Solved

GPO's win2k3-win2k8r2

Posted on 2011-03-23
9
835 Views
Last Modified: 2012-06-21
Are there any procedures that one should go through in order to verify that GPO's created on Win2k3 will work correctly if the DC's are all upgraded to Win2k8R2?
0
Comment
Question by:Ben Hart
  • 4
  • 3
  • 2
9 Comments
 
LVL 12

Accepted Solution

by:
Navdeep earned 125 total points
ID: 35201592
In ideal situation they will work as expected however there are not always a ideal situation.
you need to test in the lap environment first or add a pilot dc first and then test it out
0
 
LVL 14

Author Comment

by:Ben Hart
ID: 35201790
Ahh so no tool, or wizard or something that can be used in a situation like this?
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 35201837
If you have custom ADMs you want to convert you can use this converter   http://www.microsoft.com/downloads/en/details.aspx?FamilyId=0F1EEC3D-10C4-4B5F-9625-97C2F731090C&displaylang=en

but v-2 has it right they should work fine.  Once you start creating in 2008/7 try to use those boxes as your management workstation for group policy.

Thanks

Mike
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 14

Author Comment

by:Ben Hart
ID: 35207112
Hmm, I posted this question because for example yesterday I modified a new GPO on my workstation (Win7 sp1 64bit w/rsat) I opened the same GPO on the server and noticed a couple entries listed under "Extra Registry Settings" telling me "Display names for some settings cannot be found.  You might be able to resolve this issue by updating the ADM files used by Group Policy"

So with that and some free time in hand, I Googled for a while and found: http://www.microsoft.com/downloads/en/details.aspx?FamilyID=16f69ffe-d51b-4e02-9d02-3e57f3ccd490
Updated ADMX templates for 2k8 R2 and Win7., so I installed that on one of the DC's, then followed the directions to create a Central Policy store, copied the files into the folder.  I re-opened GP Management then edited the GPO in question only to be given the same display names thing.

I guess I'm unsure of the standard procedure in managing GPOs.. is the normal way to create/edit GPO's in a 2k8 R2 domain to use the admins workstation?  Is there anything to worry about with the server not being able to read or recognize all the options in any particular GPO?
0
 
LVL 12

Expert Comment

by:Navdeep
ID: 35210531
Server 2003 will not be able to read new GPO from W2K8. Admin Workstation is used just for the security purpose. If you have win7, use rsat tools, otherwise you can manage the gpo's from server 2k8 as well.

Although you may not be able to see those from server 2003 but gpo do exist and they will get applied.
0
 
LVL 14

Author Comment

by:Ben Hart
ID: 35210572
Oh no.. you misunderstand maybe.  We no longer have any Win2k3 DC's, both are 2k8 R2 and the issue I'm getting reading a GPO created by Win7 is on one of the 2k8 DC's.

Roger that about the admin workstation.
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 125 total points
ID: 35210588
Server 2003 will be able to read a policy created in 2008.  The problem is you won't be able to edit "new" settings that apply to 7/2008.

...but for example create a policy on a 2008 box and configure password settings.  (those have been around forever)

You can certainly open and edit that on a 2003/xp box.

What does happen when you use an older box to view the new GPO is that the ADM gets created which increases the size by 3 MB.

I'd stick to the newer machines but you can read.

Thanks

Mike
0
 
LVL 14

Author Comment

by:Ben Hart
ID: 35210606
Ok so creating GPO's using my Win7 admin workstation is totally fine, and I should not worry about the fact that there are parts of these GPO's that are apparently unreadable by a Win2k8R2 domain controller because the setting will still be applied.  Is that correct?
0
 
LVL 12

Expert Comment

by:Navdeep
ID: 35211013
Yes
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to install and use the NTBackup utility that comes with Windows Server.
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

713 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question