Recipe 9.7 Importing Settings into a GPO | Active Directory Cookbook, 3rd Edition

9.7.1 Problem

You want to import settings from one GPO to another.

9.7.2 Solution

9.7.2.1 Using a graphical user interface

Open the GPMC snap-in.
In the left pane, expand the Forest container, expand the Domains container, browse to the domain of the target GPO, and expand the Group Policy Objects container.
Right-click on the target GPO and select Import Settings.
Click Next.
Click the Backup button if you want take a backup of the GPO you are importing into.
Click Next.
Select the backup folder location and click Next.
Select the backup instance you want to import from and click Next.
It then will scan to see if there are any security principals or UNC paths in the GPO being imported from. If there are, it will give you an option to modify those settings.
Click Next.
Click Finish.

9.7.2.2 Using a command-line interface

> importgpo.wsf "<GPOBackupLocation>" "<OrigGPOName>" "<NewGPOName>"

9.7.2.3 Using VBScript

' This code imports the settings from a GPO that has been backed up into ' an existing GPO. ' ------ SCRIPT CONFIGURATION ------ strGPOImportTo    = "<GPOName>"        ' e.g. Sales GPO strDomain         = "<DomainDNSName>"  ' e.g. rallencorp.com strBackupLocation = "<BackupLocation>" ' e.g. c:\GPMC Backups ' GUID representing specific backup ' e.g.{3E53B39B-C29B-44FF-857B-8A84528804FF} strBackupID       = "<BackupGUID>"  ' ------ END CONFIGURATION --------- set objGPM = CreateObject("GPMgmt.GPM") set objGPMConstants = objGPM.GetConstants( )    ' Initialize the Domain object set objGPMDomain = objGPM.GetDomain(strDomain, "", objGPMConstants.UseAnyDC) ' Locate GPO backup set objGPMBackupDir = objGPM.GetBackupDir(strBackupLocation) set objGPMBackup = objGPMBackupDir.GetBackup(strBackupID) WScript.Echo "Backup found:" WScript.Echo "  ID: " & objGPMBackup.ID WScript.Echo "  Timestamp: " & objGPMBackup.TimeStamp WScript.Echo "  GPO ID: " & objGPMBackup.GPOID WScript.Echo "  GPO Name: " & objGPMBackup.GPODisplayName WScript.Echo "  Comment: " & objGPMBackup.Comment WScript.Echo  ' Find GPO to import into set objGPMSearchCriteria = objGPM.CreateSearchCriteria objGPMSearchCriteria.Add objGPMConstants.SearchPropertyGPODisplayName, _                          objGPMConstants.SearchOpEquals, cstr(strGPOImportTo) set objGPOList = objGPMDomain.SearchGPOs(objGPMSearchCriteria) if objGPOList.Count = 0 then    WScript.Echo "Did not find GPO: " & strGPO    WScript.Echo "Exiting."    WScript.Quit elseif objGPOList.Count > 1 then    WScript.Echo "Found more than one matching GPO. Count: " & _                 objGPOList.Count    WScript.Echo "Exiting."    WScript.Quit else    WScript.Echo "Found GPO: " & objGPOList.Item(1).DisplayName end if ' Perform the import set objGPMResult = objGPOList.Item(1).Import(0,objGPMBackup) ' This will throw an exception if there were any errors ' during the actual operation. on error resume next objGPMResult.OverallStatus( ) if objGPMResult.Status.Count > 0 then    WScript.Echo "Status message(s): " & objGPMResult.Status.Count    for i = 1 to objGPMResult.Status.Count       WScript.Echo objGPMResult.Status.Item(i).Message    next    WScript.Echo vbCrLf end if ' Print results if Err.Number <> 0 then    WScript.Echo "Error importing GPO " & objGPMBackup.GPODisplayName    WScript.Echo "Error: " & Err.Description else     WScript.Echo "Import successful."    WScript.Echo "GPO '" & objGPMBackup.GPODisplayName & _                 "' has been imported into GPO '" & _                 objGPOList.Item(1).DisplayName & "'" end if

9.7.3 Discussion

The GPMC import function uses a back up of the source GPO to create the new "imported" GPO. This means you must first back up the source GPO using GPMC. You can then import the settings from that GPO into a new GPO, which may be in the same domain or a completely different forest. Importing a GPO is a great way to help facilitate transferring GPO settings from a test environment to production.

Some properties of GPOs, such as security group filters or UNC paths, may vary slightly from domain to domain. In this case, you can use a GPMC migration table to help facilitate the transfer of those kinds of references to the target domain. For more information on migration tables, see the GPMC help file.

9.7.3.1 Using VBScript

To import the settings of a backup, I have to first instantiate a GPMBackup object of the source backup by specifying the backup ID (a GUID) with the GPMBackupDir.GetBackup method. If you need to programmatically search for the backup ID, you can use the GPMBackup.SearchBackups method to find the most recent backup or a backup with a particular display name.

Next, I instantiate a GPMGPO object of the GPO I'm importing into. To do this, I use a GPMSearchCriteria object to find the GPO that is equal to the display name of the GPO specified in the configuration section. I use an if elseif else conditional statement to ensure that only one GPO is returned. If zero or more than one are returned, I abort the script. If only one was returned, I use the GPMGPO.Import method to import the settings. The first parameter to the Import method is a flag that determines how security principals and UNC path mapping is done. I use 0, which is the default to not copy security settings. You can also use a migration table to do mappings if necessary. The second parameter is the GPMBackup object I instantiated earlier. The rest of the script performs some error handling and prints the results.

9.7.4 See Also

Recipe 9.3 for copying a GPO, Recipe 9.17 for backing up a GPO, and MSDN: GPMGPO.Import