Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » GPO Migrate between Domains and Forests
GPO Migrate between Domains and Forests [message #334897] Thu, 03 December 2009 22:13 Go to next message
Cosmo  is currently offline Cosmo
Messages: 25
Registered: September 2009
Junior Member
Two GPO migration questions:

1) mtedit.exe only presents Production domains to selection from within the
domain 'Location' browse button. How can I select our test and dev domains?
I tried the '/doman:test.local.net;dev.local.net' switch but it only presents
the Production domains to choose from.

2) How do I use mtedit.exe to migrate GPO's between AD Forests?

Cheers,
Cosmo
Re: GPO Migrate between Domains and Forests [message #335073 is a reply to message #334897] Fri, 04 December 2009 06:24 Go to previous messageGo to next message
pbbergs  is currently offline pbbergs  United States
Messages: 1024
Registered: July 2009
Senior Member
The only way a domain will show up is if there is a trust with your domain.

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.

"Cosmo" <Cosmo@discussions.microsoft.com> wrote in message
news:07D68C4E-CDD1-46BC-A19E-EBBD5540ED9E@microsoft.com...
> Two GPO migration questions:
>
> 1) mtedit.exe only presents Production domains to selection from within
> the
> domain 'Location' browse button. How can I select our test and dev
> domains?
> I tried the '/doman:test.local.net;dev.local.net' switch but it only
> presents
> the Production domains to choose from.
>
> 2) How do I use mtedit.exe to migrate GPO's between AD Forests?
>
> Cheers,
> Cosmo
>
>
Re: GPO Migrate between Domains and Forests [message #337149 is a reply to message #335073] Mon, 07 December 2009 01:43 Go to previous messageGo to next message
Cosmo  is currently offline Cosmo
Messages: 25
Registered: September 2009
Junior Member
The domains that are show up within the AD domain Location 'Browse' box are
the domains with Transitive trusts, but the ones (eg. Dev and Test) that dont
show up are External non transitive.

Our AD trusts are one way going down from Prod -> Test -> Dev, but the
application life cycle goes up. (i.e. Dev -> Test -> Prod). Under this
scenario, is there a way to migrate GPO's upwards?

If so, what's 'mtedit.exe /domain:' switch syntax to indicate two domains
(i.e. a semi colon or comma to seperate the two FQDN's)?
Re: GPO Migrate between Domains and Forests [message #337238 is a reply to message #337149] Mon, 07 December 2009 06:30 Go to previous messageGo to next message
pbbergs  is currently offline pbbergs  United States
Messages: 1024
Registered: July 2009
Senior Member
I don't believe a transitive trust (As you are experiencing) will show.

I'm not sure what you mean by mirgate upwards? You should be able to copy
settings from within one gpo to another. Just create a blank gpo in the
target domain, browse to its folder location. Browse to the source gpo,
copy its contents and paste to the new location.

Sorry, I have not used nor ever heard of mtedit before.

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.

"Cosmo" <Cosmo@discussions.microsoft.com> wrote in message
news:E8FD94C8-EED3-4454-B565-B05520E14673@microsoft.com...
> The domains that are show up within the AD domain Location 'Browse' box
> are
> the domains with Transitive trusts, but the ones (eg. Dev and Test) that
> dont
> show up are External non transitive.
>
> Our AD trusts are one way going down from Prod -> Test -> Dev, but the
> application life cycle goes up. (i.e. Dev -> Test -> Prod). Under this
> scenario, is there a way to migrate GPO's upwards?
>
> If so, what's 'mtedit.exe /domain:' switch syntax to indicate two domains
> (i.e. a semi colon or comma to seperate the two FQDN's)?
Re: GPO Migrate between Domains and Forests [message #338066 is a reply to message #337238] Tue, 08 December 2009 01:25 Go to previous messageGo to next message
Cosmo  is currently offline Cosmo
Messages: 25
Registered: September 2009
Junior Member
Paul,

I discovered why I have my problems. Our AD trusts are from Prod down to,
UAT, Test and Dev, but not in between each of these lower non Production
domains.

So, I'll have to keep using our existing GPO migration process of backing up
the GPO and importing it into the next level domain, rather then using the
'GPO Migration Editor' to fully automate this process. Then edit the new GPO
and change the domain specific references (eg. Service accounts, Windows
Domain Local security groups, etc..). This process is problem prone on large
GPO's, as missing a setting is very easy to occur.

Cheers and bye,
Cosmo
Re: GPO Migrate between Domains and Forests [message #338191 is a reply to message #338066] Tue, 08 December 2009 06:36 Go to previous message
pbbergs  is currently offline pbbergs  United States
Messages: 1024
Registered: July 2009
Senior Member
Best of luck

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.

"Cosmo" <Cosmo@discussions.microsoft.com> wrote in message
news:D868C60A-957F-4E18-8964-656C0A615375@microsoft.com...
> Paul,
>
> I discovered why I have my problems. Our AD trusts are from Prod down to,
> UAT, Test and Dev, but not in between each of these lower non Production
> domains.
>
> So, I'll have to keep using our existing GPO migration process of backing
> up
> the GPO and importing it into the next level domain, rather then using the
> 'GPO Migration Editor' to fully automate this process. Then edit the new
> GPO
> and change the domain specific references (eg. Service accounts, Windows
> Domain Local security groups, etc..). This process is problem prone on
> large
> GPO's, as missing a setting is very easy to occur.
>
> Cheers and bye,
> Cosmo
Previous Topic:GPO to Make a Screen Saver - Help
Next Topic:
Goto Forum:
  


Current Time: Tue Jan 16 10:41:28 MST 2018

Total time taken to generate the page: 0.02832 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software