Re: Exporting GPOs from Active Directory

From: Laura A. Robinson (larobins@bellatlantic.net)
Date: 07/23/02


From: "Laura A. Robinson" <larobins@bellatlantic.net>
To: "Brad Judy" <judy@colorado.edu>, "'David Vincent'" <david.vincent@mightyoaks.com>, "'Focus-Ms (E-mail)'" <focus-ms@securityfocus.com>, "Scott Ehrlich" <scott@ai.mit.edu>
Date: Tue, 23 Jul 2002 11:43:28 -0400

Unfortunately, the reduced-functionality version does not do GPO exports,
IIRC. You'll need the full version for that.

Laura
----- Original Message -----
From: "Scott Ehrlich" <scott@ai.mit.edu>
To: "Laura A. Robinson" <larobins@bellatlantic.net>; "Brad Judy"
<judy@colorado.edu>; "'David Vincent'" <david.vincent@mightyoaks.com>;
"'Focus-Ms (E-mail)'" <focus-ms@securityfocus.com>
Sent: Tuesday, July 23, 2002 11:41 AM
Subject: Re: Exporting GPOs from Active Directory

> I think I've found it at:
>
http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/fazam200
0-o.asp
>
> At 11:01 AM 7/23/2002 -0400, Laura A. Robinson wrote:
> >Yes, it is based on licensed pieces of FAZAM, as, IIRC, is RSOP
(Resultant
> >Set of Policy)
> >
> >Laura
> >----- Original Message -----
> >From: "Brad Judy" <judy@colorado.edu>
> >To: "'Laura A. Robinson'" <larobins@bellatlantic.net>; "'David Vincent'"
> ><david.vincent@mightyoaks.com>; "'Focus-Ms (E-mail)'"
> ><focus-ms@securityfocus.com>
> >Sent: Tuesday, July 23, 2002 10:50 AM
> >Subject: RE: Exporting GPOs from Active Directory
> >
> >
> > > Microsoft will be releasing a "Group Policy Management Console" add-on
> > > that will allow for export/import of GPOs in addition to a large
number
> > > of other features including a lot of scripting functions. It will
have
> > > to be run on a .Net machine, but will work with a Windows 2000 based
> > > Active Directory. I think it is based on licensed pieces of FAZAM,
but
> > > I do not know for sure.
> > >
> > > Unfortunately since it must run on .Net Server it will not be released
> > > for download until after the release of .Net Server.
> > >
> > > It was demoed in a session at the MS TechEd conference in April and
they
> > > even demonstrated exporting everything from a test domain and then
> > > importing it into a new production domain.
> > >
> > > It doesn't help you now, but you can look forward to better GPO tools
in
> > > the future.
> > >
> > > Brad Judy
> > >
> > > Information Technology Services
> > > University of Colorado at Boulder
> > >
> > > -----Original Message-----
> > > From: Laura A. Robinson [mailto:larobins@bellatlantic.net]
> > > Sent: Monday, July 22, 2002 1:41 PM
> > > To: David Vincent; Focus-Ms (E-mail)
> > > Subject: Re: Exporting GPOs from Active Directory
> > >
> > >
> > > Doh! Read "GPOs" as "OUs"! Sorry folks!
> > >
> > > With that said, secedit does not export Group Policy Objects. It
allows
> > > you to export the security settings from that section of the machine's
> > > policy, but it does not export GPOs.
> > >
> > > There is no officially supported method for exporting GPOs. However,
> > > there are a couple of ways to do it:
> > >
> > > 1. Purchase FAZAM (http://www.fullarmor.com)
> > > 2. Read these links:
> > >
> > > http://www.jsifaq.com/SUBK/tip5300/rh5320.htm
> > > http://www.mike-tech.com/article.php?gif=win2k&article=147
> > >
> > > Laura
> > > ----- Original Message -----
> > > From: "David Vincent" <david.vincent@mightyoaks.com>
> > > To: "'Laura A. Robinson'" <larobins@bellatlantic.net>; "Focus-Ms
> > > (E-mail)" <focus-ms@securityfocus.com>
> > > Sent: Monday, July 22, 2002 1:16 PM
> > > Subject: RE: Exporting GPOs from Active Directory
> > >
> > >
> > > > sorry laura, but i do believe you are confused.
> > > >
> > > > you want to use 'secedit' to export GPOs, LDFIDE exports lists of AD
> > > objects
> > > > in Line Delimited format, it is the partner to CSVIDE which exports
AD
> > >
> > > > contents into Comma Seperated Values.
> > > >
> > > > check the help for more info on 'secedit' or the usual 'c:\secedit
/?'
> > > >
> > > >
> > > >
> > > >
> > > > David Vincent CNA/MCSE
> > > > Network Administrator
> > > >
> > > > www.mightyOaks.com
> > > > david.vincent@mightyoaks.com
> > > >
> > > >
> > > >
> > > >
> > > > -----Original Message-----
> > > > From: Laura A. Robinson [mailto:larobins@bellatlantic.net]
> > > > Sent: July 22, 2002 9:58 AM
> > > > To: hbcsc502@csun.edu; focus-ms@securityfocus.com
> > > > Subject: Re: Exporting GPOs from Active Directory
> > > >
> > > >
> > > > You can use LDIFDE to do this. LDIFDE (LDIF Directory Export, IIRC)
is
> > >
> > > > a command-line utility installed on Windows 2000 server boxes that
> > > > allows
> > > you
> > > > to import/export/modify LDAP directories using text files. The
utility
> > >
> > > > is not installed on Win2K pro boxes even with adminpak, but it
should
> > > > be on
> > > any
> > > > of your server installations.
> > > >
> > > > If you're running it from a DC, you would just open a command prompt
> > > > and type
> > > >
> > > > ldifde -f <name of file to export to>
> > > >
> > > > There'd be other options you would have to type depending on the
> > > credentials
> > > > you want to use to connect and how much you want to export, but the
> > > utility
> > > > is relatively self-explanatory.
> > > >
> > > > Some additional info:
> > > >
> > >
http://www.microsoft.com/windows2000/techinfo/planning/activedirectory/b
> > > ulks
> > > > teps.asp
> > > > http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q263991&
> > > >
> > > > Laura
> > > > ----- Original Message -----
> > > > From: "Phydeaux" <hbcsc502@csun.edu>
> > > > To: <focus-ms@securityfocus.com>
> > > > Sent: Monday, July 22, 2002 1:55 AM
> > > > Subject: Exporting GPOs from Active Directory
> > > >
> > > >
> > > > > Hello all,
> > > > >
> > > > > Does anyone know how to export GPOs in an Active Directory to the
> > > > > .inf files? I am looking for a native utility from Microsoft ore
> > > > > another
> > > free
> > > > > tool. Also on the flip side, how do I import settings into a GPO?
> > > > >
> > > > > Brian
> > > > >
> > > >
> > >
>



