Forests in Group Policy Management Console

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Forests in Group Policy Management Console

Group Policy Management Console (GPMC) supports management of multiple forests from within the console, when there is trust between the target forest and the forest of your user object.

Notes

  • GPOs cannot be linked outside a forest.

  • GPMC also supports operations such as backup and import, to allow migrating GPOs between untrusted domains in separate forests.

Adding and removing forests

When you first open Group Policy Management, it displays only the forest containing the domain of your user account (you, the GPMC user). You can add additional existing forests, as long as there is trust between the forest of your user account and the other forest. Forest trust is a new feature of Windows Server 2003. You can also add externally trusted domains even if there is no forest trust, provided there is an explicit external trust.

You can enable support for adding forests and domains with one way trusts, by turning off the trust detection feature of GPMC, using the Options dialog box on the View menu. By default, GPMC requires two-way trust to the target forest, either via a two-way external trust between domains, or a two way forest trust between the forests.

It is not possible to add a forest to which you have no trust.

In GPMC, each forest shows the following child nodes: Domains, Sites, and Group Policy Results. Forests with the Windows Server 2003 schema will also show Group Policy Modeling.

  • Adding forests

  • Removing forests

Adding forests

Add forests one at a time, by right-clicking the Group Policy Management root node and clicking Add Forest. You specify either the NetBIOS name or the DNS name of a domain in the forest.

When adding a forest, the forest displayed in Group Policy Management is named after the forest root domain for that forest and includes a single domain, which is the domain that you specified in the Add forest dialog box. To show other domains, you can add them by right-clicking the Domains node and clicking Show Domains.

For step-by-step instructions to add a forest, see Add a forest, site, or domain to the Group Policy Management Console.

Removing forests

You remove forests from GPMC one at a time by right-clicking each forest node and clicking Remove.

See Also

Concepts

Domains in Group Policy Management Console
Add a forest, site, or domain to the Group Policy Management Console