Solved

Group Policy Extentions mixed Servers

Posted on 2011-03-14
2
503 Views
Last Modified: 2012-05-11
We currentky have a domain that has Windows 2003 and Windows 2000 DC. We are looking to start to use GPP on our network and would like some advice on the best way forward with this.
We have installed a Server 2008 Member server and have added the GP tools to this but when we try to connect to the DC is generates and error. Is this becuase that we still have Windows 2000 DC on the network? Do we need to upgrade these to at least 2003?

We are looking to utilise a few 2008 servers that we have as DC's in the near future and realise the process involved in adding these to the network. We would just like to start using GPP before we go with 2008 DC's

Any issues to be aware with on both topics?

Any info greatly appeciated?
0
Comment
Question by:Mitch P
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 9

Accepted Solution

by:
Chev_PCN earned 125 total points
ID: 35126705
The 2008 server is only a member server, which means that, you would have to run the 2008 Forestprep / domainprep to update the schema, which should then propagate to all the DC's.
Until you do that, you can't use any of the 2008 DC features.
It's not a good idea to have Win2000 DC's from a security or stability standpoint, but MS do support interoperability as long as the Win2000 boxes are running SP4. I would recommend replacing your Win2000 boxes ASAP. Also upgrade your domain functional level to 2003 native.

If you want to roll out Group Policy before you do this, then you can only do it from a 2003 DC, or from a PC running the 2003 Server Support Kit.
0
 
LVL 2

Assisted Solution

by:temores
temores earned 125 total points
ID: 35135096
From July 2010, Windows 2000 EVEN with SP4 is not supported, only through a custom suport agreement.

Group Policy Preferences is a feature of the Group Policy Management Console (GPMC) v2 that is shipped with windows vista and some of them can be applied to Windows XP an 2003 domain members as well as long as they have the GP extensions installed on them.

Windows 7, Windows 2008 and 2008 R2 have this extensions installed by default.

What you need to do is to is to use a GPMCv2 console to administer your GPOs and also apply the following hotfixes to you windows 2003, XP and vista machines.

you can follow the steps detailed here:

http://blogs.technet.com/b/grouppolicy/archive/2009/03/27/group-policy-preferences-not-applying-on-some-clients-client-side-extension-xmllite.aspx

and here

http://heidelbergit.blogspot.com/2008/03/how-to-install-gpp-cses-using-startup.html.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question