Sysadmin Lab

My lab environment and my findings

bookmark bookmark
Admin On March - 12 - 2012

Sure, Microsoft does quite a good job showing you have to migrate GPOs across domains and they also have their Migrating GPOs Across Domains with GPMC document which I recommend.

But here's a short recap how to do it if you have two separate domains which are not trusted using the Backup method.

Export:

  1. In the source domain, right-click the GPO you want to migrate and choose Backup...
  2. Backup to a directory of your choice and Comment.
  3. You can continue backing up several GPOs to the same directory.

Import:

  1. Copy the directory to the destination domain. Then you can either import the GPOs one-by-one or all of them with the same name as they had in the source:
  2. Import one-by-one:
    • Create a new GPO.
    • Right-click the GPO and choose Import Settings...
    • Choose the backup folder you copied.
    • Choose which GPO you want to import.
    • Done.
  3. Import all GPOs:
    • Download ImportAllGPOs.wsf script found in Group Policy Management Console Sample Scripts which you can download here.
    • Open an elevated cmd.exe and cd to "C:\Program Files (x86)\Microsoft Group Policy\GPMC Sample Scripts" and run:
    • cscript.exe ImportAllGPOs.wsf "<Location of extracted GPO Backup folder>"
    • Done.

This is quite basic, but what if you have groups or UNC paths referenced in your GPOs which are different in source and target domain? Instead of editing them manually once they are imported you can use the Migration Table Editor to create a file that will change the values for you.

This is for another post, but in the meantime, read the Migrating GPOs Across Domains with GPMC document.

Categories: Windows

Leave a Reply