none
gpo export RRS feed

  • Question

  • Hi

    I need to export/migrate about 100 gpo's from abc.com to 123.com there is no trust between the domain.
    i triad to backup all my 100 gpo and restore them to 123.com but this doesn't work.
    i could backup the gpo's and import the setting to 123.com domain but with this i need to create 100 gpo on my 123.com and then import the setting 100 time :( (dont have time to that)
    any other way?
    Thursday, November 26, 2009 12:44 PM

Answers

All replies

  • Theres is a script included in GPMC that can help you to perform this task.
    It is named "CreateXMLFromEnvironment.wsf" and described here (the "Restore" Script in turn is called "CreateEnvironmentFromXML.wsf"):
    http://technet.microsoft.com/en-us/library/cc782251(WS.10).aspx
    Probably finding the appropriate parameters will require some effort.
    But please test thoroughly before applying to production enviroinment.
    Patrick
    Thursday, November 26, 2009 3:10 PM
  • Hi,

     

    You can use GPMC to migrate GPOs across domains. Please refer to:

     

    Migrating GPOs Across Domains with GPMC

    http://www.microsoft.com/windowsserver2003/gpmc/migrgpo.mspx

     

    The step by step instruction can be download here:

     

    http://download.microsoft.com/download/1/9/f/19f1728a-6314-4d29-a60d-ea9cadcd2c16/MigGPOs.doc

     

    Regards,

    Bruce

    • Marked as answer by Bruce-Liu Monday, December 7, 2009 9:26 AM
    Friday, November 27, 2009 8:14 AM
  • @Bruce-Liu no you can't!!
    becuase gpo across domains migration work if there is a domain trust between the domains, in my case i dont have a trust between my domains.!! the 2. choice is i need to backup all my 100 gpo's and import + create one gpo at time (bad solution require many hours).

    i cant understand why no one have think about this kind of problems!

     

    Saturday, November 28, 2009 11:55 AM
  • Hi,
     The migration document contains a detailed methodology for migrating between domains that do not have a trust between them. The relevant section is quoted below. If you'd attempted this method and have run into problem, please post additional details about what was attempted and what the result was so we can help you further.

    Thanks,
    Guy

    Copy

    A copy operation takes an existing, live GPO and copies it to the desired destination domain. A new GPO is always created as part of this process.

    The destination domain can be any accessible domain in which you have the rights to create new GPOs, making it very easy to migrate GPOs among domains. Simply add the desired forests and domains to the GPMC console and use the GPMC user interface to copy and paste (or drag and drop) the desired GPOs from one domain to another. To add a forest to the console in GPMC, you must either have trust to that forest, or you can use the Stored User Names and Passwords utility in Windows. The procedure for using this utility in conjunction with GPMC is documented in detail in the GPMC white paper, and allows you to perform a copy operation even if the source and target domains do not trust one another.

    Saturday, November 28, 2009 5:21 PM
  • @Guy Yardeni
    Read my question!!
    Sunday, November 29, 2009 10:18 AM
  • @MA_7ABK
    Please read my answer.
    The script does exactly match the question you posted.
    You don't need a trust between domains when using that script.
    It works offline by storing all necessary information in files (GPO Backups and metadata in XML).
    You did not comment it so far.
    Have you tried it?  
    Please let us know about the results.
    Patrick
    Sunday, November 29, 2009 5:22 PM
  • i will test it
    Monday, November 30, 2009 8:27 AM