope you can help.

We have a requirement to move 3 servers from one subdomain to another subdomain.

So,

subdomainA
            |-------------- serverOU
                                       |------------------ server gpo
                                       |------------------ user gpo

to

subdomainB
            |-------------- serverOU
                                       |------------------ server gpo
                                       |------------------ user gpo

Now,

In the original subdomain (subdomainA), there are 2 gpos for the serverOU container.
Each of these OUs has administrative templates added, around 6 of them.

When I move these 3 servers into the new subdomain (subdomainB), I want to ensure that the 2 gpos attached to the new OU in this new domain, are identical in every way to the original 2 gpos in the original domain. This will mean adding the required admin templates to the new serverOU container in subdomainB to the 2 new gpos in here.

My question is this.

In the new subdomainB, can I do the following?

1.Open up each new gpo
2.Add the required admin templates to each new gpo by pointing to the location of the Adm folder for the original gpo in the old subdomain?

Is this safe to do so?

Any help greatly appreciated.

0
Comment
Question by:Simon336697
  • 3
  • 2
5 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 2000 total points
ID: 34210290
You could go into the GPO and just copy those custom ADMs.

The easier way would be to backup/export the GPOs in GPMC (see screenshot) and then import them in the new domain.  More info

http://technet.microsoft.com/en-us/library/cc785343(WS.10).aspx

Thanks

Mike
GPMC-export-import.png
0
 
LVL 1

Author Comment

by:Simon336697
ID: 34214857
Hi mkline71, thanks so much for your help mate.
That makes perfect sense.

I created 2 new "blank" group policies in the new subdomain, because I wanted to keep it clean.

I was a bit dubious about doing the import option which I knew about because I thought that importing the settings from a group policy that exists in another domain might cause issues.

But you dont see this as a problem mate?
0
 
LVL 1

Author Comment

by:Simon336697
ID: 34214863
The other thing is, when you do an import of all the settings, does this import the account information, eg.if the computer accounts are part of a secuity filter for a gpo, but they dont as yet exist in the new domain, then when you import the settings, they will not be there in the new gpo.
0
 
LVL 1

Author Comment

by:Simon336697
ID: 34228436
Thanks so much mkline, really appreciate it.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 34230662
Sorry I didn't respond back, long holiday weekend.  You can use migration tables for some of those group references, not 100% sure on the security filtering though.
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question