GPO Migrate between Domains and Forests

Two GPO migration questions:

1) mtedit.exe only presents Production domains to selection from within the
domain 'Location' browse button. How can I select our test and dev domains?
I tried the '/doman:test.local.net;dev.local.net' switch but it only presents
the Production domains to choose from.

2) How do I use mtedit.exe to migrate GPO's between AD Forests?

Cheers,
Cosmo

The only way a domain will show up is if there is a trust with your domain.

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.

"Cosmo" <> wrote in message
news:07D68C4E-CDD1-46BC-A19E-...
> Two GPO migration questions:
>
> 1) mtedit.exe only presents Production domains to selection from within
> the
> domain 'Location' browse button. How can I select our test and dev
> domains?
> I tried the '/doman:test.local.net;dev.local.net' switch but it only
> presents
> the Production domains to choose from.
>
> 2) How do I use mtedit.exe to migrate GPO's between AD Forests?
>
> Cheers,
> Cosmo
>
>

The domains that are show up within the AD domain Location 'Browse' box are
the domains with Transitive trusts, but the ones (eg. Dev and Test) that dont
show up are External non transitive.

Our AD trusts are one way going down from Prod -> Test -> Dev, but the
application life cycle goes up. (i.e. Dev -> Test -> Prod). Under this
scenario, is there a way to migrate GPO's upwards?

If so, what's 'mtedit.exe /domain:' switch syntax to indicate two domains
(i.e. a semi colon or comma to seperate the two FQDN's)?

I don't believe a transitive trust (As you are experiencing) will show.

I'm not sure what you mean by mirgate upwards? You should be able to copy
settings from within one gpo to another. Just create a blank gpo in the
target domain, browse to its folder location. Browse to the source gpo,
copy its contents and paste to the new location.

Sorry, I have not used nor ever heard of mtedit before.

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.

"Cosmo" <> wrote in message
news:E8FD94C8-EED3-4454-B565-...
> The domains that are show up within the AD domain Location 'Browse' box
> are
> the domains with Transitive trusts, but the ones (eg. Dev and Test) that
> dont
> show up are External non transitive.
>
> Our AD trusts are one way going down from Prod -> Test -> Dev, but the
> application life cycle goes up. (i.e. Dev -> Test -> Prod). Under this
> scenario, is there a way to migrate GPO's upwards?
>
> If so, what's 'mtedit.exe /domain:' switch syntax to indicate two domains
> (i.e. a semi colon or comma to seperate the two FQDN's)?

Paul,

I discovered why I have my problems. Our AD trusts are from Prod down to,
UAT, Test and Dev, but not in between each of these lower non Production
domains.

So, I'll have to keep using our existing GPO migration process of backing up
the GPO and importing it into the next level domain, rather then using the
'GPO Migration Editor' to fully automate this process. Then edit the new GPO
and change the domain specific references (eg. Service accounts, Windows
Domain Local security groups, etc..). This process is problem prone on large
GPO's, as missing a setting is very easy to occur.

Cheers and bye,
Cosmo

Best of luck

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.

"Cosmo" <> wrote in message
news868C60A-957F-4E18-8964-...
> Paul,
>
> I discovered why I have my problems. Our AD trusts are from Prod down to,
> UAT, Test and Dev, but not in between each of these lower non Production
> domains.
>
> So, I'll have to keep using our existing GPO migration process of backing
> up
> the GPO and importing it into the next level domain, rather then using the
> 'GPO Migration Editor' to fully automate this process. Then edit the new
> GPO
> and change the domain specific references (eg. Service accounts, Windows
> Domain Local security groups, etc..). This process is problem prone on
> large
> GPO's, as missing a setting is very easy to occur.
>
> Cheers and bye,
> Cosmo