Solved

Can I push a GPO to multiple domains?

Posted on 2011-03-10
7
1,754 Views
Last Modified: 2012-06-22
I'm in a new environment which is a result of one company acquiring a few other companies.  It's a multi-forest, multi-domain environment.  I wasn't a part of the domain migration projects, but my job is to administer the systems.  I'm doing my best to familiarize myself with how everything works so from time to time I have questions which need to be answered.  Obviously the people that set this up initially are no longer here ... enter the EE experts!

Each domain has a Default Domain Policy, and a couple of the domains have additional GPO's for various settings (i.e. Outlook settings, IE settings to direct users to proxy, etc).  Two-way trust is setup between the domains (although I don't think it's functioning very well and may not be applicable to this specific issue).  

We'd like to add a GPO that would push a specific desktop wallpaper to all the desktop machines in all the domains.  I guess my question is how do I acheive that properly?  I know where to go to set up the GPO settings that I require - though I welcome suggestions on this as well.  My thought would be that I would have to edit each Default Policy to include the proposed change??  Can anyone confirm or advise steps to acheive the end result of one GPO pushed to multiple domains?  I'm attaching a snapshot of GPMC to aid in visualizing the request.   :o)   GPM MMC
0
Comment
Question by:mrah
  • 3
  • 2
  • 2
7 Comments
 
LVL 21

Expert Comment

by:snusgubben
Comment Utility
You cannot have a single GPO for multiple domains.
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 75 total points
Comment Utility
You can link to multiple domains but generally not recommended.  I've seen it done is some smaller environments that happened to have multiple domains

See the section Cross-Domain GPO Links

http://windows-active-directory.net/Que-Windows.Server.2003.Active/0789729504_ch06lev1sec5.html

Thanks

Mike
0
 
LVL 21

Expert Comment

by:snusgubben
Comment Utility
I wasn't aware that you could cross-link GPOs to different forests. You always learn. Thanks for bringing it up Mike :)
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 21

Accepted Solution

by:
snusgubben earned 175 total points
Comment Utility
Looking at http://technet.microsoft.com/en-us/library/cc738810(WS.10).aspx#BKMK_forest

it says: It is not possible to link a GPO to a domain in another forest (even with a forest trust)

0
 
LVL 1

Author Closing Comment

by:mrah
Comment Utility
Thanks for the confirmation...I was pretty sure it wasn't "recommended" and I understand the performance issues associated.  I've skimmed these documents in my quest for an answer, but thanks for pointing out the specifics!
0
 
LVL 57

Expert Comment

by:Mike Kline
Comment Utility
ahh different forests....I just read the title and then had a meeting....regular work called so I had to go :)
0
 
LVL 1

Author Comment

by:mrah
Comment Utility
:o) ... it's all good, that's why I included the image ... I know how that goes, I hate when regular work interrupts my EE time...LoL.  Thanks again for contributing!
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Do you have users whose passwords are expiring and they are constantly calling you?  Well I sure did and needed a way to put an end to this.  We have a lot of remote users which would not be notified that their passwords were expiring since they wer…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now