Tag Archives: Server 2016

Identity with Windows Server 2016 (Exam 70-742)


My latest course at CBT Nuggets is complete:

Identity with Windows Server 2016 (Exam 70-742) – MCSA: Windows Server 2016 Microsoft Certified Solutions Associate

This course consists of the following action-packed Nuggets (NOTE: 41 of these Nuggets feature Hands On Labs to allow you to follow along, step-by-step!)

1. Course Introduction – 8 min
2. Active Directory Overview and Install – 19 min
3. Read-Only Domain Controllers and Removing DCs – 16 min
4. Install from Media and Domain Controller Upgrades – 13 min
5. Flexible Single Master Operator Roles – 15 min
6. Configure Domain Controller Cloning – 15 min
7. Troubleshooting Active Directory Installations – 8 min
8. Create, Copy, Configure, and Delete Users and Computers – 14 min
9. Automate the Creation of Active Directory Accounts – 19 min remaining
10. More Automation and Account Management – 11 min
11. Perform Bulk Active Directory Operations – 9 min
12. Configure User Rights – 5 min
13. Implement Offline Domain Join – 12 min
14. Create, Copy, Configure, and Delete Groups and OUs – 14 min
15. Automate Groups and OUs with PowerShell – 7 min
16. Manage Group Membership Using Group Policy – 4 min
17. Group Types and Group Nesting – 22 min
18. Configure Service Accounts – 11 min
19. Group Managed Service Accounts (gMSAs) – 10 min
20. Configure Kerberos Constrained Delegation (KCD) – 4 min
21. Manage Service Principal Names (SPNs) – 8 min
22. Configure Account Policies – 12 min
23. Offline AD and Defragmentation – 7 min
24. Clean Up Metadata – 7 min
25. Backup and Restore of Active Directory – 17 min
26. Replication of Active Directory – 10 min
27. Replication and PRP for RODC – 7 min
28. Multi-Domain and Multi-Forest Active Directory – 9 min
29. Configure Domain and Forest Settings – 6 min
30. Trusts – 10 min
31. Configure Sites and Subnets – 9 min
32. Create and Manage Group Policy Objects (GPOs) – 17 min
33. Configure Group Policy Processing – 13 min
34. Configure Group Policy Settings – 15 min
35. Configure Group Policy Preferences – 5 min
36. Install a Certificate Authority – 9 min
37. Installing a Subordinate CA – 23 min
38. CA Management – 10 min
39. Manage Certificates – 11 min
40. Install and Configure Active Directory Federation Services – 13 min
41. Implement Web Application Proxy (WAP) – 8 min
42. Install and Configure Active Directory Rights Management Services – 7 min

Create and Manage Group Policy Objects (GPOs) Part 2 of 2

Group Policy

In this second post of two of basic Group Policy management, we discuss further topics involving these critical Windows management components.

Backup, Restore, Import and Copy Group Policy Objects (GPOs)

You can perform all backup and restore operations using the Group Policy Management console, or with Windows PowerShell cmdlets.

To backup all GPOs in your domain, open the Group Policy Management console and navigate to the Group Policy Objects node. Right-click the Group Policy Objects node, and then click Back Up All. You can also backup a specific object. To backup a specific GPO, in the Group Policy Objects node, click and then right-click the specific GPO you want to back up, and then click Back Up.

To restore a GPO, right-click the appropriate GPO in the Group Policy Objects node, and then click Restore from Backup.

You can also manage your backups from the Group Policy Management console. You can use the Manage Backups option to view the settings in a backup, to delete a backup, and to restore a backup. To access the Manage Backups tool, in the Group Policy Management console right-click the Group Policy Objects node, and then click Manage Backups. In the Manage Backups dialog box select the backup you want to manage, and then click Restore, Delete, or View Settings, as required.

Although you can link the same GPO to multiple containers, including domains, it is not always best to do this. Usually, it is better to import a GPO from another domain. The import process requires that you effectively restore the settings of another GPO into a newly created, empty GPO.

The process therefore starts with you creating a backup of the source GPO. To import the settings, in the Group Policy Management console on the target domain, create a new GPO in the Group Policy Objects node Right-click the new GPO, and then click Import Settings.

You can duplicate the settings in one GPO for reuse in another. An easy way to do this is to copy a GPO. In the Group Policy Management console, in the Group Policy Objects node, right-click the source GPO, and then click Copy. You can right click the Group Policy Objects node and choose Paste in order to duplicate the settings.

Create and Configure a Migration Table

There is a Migration Table Editor available inside the Group Policy Management tool that permits you to edit UNC and security principle references that might not apply to the domain where you are importing your Group Policy Object settings into. Simply reference this saved table of entries when you are following the Import Settings Wizard.

Reset Default GPOs

There is a simple tool called dcgpofix that you can use at the command prompt to reset the default GPOs back to their default settings. Remember, there is a Default Domain GPO and a Default Domain Controllers GPO. The tool features switches so that you can pic one or the other GPO to reset instead of resetting both.

Delegate Group Policy Management

Remember that you can delegate control over GPO tasks. This is done with the Delegation tab in the Group Policy Management tool, or you can delegate GPO tasks using the Active Directory Users and Computers tool.

Detect Health Issues

You can detect problems with your GPO infrastructure using the Group Policy Management console as well. This is done using the GPO Infrastructure Status page. To view the status, use the following procedure:

1. Select the domain object, and then click the Status tab.

2. To view the current status, click Detect Now.

3. Review the information in the details pane.