?
Solved

Can I push a GPO to multiple domains?

Posted on 2011-03-10
7
Medium Priority
?
2,004 Views
Last Modified: 2012-06-22
I'm in a new environment which is a result of one company acquiring a few other companies.  It's a multi-forest, multi-domain environment.  I wasn't a part of the domain migration projects, but my job is to administer the systems.  I'm doing my best to familiarize myself with how everything works so from time to time I have questions which need to be answered.  Obviously the people that set this up initially are no longer here ... enter the EE experts!

Each domain has a Default Domain Policy, and a couple of the domains have additional GPO's for various settings (i.e. Outlook settings, IE settings to direct users to proxy, etc).  Two-way trust is setup between the domains (although I don't think it's functioning very well and may not be applicable to this specific issue).  

We'd like to add a GPO that would push a specific desktop wallpaper to all the desktop machines in all the domains.  I guess my question is how do I acheive that properly?  I know where to go to set up the GPO settings that I require - though I welcome suggestions on this as well.  My thought would be that I would have to edit each Default Policy to include the proposed change??  Can anyone confirm or advise steps to acheive the end result of one GPO pushed to multiple domains?  I'm attaching a snapshot of GPMC to aid in visualizing the request.   :o)   GPM MMC
0
Comment
Question by:mrah
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 21

Expert Comment

by:snusgubben
ID: 35097461
You cannot have a single GPO for multiple domains.
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 225 total points
ID: 35097579
You can link to multiple domains but generally not recommended.  I've seen it done is some smaller environments that happened to have multiple domains

See the section Cross-Domain GPO Links

http://windows-active-directory.net/Que-Windows.Server.2003.Active/0789729504_ch06lev1sec5.html

Thanks

Mike
0
 
LVL 21

Expert Comment

by:snusgubben
ID: 35097738
I wasn't aware that you could cross-link GPOs to different forests. You always learn. Thanks for bringing it up Mike :)
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 21

Accepted Solution

by:
snusgubben earned 525 total points
ID: 35097870
Looking at http://technet.microsoft.com/en-us/library/cc738810(WS.10).aspx#BKMK_forest 

it says: It is not possible to link a GPO to a domain in another forest (even with a forest trust)

0
 
LVL 1

Author Closing Comment

by:mrah
ID: 35098144
Thanks for the confirmation...I was pretty sure it wasn't "recommended" and I understand the performance issues associated.  I've skimmed these documents in my quest for an answer, but thanks for pointing out the specifics!
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 35098243
ahh different forests....I just read the title and then had a meeting....regular work called so I had to go :)
0
 
LVL 1

Author Comment

by:mrah
ID: 35098414
:o) ... it's all good, that's why I included the image ... I know how that goes, I hate when regular work interrupts my EE time...LoL.  Thanks again for contributing!
0

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

766 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question