Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Can I push a GPO to multiple domains?

Posted on 2011-03-10
7
Medium Priority
?
2,061 Views
Last Modified: 2012-06-22
I'm in a new environment which is a result of one company acquiring a few other companies.  It's a multi-forest, multi-domain environment.  I wasn't a part of the domain migration projects, but my job is to administer the systems.  I'm doing my best to familiarize myself with how everything works so from time to time I have questions which need to be answered.  Obviously the people that set this up initially are no longer here ... enter the EE experts!

Each domain has a Default Domain Policy, and a couple of the domains have additional GPO's for various settings (i.e. Outlook settings, IE settings to direct users to proxy, etc).  Two-way trust is setup between the domains (although I don't think it's functioning very well and may not be applicable to this specific issue).  

We'd like to add a GPO that would push a specific desktop wallpaper to all the desktop machines in all the domains.  I guess my question is how do I acheive that properly?  I know where to go to set up the GPO settings that I require - though I welcome suggestions on this as well.  My thought would be that I would have to edit each Default Policy to include the proposed change??  Can anyone confirm or advise steps to acheive the end result of one GPO pushed to multiple domains?  I'm attaching a snapshot of GPMC to aid in visualizing the request.   :o)   GPM MMC
0
Comment
Question by:mrah
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 21

Expert Comment

by:snusgubben
ID: 35097461
You cannot have a single GPO for multiple domains.
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 225 total points
ID: 35097579
You can link to multiple domains but generally not recommended.  I've seen it done is some smaller environments that happened to have multiple domains

See the section Cross-Domain GPO Links

http://windows-active-directory.net/Que-Windows.Server.2003.Active/0789729504_ch06lev1sec5.html

Thanks

Mike
0
 
LVL 21

Expert Comment

by:snusgubben
ID: 35097738
I wasn't aware that you could cross-link GPOs to different forests. You always learn. Thanks for bringing it up Mike :)
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 
LVL 21

Accepted Solution

by:
snusgubben earned 525 total points
ID: 35097870
Looking at http://technet.microsoft.com/en-us/library/cc738810(WS.10).aspx#BKMK_forest 

it says: It is not possible to link a GPO to a domain in another forest (even with a forest trust)

0
 
LVL 1

Author Closing Comment

by:mrah
ID: 35098144
Thanks for the confirmation...I was pretty sure it wasn't "recommended" and I understand the performance issues associated.  I've skimmed these documents in my quest for an answer, but thanks for pointing out the specifics!
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 35098243
ahh different forests....I just read the title and then had a meeting....regular work called so I had to go :)
0
 
LVL 1

Author Comment

by:mrah
ID: 35098414
:o) ... it's all good, that's why I included the image ... I know how that goes, I hate when regular work interrupts my EE time...LoL.  Thanks again for contributing!
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question