“Migrating GPOs Across Domains with GPMC”

2 Replies

I’ve recently updated my Windows Server 2008R2 system to Windows Server 2012. Windows Server 2012 was a fresh install using a different domain name on a new system. My intention was to manually migrated all data from the existing 2008R2 server into the new domain, this included Hyper-V VMs, DHCP and GPOs. There is the option of using ADMT however I required a clean install.

These are the steps I took in order to migrate GPOs from the source server to the destination server with a different domain name.

(Although this was completed from a 2008R2 to 2012 server, the first set of screen shots where created on the new 2012 server for this guide)

Source WS2008R2: Backup the existing GPOs from the GPMC, you need to ensure that the “Group Policy Objects” container is selected for the “Backup Up All” option to be available.

gpo01_backup_gpos

Source WS2008R2: Select backup location. This will backup all GPOs on the server. This is basically creating a copy of the SYSVOL GPOs files/folders “%systemroot%\SYSVOL\domain\Policies”

gpo02_backup_gpos

gpo03_backup_gpos

The backup location DIR can be checked to confirm these are available. i.e. S:\Backup, this should match %systemroot%\SYSVOL\domain\Policies

gpo04_gpo_backup_files

Destination WS2012: Depending on the GPOs being migrated some of these may have references to local domain varibles such as “domain.com” or SIDS. Before the GPOs can be imported, these varibles must be remapped to work correct in the new domain. To remap these the Migration editor can be used.

Select “Open Migration Table Editor”

gpo05_migration_table_editor

Select “Tools -> Populate from Backup”

gpo06_migration_table_populate_from_backup

“Browse” to the GPO backup location (i.e. S:\Backup) highlight GPOs and select “OK”

gpo07_migration_table_populate_from_backup2

Review any objects that reference the source domain, right click the field which requires updating, select “browse” and select a new target which exists in the destination domain (i.e. groups, users, computers, SIDS etc)

gpo08_update_gpo_meta

After reviewing/updating objects, the list needs to be saved into a .migtable file
“file -> save as” enter destination/filename. (i.e. S:\Backup)

gpo09_save_migtable

Once the stages above are completed, we need to recreate the GPOs. Go back to the GPMC create a new GPO (same as a GPO in the source domain), enter name, click “OK”

gpo10_create_new_GPO

Right click the GPO, select “Import Settings”

gpo11_import_settings

“Browse to the same location the GPOs were backed up to (i.e. S:\Backup) click “Next”

gpo12_selection_backup_location

The backed up GPOs will be listed. Select the GPO to be imported click “Next”

gpo13_selection_gpo

The “Migrating References” options will be displayed, (this only displays if the imported GPO has a unique reference i.e. groups, users, computers, SIDS etc) “browse” to the location of the .migtable (i.e. S:\Backup\Migration.migtable) and click “Next” 

gpo14_selection_migtable

The GPO settings will be migrated into the new domain with the updated references. The GPO settings can be checked in the GPMC.

gpo_15_gpo_import_complete

References:

How To Migrate GPOS to Another Forest/
Migrating GPOs Across Domains with GPMC

2 thoughts on ““Migrating GPOs Across Domains with GPMC”

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.