Solved

Administrative Templates

Posted on 2010-11-24
5
425 Views
Last Modified: 2012-05-10
Hi guys,
I hope you can help.

We have a requirement to move 3 servers from one subdomain to another subdomain.

So,

subdomainA
            |-------------- serverOU
                                       |------------------ server gpo
                                       |------------------ user gpo

to

subdomainB
            |-------------- serverOU
                                       |------------------ server gpo
                                       |------------------ user gpo

Now,

In the original subdomain (subdomainA), there are 2 gpos for the serverOU container.
Each of these OUs has administrative templates added, around 6 of them.

When I move these 3 servers into the new subdomain (subdomainB), I want to ensure that the 2 gpos attached to the new OU in this new domain, are identical in every way to the original 2 gpos in the original domain. This will mean adding the required admin templates to the new serverOU container in subdomainB to the 2 new gpos in here.

My question is this.

In the new subdomainB, can I do the following?

1.Open up each new gpo
2.Add the required admin templates to each new gpo by pointing to the location of the Adm folder for the original gpo in the old subdomain?

Is this safe to do so?

Any help greatly appreciated.

0
Comment
Question by:Simon336697
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
ID: 34210290
You could go into the GPO and just copy those custom ADMs.

The easier way would be to backup/export the GPOs in GPMC (see screenshot) and then import them in the new domain.  More info

http://technet.microsoft.com/en-us/library/cc785343(WS.10).aspx

Thanks

Mike
GPMC-export-import.png
0
 
LVL 1

Author Comment

by:Simon336697
ID: 34214857
Hi mkline71, thanks so much for your help mate.
That makes perfect sense.

I created 2 new "blank" group policies in the new subdomain, because I wanted to keep it clean.

I was a bit dubious about doing the import option which I knew about because I thought that importing the settings from a group policy that exists in another domain might cause issues.

But you dont see this as a problem mate?
0
 
LVL 1

Author Comment

by:Simon336697
ID: 34214863
The other thing is, when you do an import of all the settings, does this import the account information, eg.if the computer accounts are part of a secuity filter for a gpo, but they dont as yet exist in the new domain, then when you import the settings, they will not be there in the new gpo.
0
 
LVL 1

Author Comment

by:Simon336697
ID: 34228436
Thanks so much mkline, really appreciate it.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 34230662
Sorry I didn't respond back, long holiday weekend.  You can use migration tables for some of those group references, not 100% sure on the security filtering though.
0

Featured Post

Enroll in June's Course of the Month

June’s Course of the Month is now available! Experts Exchange’s Premium Members, Team Accounts, and Qualified Experts have access to a complimentary course each month as part of their membership—an extra way to sharpen your skills and increase training.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question