| Author | Messages | |
ramstryke
Posts:20
 | | 04/15/2008 6:05 PM |
| Kind experts, I have conundrum I need help with..
We have two forests, one is Win2K3 and one is Win2K.
There is an external two way trust setup between the
two. The computer object is in the Win2K forest, and
the user object is in the Win2K3 forest. The computer
is WinXP.
The users have a GPO defined in Win2K3 forest. The
computers have a GPO defined in the Win2K forest.
How do I get the users to get their respective GPOs to
apply? Can it be done with the different version of
Windows forests? I have been looking at the "Allow
Cross-Forest User Policy.." GPO but am confused if it
will work with the Win2K forest or even where to apply
this policy if was compatible.
Ideally I would like if the users got their user GPOs
from 2K3 and the computers get their computer GPOs
from 2K.
Thanks in advance.
-Rand.
____________________________________________________________________________________
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
| | | |
| darren
Posts:154
| | 04/16/2008 9:42 AM |
| Rand-
I'm confused. The way you've described this below, it doesn't sound like you
*need* cross-forest GPOs. It sounds like you are just doing the normal stuff
where GPOs in Win2K apply to computers and GPOs in W2K3 apply to users? I
guess I'm missing what you're asking.
Darren
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of RMS
Sent: Tuesday, April 15, 2008 2:59 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] 2 Forests and their GPOs
Kind experts, I have conundrum I need help with..
We have two forests, one is Win2K3 and one is Win2K.
There is an external two way trust setup between the
two. The computer object is in the Win2K forest, and
the user object is in the Win2K3 forest. The computer
is WinXP.
The users have a GPO defined in Win2K3 forest. The
computers have a GPO defined in the Win2K forest.
How do I get the users to get their respective GPOs to
apply? Can it be done with the different version of
Windows forests? I have been looking at the "Allow
Cross-Forest User Policy.." GPO but am confused if it
will work with the Win2K forest or even where to apply
this policy if was compatible.
Ideally I would like if the users got their user GPOs
from 2K3 and the computers get their computer GPOs
from 2K.
Thanks in advance.
-Rand.
____________________________________________________________________________
________
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. Try it now.
http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
| | | |
| ramstryke
Posts:20
| | 04/16/2008 10:02 AM |
| Hmm, yes I am confused too.  The two areas of our
policies, users and computers, are split between two
forests. Our users reside in the 2003 forest and
their computers reside in the 2000 forest. I have
user and computer policies in the 2003 forest as well
as user and computer policies in the 2000 forest. The
group policies for our users (from the 2003 forest)
are not being applied. However, the user policies
from the 2000 forest are. I am guessing because the
computers they are using are from the 2000 forest,
those GPOs process.
Is this by design? How do I configure it such that
the users can get the correct GPO from their home
forest (2003). What I want is for the user GPOs from
the 2003 forest to apply even though the machines they
are using come from (joined) the 2000 forest.
Sorry if I made the scenario even more unclear..
--- Darren Mar-Elia <darren@sdmsoftware.com> wrote:
> Rand-
> I'm confused. The way you've described this below,
> it doesn't sound like you
> *need* cross-forest GPOs. It sounds like you are
> just doing the normal stuff
> where GPOs in Win2K apply to computers and GPOs in
> W2K3 apply to users? I
> guess I'm missing what you're asking.
>
> Darren
>
> -----Original Message-----
> From: ActiveDir-owner@mail.activedir.org
> [mailto:ActiveDir-owner@mail.activedir.org] On
> Behalf Of RMS
> Sent: Tuesday, April 15, 2008 2:59 PM
> To: ActiveDir@mail.activedir.org
> Subject: [ActiveDir] 2 Forests and their GPOs
>
> Kind experts, I have conundrum I need help with..
>
> We have two forests, one is Win2K3 and one is Win2K.
>
> There is an external two way trust setup between the
> two. The computer object is in the Win2K forest,
> and
> the user object is in the Win2K3 forest. The
> computer
> is WinXP.
>
> The users have a GPO defined in Win2K3 forest. The
> computers have a GPO defined in the Win2K forest.
>
> How do I get the users to get their respective GPOs
> to
> apply? Can it be done with the different version of
> Windows forests? I have been looking at the "Allow
> Cross-Forest User Policy.." GPO but am confused if
> it
> will work with the Win2K forest or even where to
> apply
> this policy if was compatible.
>
> Ideally I would like if the users got their user
> GPOs
> from 2K3 and the computers get their computer GPOs
> from 2K.
>
> Thanks in advance.
>
> -Rand.
>
>
>
>
>
>
____________________________________________________________________________
> ________
> Be a better friend, newshound, and
> know-it-all with Yahoo! Mobile. Try it now.
>
http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive:
> http://www.activedir.org/ma/default.aspx
>
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive:
> http://www.activedir.org/ma/default.aspx
>
____________________________________________________________________________________
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
| | | |
|
|