Re: Exporting GPOs from Active Directory

From: Laura A. Robinson (larobins@bellatlantic.net)
Date: 07/22/02


From: "Laura A. Robinson" <larobins@bellatlantic.net>
To: "David Vincent" <david.vincent@mightyoaks.com>, "Focus-Ms (E-mail)" <focus-ms@securityfocus.com>
Date: Mon, 22 Jul 2002 15:40:42 -0400

Doh! Read "GPOs" as "OUs"! Sorry folks!

With that said, secedit does not export Group Policy Objects. It allows you
to export the security settings from that section of the machine's policy,
but it does not export GPOs.

There is no officially supported method for exporting GPOs. However, there
are a couple of ways to do it:

1. Purchase FAZAM (http://www.fullarmor.com)
2. Read these links:

http://www.jsifaq.com/SUBK/tip5300/rh5320.htm
http://www.mike-tech.com/article.php?gif=win2k&article=147

Laura
----- Original Message -----
From: "David Vincent" <david.vincent@mightyoaks.com>
To: "'Laura A. Robinson'" <larobins@bellatlantic.net>; "Focus-Ms (E-mail)"
<focus-ms@securityfocus.com>
Sent: Monday, July 22, 2002 1:16 PM
Subject: RE: Exporting GPOs from Active Directory

> sorry laura, but i do believe you are confused.
>
> you want to use 'secedit' to export GPOs, LDFIDE exports lists of AD
objects
> in Line Delimited format, it is the partner to CSVIDE which exports AD
> contents into Comma Seperated Values.
>
> check the help for more info on 'secedit' or the usual 'c:\secedit /?'
>
>
>
>
> David Vincent CNA/MCSE
> Network Administrator
>
> www.mightyOaks.com
> david.vincent@mightyoaks.com
>
>
>
>
> -----Original Message-----
> From: Laura A. Robinson [mailto:larobins@bellatlantic.net]
> Sent: July 22, 2002 9:58 AM
> To: hbcsc502@csun.edu; focus-ms@securityfocus.com
> Subject: Re: Exporting GPOs from Active Directory
>
>
> You can use LDIFDE to do this. LDIFDE (LDIF Directory Export, IIRC) is a
> command-line utility installed on Windows 2000 server boxes that allows
you
> to import/export/modify LDAP directories using text files. The utility is
> not installed on Win2K pro boxes even with adminpak, but it should be on
any
> of your server installations.
>
> If you're running it from a DC, you would just open a command prompt and
> type
>
> ldifde -f <name of file to export to>
>
> There'd be other options you would have to type depending on the
credentials
> you want to use to connect and how much you want to export, but the
utility
> is relatively self-explanatory.
>
> Some additional info:
>
http://www.microsoft.com/windows2000/techinfo/planning/activedirectory/bulks
> teps.asp
> http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q263991&
>
> Laura
> ----- Original Message -----
> From: "Phydeaux" <hbcsc502@csun.edu>
> To: <focus-ms@securityfocus.com>
> Sent: Monday, July 22, 2002 1:55 AM
> Subject: Exporting GPOs from Active Directory
>
>
> > Hello all,
> >
> > Does anyone know how to export GPOs in an Active Directory to the .inf
> > files? I am looking for a native utility from Microsoft ore another
free
> > tool. Also on the flip side, how do I import settings into a GPO?
> >
> > Brian
> >
>



Relevant Pages

  • Re: Exporting GPOs from Active Directory
    ... Exporting GPOs from Active Directory ... >>Yes, it is based on licensed pieces of FAZAM, as, IIRC, is RSOP ...
    (Focus-Microsoft)
  • RE: Exporting GPOs from Active Directory
    ... not currently provide an API that exposes GPOs we were stumped there as ... Exporting GPOs from Active Directory ... secedit does not export Group Policy Objects. ... There is no officially supported method for exporting GPOs. ...
    (Focus-Microsoft)
  • Re: Identical Public & Private Domains - Cannot Resolve Public Domain
    ... however there are compromises to be dealt with. ... If the external IP is set, then GPOs may not apply. ... Microsoft Windows MVP - Active Directory ...
    (microsoft.public.win2000.dns)
  • Re: Exporting GPOs from Active Directory
    ... Exporting GPOs from Active Directory ... secedit does not export Group Policy Objects. ...
    (Focus-Microsoft)
  • Re: Sub OU Limitations
    ... Neil Ruston stated, which I commented on below:> There are no hard and fast rules. ... If you set GPO ast all these levels> then logon and startup times will degrade as the client processes> lots of GPOs. ... It's documented in some of the Active Directory ... This is a direct link to the Microsoft Public Newsgroups. ...
    (microsoft.public.windows.server.active_directory)