Solved

Administrative Templates

Posted on 2010-11-24
5
421 Views
Last Modified: 2012-05-10
Hi guys,
I hope you can help.

We have a requirement to move 3 servers from one subdomain to another subdomain.

So,

subdomainA
            |-------------- serverOU
                                       |------------------ server gpo
                                       |------------------ user gpo

to

subdomainB
            |-------------- serverOU
                                       |------------------ server gpo
                                       |------------------ user gpo

Now,

In the original subdomain (subdomainA), there are 2 gpos for the serverOU container.
Each of these OUs has administrative templates added, around 6 of them.

When I move these 3 servers into the new subdomain (subdomainB), I want to ensure that the 2 gpos attached to the new OU in this new domain, are identical in every way to the original 2 gpos in the original domain. This will mean adding the required admin templates to the new serverOU container in subdomainB to the 2 new gpos in here.

My question is this.

In the new subdomainB, can I do the following?

1.Open up each new gpo
2.Add the required admin templates to each new gpo by pointing to the location of the Adm folder for the original gpo in the old subdomain?

Is this safe to do so?

Any help greatly appreciated.

0
Comment
Question by:Simon336697
  • 3
  • 2
5 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
ID: 34210290
You could go into the GPO and just copy those custom ADMs.

The easier way would be to backup/export the GPOs in GPMC (see screenshot) and then import them in the new domain.  More info

http://technet.microsoft.com/en-us/library/cc785343(WS.10).aspx

Thanks

Mike
GPMC-export-import.png
0
 
LVL 1

Author Comment

by:Simon336697
ID: 34214857
Hi mkline71, thanks so much for your help mate.
That makes perfect sense.

I created 2 new "blank" group policies in the new subdomain, because I wanted to keep it clean.

I was a bit dubious about doing the import option which I knew about because I thought that importing the settings from a group policy that exists in another domain might cause issues.

But you dont see this as a problem mate?
0
 
LVL 1

Author Comment

by:Simon336697
ID: 34214863
The other thing is, when you do an import of all the settings, does this import the account information, eg.if the computer accounts are part of a secuity filter for a gpo, but they dont as yet exist in the new domain, then when you import the settings, they will not be there in the new gpo.
0
 
LVL 1

Author Comment

by:Simon336697
ID: 34228436
Thanks so much mkline, really appreciate it.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 34230662
Sorry I didn't respond back, long holiday weekend.  You can use migration tables for some of those group references, not 100% sure on the security filtering though.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As network administrators; we know how hard it is to track user’s login/logout using security event log (BTW it is harder now in windows 2008 because user name is always “N/A” in the grid), and most of us either get 3rd party tools, or just make our…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now