Relevant Pages

  • Re: Exporting GPOs from Active Directory
    ... Exporting GPOs from Active Directory ... secedit does not export Group Policy Objects. ...
    (Focus-Microsoft)
  • RE: Exporting GPOs from Active Directory
    ... not currently provide an API that exposes GPOs we were stumped there as ... Exporting GPOs from Active Directory ... secedit does not export Group Policy Objects. ... There is no officially supported method for exporting GPOs. ...
    (Focus-Microsoft)
  • Re: Exporting GPOs from Active Directory
    ... Read "GPOs" as "OUs"! ... to export the security settings from that section of the machine's policy, ... There is no officially supported method for exporting GPOs. ... Exporting GPOs from Active Directory ...
    (Focus-Microsoft)
  • Re: Identical Public & Private Domains - Cannot Resolve Public Domain
    ... however there are compromises to be dealt with. ... If the external IP is set, then GPOs may not apply. ... Microsoft Windows MVP - Active Directory ...
    (microsoft.public.win2000.dns)
  • Re: Sub OU Limitations
    ... Neil Ruston stated, which I commented on below:> There are no hard and fast rules. ... If you set GPO ast all these levels> then logon and startup times will degrade as the client processes> lots of GPOs. ... It's documented in some of the Active Directory ... This is a direct link to the Microsoft Public Newsgroups. ...
    (microsoft.public.windows.server.active_directory)