Tip 50: How to copy a GPO from one domain to another

Windows 2000 stores information about a Group Policy Object (GPO) in Active Directory (AD) and as part of the SYSVOL structure that replicates among all domain controllers (DCs) within a domain.

The AD GPO information consists of the GPO’s name and globally unique identifier (GUID). To determine a GPO’s GUID, you must load the GPO in Group Policy Editor (GPE) and select Properties from the root context menu. Alternatively, you can open a container that has the GPO applied to it, select the GPO, and click Properties. Whichever method you use, the ’Unique name’ under the Summary section of the General tab will display the GUID.

Win2K stores the actual GPO data in:
%SystemRoot%\SYSVOL\sysvol\<domain name>\Policies\{<GUID of GPO>}.

To copy a GPO, perform the following steps:

  • Determine the GUID of the GPO that you want to copy.
  • Create a new GPO in the target domain.
  • Determine the new GPO’s GUID.
  • Navigate to the new GPO’s storage area
    (%SystemRoot%\SYSVOL\sysvol\<target domain name>\Policies\{<new GPO GUID>}),
    and delete the contents of that folder.
  • Copy the contents of the GPO folder from the original domain into the new GPO location.

For example, imagine I have an original GPO named TestGPO in the peter.com domain and a GUID of 5AAB140D1-397A-4B5C-B4DC-DF60FF731FC0. To copy this GPO to a new GPO named Test2 in the newdomain.com domain, I would perform the following steps:

  • Create a new GPO named Test2 in the newdomain.com domain.
  • Determine the new GPO’s GUID (e.g., 600140D1-397A-4B5C-B4DC-DF60FF73XXXX).
  • Navigate to the new GPO’s storage area
    (%SystemRoot%\SYSVOL\sysvol\newdomain.com\Policies\{600140D1-397A-4B5C-B4DC-DF60FF73XXXX}), and delete the contents of that folder.
  • Copy the contents of
    %SystemRoot%\SYSVOL\sysvol\peter.com\Policies\{5AA140D1-397A-4B5C-B4DC-DF60FF731FC0}
    to
    %SystemRoot%\SYSVOL\sysvol\newdomain.com\Policies\{600140D1-397A-4B5C-B4DC-DF60FF73XXXX}.

Be aware that you will not have both folders on the same machine; instead, you’ll be copying files between machines (DCs).
 

Note: This method works fine, although it is not supported by Microsoft.

In Windows Server 2003 all of this is made a lot easier through functionality contained in Group Policy Management Console (GPMC), the Active Directory add-on for GPO management.