none
2003 Domain - 2 DC (2x 2003, 1x 2012) - change GPO Management/Deployment Server

    Question

  • Hey there,

    we have a 2003 Domain with 2x 2003 and 1x 2012 DC. One 2003 Server is the PDC who manages and deploys the GPOs. To use the new Win7/Win8 GPOs we would like to change the GPO Management Server to the 2012 Server.

    How can this be done without changing the PDC or the "Domain-structure"?


    • Edited by 1.FreddyD Friday, May 22, 2015 8:07 AM
    Friday, May 22, 2015 8:02 AM

Answers

  • You can use any domain-member machine to edit domain GP via GPMC - there is no requirement to use a domain controller for authoring/editing domain GP, you can even use a domain member workstation if you install RSAT on that.

    Your WS2012 DC can already do what you need, just logon to that DC and open GPMC.

    Note that modern OS (or something which has IE10/IE11 installed) cannot manage the old IEM GP settings.

    Note that you might need to "install" the relevant ADMX/ADML files for other product (e.g. Office) if that is your goal.


    Don
    (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
    This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

    • Marked as answer by 1.FreddyD Tuesday, May 26, 2015 9:28 AM
    Friday, May 22, 2015 8:30 AM
  • Hi

     First of all Windows Server 2003 Support is ending July 14,2015

    http://www.microsoft.com/en-us/server-cloud/products/windows-server-2003/

    And other hand the forest functional level 2003 is not give you exstra property.If you raise your forest functional Level least 2008 R2 new features become to avaible,like AD recyle bin,Branchcache,automatic SPN management etc.

    Check article about AD funtional levels;

    http://technet.microsoft.com/en-us/library/cc787290(v=ws.10).aspx

    Your need is; create 2 OU on Active Directory,one for Windows 7,and one for Windows 8,when you create a GPO for Windows 7&8,you will apply the GPO to these OU's.(on Server 2012 GPMC)

    • Marked as answer by 1.FreddyD Tuesday, May 26, 2015 9:28 AM
    Friday, May 22, 2015 8:32 AM
  • Hello,

    for the new GPO settings you have to use the new OS version that you will configure the settings for, so in your case Windows Server 2012 can manage the settings also for Windows 8 and lower OS versions if the OS supports the required settings. As you know some of the settings require certain OS version to be used.

    As Windows Server 2013 runs out of support you should think about changing to new OS DCs in the domain.


    Best regards

    Meinolf Weber

    MVP, MCP, MCTS

    Microsoft MVP - Directory Services

    My Blog: http://blogs.msmvps.com/MWeber

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Twitter:  

    • Marked as answer by 1.FreddyD Tuesday, May 26, 2015 9:28 AM
    • Unmarked as answer by 1.FreddyD Friday, September 08, 2017 12:16 PM
    • Marked as answer by 1.FreddyD Friday, September 08, 2017 12:16 PM
    Sunday, May 24, 2015 1:17 PM

All replies

  • You can use any domain-member machine to edit domain GP via GPMC - there is no requirement to use a domain controller for authoring/editing domain GP, you can even use a domain member workstation if you install RSAT on that.

    Your WS2012 DC can already do what you need, just logon to that DC and open GPMC.

    Note that modern OS (or something which has IE10/IE11 installed) cannot manage the old IEM GP settings.

    Note that you might need to "install" the relevant ADMX/ADML files for other product (e.g. Office) if that is your goal.


    Don
    (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
    This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

    • Marked as answer by 1.FreddyD Tuesday, May 26, 2015 9:28 AM
    Friday, May 22, 2015 8:30 AM
  • Hi

     First of all Windows Server 2003 Support is ending July 14,2015

    http://www.microsoft.com/en-us/server-cloud/products/windows-server-2003/

    And other hand the forest functional level 2003 is not give you exstra property.If you raise your forest functional Level least 2008 R2 new features become to avaible,like AD recyle bin,Branchcache,automatic SPN management etc.

    Check article about AD funtional levels;

    http://technet.microsoft.com/en-us/library/cc787290(v=ws.10).aspx

    Your need is; create 2 OU on Active Directory,one for Windows 7,and one for Windows 8,when you create a GPO for Windows 7&8,you will apply the GPO to these OU's.(on Server 2012 GPMC)

    • Marked as answer by 1.FreddyD Tuesday, May 26, 2015 9:28 AM
    Friday, May 22, 2015 8:32 AM
  • Hello,

    for the new GPO settings you have to use the new OS version that you will configure the settings for, so in your case Windows Server 2012 can manage the settings also for Windows 8 and lower OS versions if the OS supports the required settings. As you know some of the settings require certain OS version to be used.

    As Windows Server 2013 runs out of support you should think about changing to new OS DCs in the domain.


    Best regards

    Meinolf Weber

    MVP, MCP, MCTS

    Microsoft MVP - Directory Services

    My Blog: http://blogs.msmvps.com/MWeber

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Twitter:  

    • Marked as answer by 1.FreddyD Tuesday, May 26, 2015 9:28 AM
    • Unmarked as answer by 1.FreddyD Friday, September 08, 2017 12:16 PM
    • Marked as answer by 1.FreddyD Friday, September 08, 2017 12:16 PM
    Sunday, May 24, 2015 1:17 PM