?
Solved

Administrative Templates

Posted on 2010-11-24
5
Medium Priority
?
426 Views
Last Modified: 2012-05-10
Hi guys,
I hope you can help.

We have a requirement to move 3 servers from one subdomain to another subdomain.

So,

subdomainA
            |-------------- serverOU
                                       |------------------ server gpo
                                       |------------------ user gpo

to

subdomainB
            |-------------- serverOU
                                       |------------------ server gpo
                                       |------------------ user gpo

Now,

In the original subdomain (subdomainA), there are 2 gpos for the serverOU container.
Each of these OUs has administrative templates added, around 6 of them.

When I move these 3 servers into the new subdomain (subdomainB), I want to ensure that the 2 gpos attached to the new OU in this new domain, are identical in every way to the original 2 gpos in the original domain. This will mean adding the required admin templates to the new serverOU container in subdomainB to the 2 new gpos in here.

My question is this.

In the new subdomainB, can I do the following?

1.Open up each new gpo
2.Add the required admin templates to each new gpo by pointing to the location of the Adm folder for the original gpo in the old subdomain?

Is this safe to do so?

Any help greatly appreciated.

0
Comment
Question by:Simon336697
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 2000 total points
ID: 34210290
You could go into the GPO and just copy those custom ADMs.

The easier way would be to backup/export the GPOs in GPMC (see screenshot) and then import them in the new domain.  More info

http://technet.microsoft.com/en-us/library/cc785343(WS.10).aspx

Thanks

Mike
GPMC-export-import.png
0
 
LVL 1

Author Comment

by:Simon336697
ID: 34214857
Hi mkline71, thanks so much for your help mate.
That makes perfect sense.

I created 2 new "blank" group policies in the new subdomain, because I wanted to keep it clean.

I was a bit dubious about doing the import option which I knew about because I thought that importing the settings from a group policy that exists in another domain might cause issues.

But you dont see this as a problem mate?
0
 
LVL 1

Author Comment

by:Simon336697
ID: 34214863
The other thing is, when you do an import of all the settings, does this import the account information, eg.if the computer accounts are part of a secuity filter for a gpo, but they dont as yet exist in the new domain, then when you import the settings, they will not be there in the new gpo.
0
 
LVL 1

Author Comment

by:Simon336697
ID: 34228436
Thanks so much mkline, really appreciate it.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 34230662
Sorry I didn't respond back, long holiday weekend.  You can use migration tables for some of those group references, not 100% sure on the security filtering though.
0

Featured Post

Veeam Task Manager for Hyper-V

Task Manager for Hyper-V provides critical information that allows you to monitor Hyper-V performance by displaying real-time views of CPU and memory at the individual VM-level, so you can quickly identify which VMs are using host resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question