Solved

Advanced Group Policy Management

Posted on 2014-12-17
5
236 Views
Last Modified: 2016-08-11
Hello

I've just got a few questions on AGPM

1. Should this be installed on a completely separate server - eg no DHCP or other apps.
2. Is there a Fault Tolerance / HA functionality with AGPM - if not and the server crashes, what is the quickest way to recover AND can Group Policy still be used if AGPM is offline ?

Could you provide any MS TechNet / Best Practices links to back up the answers if possible !

Thank you for your help
0
Comment
Question by:nico-
  • 2
  • 2
5 Comments
 
LVL 19

Expert Comment

by:compdigit44
ID: 40508255
Inregards to you first question if you can install AGPM on a DC or DHCP server... MS States the following

 "You should install AGPM Server on a member server or domain controller with the most recent version of the GPMC that is available to you and supported by AGPM. AGPM uses the GPMC to back up and restore GPOs, and newer versions of the GPMC provide additional policy settings not available in preceding versions. If the version of the GPMC on your AGPM Server is older than the version on the computers that administrators use to manage Group Policy, the AGPM Server will be unable to store those policy settings not available in the older version of the GPMC.

http://technet.microsoft.com/en-us/library/bb767569.aspx

Personally install would install this on a small VM just to run this server . I always like to separate by server roles

I am looking still looking into your second questoin
0
 
LVL 19

Expert Comment

by:compdigit44
ID: 40508280
So far in regards to high availibity of AGPM server is to only backup the AGPM Server Config and Archive and restore it to a new server when need...

I am still looking though

Have you thought about running this by MS support to see if they have any new recommedations
0
 

Accepted Solution

by:
nico- earned 0 total points
ID: 40511364
knew the top bit but wondered if there any significantly obviously answers / best practices rather than preferences ..
seems not !! closing as has been open waiting for answers for a good few days
0
 

Author Closing Comment

by:nico-
ID: 40517466
no solution
0
 

Expert Comment

by:Member_2_7971295
ID: 41751880
Hi

If you're still looking for an answer to this ... you can get some sort of failover and fault tolerance using DFSR and 2 servers. Install each server separately, using a domain account to run the service on both machines (same account on both). Stop the service on your 'standby' box.

Configure DFSR to replicate the archive between the two servers, and only ever have the service running on one machine.

You should find that you can run the service on the first server, and if for any reason it goes offline your second server can start the service successfully. The contents of the archive have been replicated to it and are up to date. The AGPM archive seems to be self contained so this is a simple solution with very little that can go wrong.

Failover isn't automatic, but you could script that if you wanted to.

It seems to work just fine to me and thus far I've not had any issues with it :)

Regards

Al
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In-place Upgrading Dirsync to Azure AD Connect
This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question