Group Policy Extentions mixed Servers

Posted on 2011-03-14
Medium Priority
Last Modified: 2012-05-11
We currentky have a domain that has Windows 2003 and Windows 2000 DC. We are looking to start to use GPP on our network and would like some advice on the best way forward with this.
We have installed a Server 2008 Member server and have added the GP tools to this but when we try to connect to the DC is generates and error. Is this becuase that we still have Windows 2000 DC on the network? Do we need to upgrade these to at least 2003?

We are looking to utilise a few 2008 servers that we have as DC's in the near future and realise the process involved in adding these to the network. We would just like to start using GPP before we go with 2008 DC's

Any issues to be aware with on both topics?

Any info greatly appeciated?
Question by:Mitch P

Accepted Solution

Chev_PCN earned 500 total points
ID: 35126705
The 2008 server is only a member server, which means that, you would have to run the 2008 Forestprep / domainprep to update the schema, which should then propagate to all the DC's.
Until you do that, you can't use any of the 2008 DC features.
It's not a good idea to have Win2000 DC's from a security or stability standpoint, but MS do support interoperability as long as the Win2000 boxes are running SP4. I would recommend replacing your Win2000 boxes ASAP. Also upgrade your domain functional level to 2003 native.

If you want to roll out Group Policy before you do this, then you can only do it from a 2003 DC, or from a PC running the 2003 Server Support Kit.

Assisted Solution

temores earned 500 total points
ID: 35135096
From July 2010, Windows 2000 EVEN with SP4 is not supported, only through a custom suport agreement.

Group Policy Preferences is a feature of the Group Policy Management Console (GPMC) v2 that is shipped with windows vista and some of them can be applied to Windows XP an 2003 domain members as well as long as they have the GP extensions installed on them.

Windows 7, Windows 2008 and 2008 R2 have this extensions installed by default.

What you need to do is to is to use a GPMCv2 console to administer your GPOs and also apply the following hotfixes to you windows 2003, XP and vista machines.

you can follow the steps detailed here:


and here


Featured Post

Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

The Windows Firewall provides an important layer of protection and a rich interface to configure it. Unfortunately, it lacks item level filtering. This article details my process of implementing firewall-as-code to reduce GPO bloat.
If you need to implement application level security in an Access database application or other VBA code, I strongly encourage you to take advantage of Active Directory groups.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question