Importing Production GPOs into the Staging Domain

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

The script CreateEnvironmentFromXML.wsf has a number of different options that you can use to qualify the creation of GPOs in your staging environment. In the simplest form, just supply an XML format file created from the production domain to the script and optionally direct the operation of the script to a DC in your staging domain. The script creates GPOs and related objects in the staging domain that correspond to the data that was captured from the production domain. If you need to modify this process, the script provides a number of command-line options:

  • Undo. This option removes all objects (GPOs, GPO permissions, OUs, WMI filters, users and groups) specified by the XML format file from the staging environment. This option is useful if you need to reverse changes you made to your staging domain.

  • ExcludeSettings. This option creates GPOs in the destination domain, but with no settings. Use it when you do not actually want to import the settings in any Group Policy objects, but rather just want to create any OUs, users, and user groups that might have been captured.

  • ExcludePermissions. This option causes the script to ignore any policy-related permissions contained in the XML format file. Instead, when the new GPOs and other objects are created in the staging environment, they are created with the default permissions.

  • MigrationTable. This option lets you specify a .migtable file that you create using the MTE to specify mapping of security principals and UNC paths in your production environment GPO settings to the appropriate security principals and UNC paths in the staging environment.

  • ImportDefaultGPOs. This option imports settings into the default domain policy and the default domain controllers policy if settings for these GPOs are specified in the XML file. If this option is not specified, these GPOs will not be modified.

  • CreateUsersEnabled. This option creates user accounts as enabled instead of disabled.

  • PasswordForUsers. This option allows you to specify the password to use for any users that do not have passwords specified in the XML file. The same password will be used for all users that do not already have passwords specified in the XML file.

  • Q. The Q option runs the script in quiet mode, provided that all necessary parameters have been supplied on the command line. Without this option, you are warned that this script should only be used for creating staging environments, and if necessary, you will be prompted to supply a password for any users that do not have passwords defined in the XML file.