none
Replicate Policy Definitions from one Domain Controller to another

    Question

  • Hi all,

    Hope you can help, I basically want to replicate Policy Definitions from one Domain Controller to another, I have copied all Policy Definitions from C:\Windows\PolicyDefinitions and pasted all policy definitions into C:\Windows\SYSVOL\sysvol\tim.local\PolicyDefinitions on the primary Domain Controller, will I need to do the same manual procedure on the secondary Domain Controller or will this replicate across in time? Your help would be much appreciated.

    Kind regards,

    RocknRollTim 

    Thursday, April 6, 2017 4:33 PM

Answers

  • Hi,
    You might need to create a Central Store in the SYSVOL folder on a domain controller. The Central Store is a file location that is checked by the Group Policy tools. The Group Policy tools use any .admx files that are in the Central Store. The files that are in the Central Store are later replicated to all domain controllers in the domain. Using a central store you will have the same policy definitions loaded no matter what client you are using for editing GPO’s. All you have to do is copy some ADMX and ADML files from an updated OS into one of your domain controllers’ folder, the Sysvol folder, then the AD replication will do the rest.
    Please see details from: https://support.microsoft.com/en-us/help/929841/how-to-create-the-central-store-for-group-policy-administrative-template-files-in-windows-vista
    Best regards, 
    Wendy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Friday, April 7, 2017 3:27 AM
    Moderator
  • Hi,
    The templates are actually stored in the SYSVOL, you could check the SYSVOL replication which is using DFS replication, if you want to check or monitor the DFS replication for better health, you could also refer to the following articles for more details:
    How to check replication status of sysvol folder
    https://social.technet.microsoft.com/Forums/scriptcenter/en-US/0789607c-1b36-417d-82eb-42b31bb230f4/how-to-check-replication-status-of-sysvol-folder?forum=winserverDS
    Best regards, 
    Wendy

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Tuesday, April 11, 2017 2:01 AM
    Moderator

All replies

  • Hi,
    You might need to create a Central Store in the SYSVOL folder on a domain controller. The Central Store is a file location that is checked by the Group Policy tools. The Group Policy tools use any .admx files that are in the Central Store. The files that are in the Central Store are later replicated to all domain controllers in the domain. Using a central store you will have the same policy definitions loaded no matter what client you are using for editing GPO’s. All you have to do is copy some ADMX and ADML files from an updated OS into one of your domain controllers’ folder, the Sysvol folder, then the AD replication will do the rest.
    Please see details from: https://support.microsoft.com/en-us/help/929841/how-to-create-the-central-store-for-group-policy-administrative-template-files-in-windows-vista
    Best regards, 
    Wendy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Friday, April 7, 2017 3:27 AM
    Moderator
  • Hi Wendy,

    Sorry for the delay in getting back to you and thank you for your response, will take note of all the information in your post including the link. By the way, is there way of monitoring the replication of the Central Store from the primary Domain Controller to the secondary Domain Controller? I have noticed that the replication uses DFS.

    Kind regards,

    RocknRollTim

    Saturday, April 8, 2017 5:34 PM
  • Hi,
    The templates are actually stored in the SYSVOL, you could check the SYSVOL replication which is using DFS replication, if you want to check or monitor the DFS replication for better health, you could also refer to the following articles for more details:
    How to check replication status of sysvol folder
    https://social.technet.microsoft.com/Forums/scriptcenter/en-US/0789607c-1b36-417d-82eb-42b31bb230f4/how-to-check-replication-status-of-sysvol-folder?forum=winserverDS
    Best regards, 
    Wendy

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Tuesday, April 11, 2017 2:01 AM
    Moderator
  • Hi Wendy,

    Sorry for the delay in getting back to you, will follow the link in your post in order to produce a DFS Health Report daily so I can monitor replication status of SYSVOL folder. Thank you for your help.

    Regards,

    RocknRollTim

    Friday, April 14, 2017 5:46 PM
  • i would use a separate computer for this and install the ADAM and all of the bells and whistles 

    installing this on your computer you use all the time can cause weak security on your system

    Friday, April 14, 2017 8:31 PM
  • Hi Eric,

    Thank you for also responding to my thread, will keep your advice in mind too.

    Regards,

    RocknRollTim 

    Friday, April 14, 2017 10:16 PM