How do I configure the server piece of Group Policy Administrator to work in a non-trusted domain configuration?
Can NetIQ Group Policy Administrator export GPOs to a non-trusted domain?
How do I configure the server component of NetIQ Group Policy Administrator to export GPOs to an untrusted domain?
NetIQ Group Policy Administrator 4.x
NetIQ Group Policy Administrator 5.0
Beginning in NetIQ Group Policy Administrator 5.0 you can now export GPOs to untrusted domains using the new GPA server component. This process is detailed further in chapter 1 of the Group Policy Administrator User Guide. The Group Policy Administrator User Guide can be downloaded from the following location: https://www.netiq.com/support/gpa/extended/documentation.asp
A typical GPA untrusted test environment configuration includes the GP Repository, a GPA Server, and at least one GPA Console installed in the untrusted test environment. Install another GPA Console in the production environment. Use the GPA Console in the production environment to import GPOs into the GPA Repository. Use the GPA Console in the untrusted test environment to check in, check out, and edit GPOs in the test environment. Use the GPA Server to export GPOs from the GP Repository to the untrusted production environment. This is the most reliable and secure way to perform a GPO export into an untrusted environment. You can export GPOs from the GP Repository using a GPA Console in either the production or test environment.
To configure the GPA server component to export to a non-trusted domain, perform the following steps:
- Launch the GPA console and navigate to the GP Repository | Repository Server | YourDomain node.
- Highlight the untrusted domain and select Action from the menu and then click Properties.
- Click the Export Override Account tab and place a check mark in the box labeled Use export override.
- Type the name of a user account that has permissions to export a GPO in the non-trusted domain in the User field.
- Type the password of the user account in the Password field.
- Type the same password again in the Confirm Password field.
- Click OK to close the properties sheet.
- In an untrusted test environment configuration, you must use a GPA Console in the production environment to import GPOs into the GP Repository. The GPA Console cannot import required information about GPOs, such as any links to Active Directory Objects or security filters, from a GPO in an untrusted environment.
- In an untrusted test environment configuration, you must use a GPA Console in the untrusted test environment where you installed the GP Repository to check out and edit GPOs. The GPA Console uses the native Microsoft tool GPEdit to edit GPOs, and GPEdit cannot edit GPOs from untrusted domains.