Solved

Group Policy Extentions mixed Servers

Posted on 2011-03-14
2
498 Views
Last Modified: 2012-05-11
We currentky have a domain that has Windows 2003 and Windows 2000 DC. We are looking to start to use GPP on our network and would like some advice on the best way forward with this.
We have installed a Server 2008 Member server and have added the GP tools to this but when we try to connect to the DC is generates and error. Is this becuase that we still have Windows 2000 DC on the network? Do we need to upgrade these to at least 2003?

We are looking to utilise a few 2008 servers that we have as DC's in the near future and realise the process involved in adding these to the network. We would just like to start using GPP before we go with 2008 DC's

Any issues to be aware with on both topics?

Any info greatly appeciated?
0
Comment
Question by:Mitch P
2 Comments
 
LVL 9

Accepted Solution

by:
Chev_PCN earned 125 total points
Comment Utility
The 2008 server is only a member server, which means that, you would have to run the 2008 Forestprep / domainprep to update the schema, which should then propagate to all the DC's.
Until you do that, you can't use any of the 2008 DC features.
It's not a good idea to have Win2000 DC's from a security or stability standpoint, but MS do support interoperability as long as the Win2000 boxes are running SP4. I would recommend replacing your Win2000 boxes ASAP. Also upgrade your domain functional level to 2003 native.

If you want to roll out Group Policy before you do this, then you can only do it from a 2003 DC, or from a PC running the 2003 Server Support Kit.
0
 
LVL 2

Assisted Solution

by:temores
temores earned 125 total points
Comment Utility
From July 2010, Windows 2000 EVEN with SP4 is not supported, only through a custom suport agreement.

Group Policy Preferences is a feature of the Group Policy Management Console (GPMC) v2 that is shipped with windows vista and some of them can be applied to Windows XP an 2003 domain members as well as long as they have the GP extensions installed on them.

Windows 7, Windows 2008 and 2008 R2 have this extensions installed by default.

What you need to do is to is to use a GPMCv2 console to administer your GPOs and also apply the following hotfixes to you windows 2003, XP and vista machines.

you can follow the steps detailed here:

http://blogs.technet.com/b/grouppolicy/archive/2009/03/27/group-policy-preferences-not-applying-on-some-clients-client-side-extension-xmllite.aspx

and here

http://heidelbergit.blogspot.com/2008/03/how-to-install-gpp-cses-using-startup.html.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now