How to apply Windows 2008 gpo when you have 2003 DC’s only

Posted on February 2nd, 2009 in Active Directory, GPO, Microsoft, Server 2003, Server 2008, Vista by Gil Kreslavsky

Recently I installed 2 2008 terminal servers , and when I started configuring them I realized that I can’t use lot of new features that are available only via 2008 Group Policy . The network was 2003 , and adding or upgrading current DC to 2008 domain controller rises project costs ( 2008 CAL’s for entire domain ) I had to look for other solution .

Since windows 2008 GPO templates changed their format from ADM to ADMX I couldn’t import windows 2008 templates to windows 2003 DC.

So here how you solve this.

You must use Vista +sp1 Desktop

First , you need to extend your schema to 2008
The first schema updates need to be applied to the Active Directory Forest. In order to apply them you need to run the adprep application from the domain controller that holds the schema role master. To run the forest schema updates use the following command: adprep /forestprep


forest-prep
Once the forest updates have been updates, the next step is to run the adprep for each domain in the forest. This should be run on the domain controller that holds the Infrastructure operations master role. The command to run is: adprep /domainprep

domain-prep

After you finish with with schema expansion

Go to your Vista desktop.
Download RSAT tool for vista x64 and for vista x86 and install it

After instalation is completed.

  • Go to Control Panel click on Program & Features
  • Locate and click on Turn Windows features on or off
  • Install relevant Feature Administration and Role Administration tools (For group policy install Group Policy Management Tools)

vista_remote_server_admin_tools


Now you can use all Windows 2008 and Vista  GPO goodies on your windows 2003 domain .

Related Articles

5 Responses to 'How to apply Windows 2008 gpo when you have 2003 DC’s only'

Subscribe to comments with RSS or TrackBack to 'How to apply Windows 2008 gpo when you have 2003 DC’s only'.

  1. daffoml said,

    on February 2nd, 2009 at 4:43 pm

    Where do you get the schema extensions required to run adprep in step 1? I’m trying to do this, but do not have 2008 yet.

  2. Gil Kreslavsky said,

    on February 2nd, 2009 at 5:13 pm

    daffoml

    Sysprep and Domainprep utilities are located on windows 2008 CD just browse to the \sources\adprep directory
    You can download trial here http://www.microsoft.com/windowsserver2008/en/us/trial-software.aspx

  3. Dirk said,

    on February 17th, 2009 at 2:23 pm

    hello,

    if i run this, does my policy still work on windows server 2003 and windows xp computers??

    Thnks in advance

  4. Gil Kreslavsky said,

    on February 17th, 2009 at 3:07 pm

    Yes
    Old polices still work

  5. links for 2010-01-28 | Savage Nomads said,

    on January 28th, 2010 at 11:06 am

    [...] How to apply Windows 2008 gpo when you have 2003 DC’s only (tags: gpo windows kwp sn) [...]

Post a comment

CommentLuv Enabled



« « Previous post: Exchange 2003 Interview questions and answers – part 2
Next post: Prepare Your Windows Domain for DST 2009 » »


Search Kreslavsky.com
Custom Search