Solved

Can I push a GPO to multiple domains?

Posted on 2011-03-10
7
1,936 Views
Last Modified: 2012-06-22
I'm in a new environment which is a result of one company acquiring a few other companies.  It's a multi-forest, multi-domain environment.  I wasn't a part of the domain migration projects, but my job is to administer the systems.  I'm doing my best to familiarize myself with how everything works so from time to time I have questions which need to be answered.  Obviously the people that set this up initially are no longer here ... enter the EE experts!

Each domain has a Default Domain Policy, and a couple of the domains have additional GPO's for various settings (i.e. Outlook settings, IE settings to direct users to proxy, etc).  Two-way trust is setup between the domains (although I don't think it's functioning very well and may not be applicable to this specific issue).  

We'd like to add a GPO that would push a specific desktop wallpaper to all the desktop machines in all the domains.  I guess my question is how do I acheive that properly?  I know where to go to set up the GPO settings that I require - though I welcome suggestions on this as well.  My thought would be that I would have to edit each Default Policy to include the proposed change??  Can anyone confirm or advise steps to acheive the end result of one GPO pushed to multiple domains?  I'm attaching a snapshot of GPMC to aid in visualizing the request.   :o)   GPM MMC
0
Comment
Question by:mrah
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 21

Expert Comment

by:snusgubben
ID: 35097461
You cannot have a single GPO for multiple domains.
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 75 total points
ID: 35097579
You can link to multiple domains but generally not recommended.  I've seen it done is some smaller environments that happened to have multiple domains

See the section Cross-Domain GPO Links

http://windows-active-directory.net/Que-Windows.Server.2003.Active/0789729504_ch06lev1sec5.html

Thanks

Mike
0
 
LVL 21

Expert Comment

by:snusgubben
ID: 35097738
I wasn't aware that you could cross-link GPOs to different forests. You always learn. Thanks for bringing it up Mike :)
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 21

Accepted Solution

by:
snusgubben earned 175 total points
ID: 35097870
Looking at http://technet.microsoft.com/en-us/library/cc738810(WS.10).aspx#BKMK_forest 

it says: It is not possible to link a GPO to a domain in another forest (even with a forest trust)

0
 
LVL 1

Author Closing Comment

by:mrah
ID: 35098144
Thanks for the confirmation...I was pretty sure it wasn't "recommended" and I understand the performance issues associated.  I've skimmed these documents in my quest for an answer, but thanks for pointing out the specifics!
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 35098243
ahh different forests....I just read the title and then had a meeting....regular work called so I had to go :)
0
 
LVL 1

Author Comment

by:mrah
ID: 35098414
:o) ... it's all good, that's why I included the image ... I know how that goes, I hate when regular work interrupts my EE time...LoL.  Thanks again for contributing!
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
A hard and fast method for reducing Active Directory Administrators members.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question