What should you do?

Your network contains a production Active Directory forest named contoso.com and a test Active Directory forest named contoso.test. A trust relationship does not exist between the forests. In the contoso.test domain, you create a backup of a Group Policy object (GPO) named GPO1. You transfer the backup of GPO1 to a domain controller in the contoso.com domain. You need to create a GPO in contoso.com based on the settings of GPO1.You must achieve this goal by using the minimum amount of Administrative effort.

What should you do?

A. From Windows PowerShell, run the Get- GPO cmdlet and the Copy- GPO cmdlet.

B. From Windows PowerShell, run the New- GPO cmdlet and the Import- GPO cmdlet.

C. From Group Policy Management, create a new starter GPO. Right-click the new starter GPO, and then click Restore from Backup.

D. From Group Policy Management, right-click the Croup Policy Objects container, and then click Manage Backups.

Answer: B

Explanation:

A. Copy-GPO requires domain trust / copy from one domain to another domain within the same forest.

B. The Import-GPO cmdlet imports the settings from a GPO backup into a specified target GPO. The target GPO can be in a different domain or forest than that from which the backup was made and it does not have to exist prior to the operation.

C. This would create a starter GPO, not a GPO.

D: You can also restore GPOs. This operation takes a backed-up GPO and restores it to the same domain from rom the GPO’s original which it was backed up. You cannot restore a GPO from backup into a domain different f domain.

The New-GPO cmdlet creates a new GPO with a specified name. By default, the newly created GPO is not linked to a site, domain, or organizational unit (OU). The Import-GPO cmdlet imports the settings from a GPO backup into a specified target GPO. The target GPO can be in a different domain or forest than that from which the backup was made and it does not have to exist prior to the operation.

The Restore-GPO cmdlet restores a GPO backup to the original domain from which it was saved. If the original domain is not available, or if the GPO no longer exists in the domain, the cmdlet fails.

Since the GPO’s original domain is different and there is no trust relationship between forests, you should execute the New-GPO command and import the already existing command into the ‘new’ domain.

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments