Link to home
Start Free TrialLog in
Avatar of gdadmins
gdadmins

asked on

group policy across mutliple domains

Hello,
We would like to apply group policy settings to users who are in one domain(domain1) and log into a computers on a different domain(domain2).  We set user policies on domain1 but these policies only take effect when the users log into computers that are part of domain1 and not when they log onto computers that are part of domain2. The gpos are targeting the ou that the users are in.
Avatar of d3ath5tar
d3ath5tar
Flag of United Kingdom of Great Britain and Northern Ireland image

Are these domains in the same forest?
First of all it's not a good practice to link GPO's in Cross Domain scenario.
If you want to achieve this, please copy them into the domain1. This will not keep them in Sync, but you will get desired results.
To do this, simply drag & drop GPO from domain 1 group policy object to domain 2 group policy object. When you do this, you will be presented with wizard, however don't drag it into OU because when you do this, you are actually doing Cross Domain Linking.

Secondly, the domain structure is more of Logical rather than physical. So see it from this point of view, when the user logs on what is his Site, Domain & OU?  This is actually happening when your user is logging on, he is getting GPO from domain 1 which is his authentication domain1 & not domain2.

Also, if this is cross forest trust, then your computer is actually going to loopback replace mode (assuming your workstation is greater than XP SP2).

Please tell if something is not clear?

ASKER CERTIFIED SOLUTION
Avatar of akashguptaad
akashguptaad

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Please be warned if you enable Firstly Cross Forest User Policy which is under:
Computer > Administrative Templates > System > Group Policy "Allow Cross Forest user policy and Roaming User Profiles"

the after effects of slow link & other things...

considering what policies you are having in your parent domain & what you want to get in the targeted domain, I would reccomend getting the desired GPO in the target domain as described earlier.

A
Avatar of gdadmins
gdadmins

ASKER

Enabled Cross-Forest User Policy in Domain 2.  GPOs set in Domain1 now apply to users in Domain1 that log into Domain2 computers.
Thank you.