none
Group Policy Replicaton to separate Forest

    Question

  • Hello

    Does anyone know if there is a tool that will replicate GPOs to another Forest?

    The situation is that i have been tasked with building a Non-Production Environment (NPE) that is 'like-live' but will be on its own subnet etc. This includes all GPOs that are in live, and any that will be created going forward should also be applied to the NPE.

    I am aware that GPOs are linked to GUIDs and Forest specific information such as ACLs and groups it is a bit of a long shot, but trying to avoid a manual process where possible, especially as we have countless GPOs in live doing various things.

    Any tools/hints/tips gratefully received

    Thanks


    • Edited by DenPete Thursday, December 8, 2016 9:56 AM
    Thursday, December 8, 2016 9:55 AM

All replies

  • Hi,

    Here are some tips concerning linking Group Policy Objects across Active Directory forests.

    It's possible to link a GPO in a domain in one forest to a domain or OU in another forest, but to do this you need to first do two things:

    1. Make sure there is a two-way trust between the forests.

    2. Enable the "Allow cross-forest User Policy and Roaming User Profiles" policy setting.

    However, just because you can do this doesn't mean it's a good idea.  For one thing, thel latency that is typically experienced in this scenario due to LDAP queries to the domain in the remote forest and reading the sysvol share there can slow down Group Policy processing.  And as the admin of the local domain, you have to decide whether you want your users or computers to be governed by policies that you have no control over.

    So instead of linking GPOs across forests, consider the alternative of exporting the GPO from the domain in the remote forest and importing it into your local domain.  That way you don't have to worry about latency, trust, firewalls ,and lack of control over policy.

    Best Regards,

    Alvin Wang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, December 9, 2016 2:58 AM
    Moderator
  • Hi,

    Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.

    Best Regards,

    Alvin Wang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, December 12, 2016 1:31 PM
    Moderator