Resolution
How do I run the Offline Mirror for a non-trusted domain?
fact
NetIQ Group Policy Administrator 4.5
fact
NetIQ Group Policy Administrator 4.6
fact
NetIQ Group Policy Administrator 5.0
fix
In NetIQ Group Policy Administrator 5.0 the offlinemirror script now accepts optional SQL credentials so editing the offlinemirror.vbs file is no longer needed. The new parameters for the offlinemirror script are detailed in Chapter 3 of the Group Policy Administrator User Guide. The Group Policy Administrator User Guide can be downloaded from the following location: https://www.netiq.com/support/gpa/extended/documentation.asp
To import GPOs from a non-trusted domain into the GP Repository using the Offline Mirror script:
- Log on to a GPA Console computer with an account that has domain administrator privileges.
- Open a command prompt window.
- Navigate to the \Tools folder under the product installation path. If you used the default installation path, navigate to C:\Program Files\NetIQ\Group Policy Administrator\Tools.
- Start the RunOfflineMirror script, supplying the following command line parameters:
Variable name Replace With Domain_DNS_Name DNS name of the evaluation domain, such as domainname.local. Repository_Server Name of the Microsoft SQL Server where the GP Repository is installed. The default value . (period), indicates the local Microsoft SQL Server. SQLUserName SQL login name (optional). SQLUserPassword Password for SQL login (optional).
Your command may be similar to the following example:
Runofflinemirror MyDomain.dev MySQLServer SQLUserName SQLUserPassword - The script displays a status report in the command window as it runs, similar to the following example. The import process may take some time for domains with a large number of OUs and GPOs.
NetIQ GPA Offline Mirror
(c) 2004 NetIQ Corporation.
Starting the AD mapping operation.
*********************************
Processing DC=GPATestDomain
Linking GPO: {AB94D4DF-2D3E-44A2-8505-A073AF431D3D}
GPO is not in the Repository. Importing it to DC=GPATestDomain
Linking GPO: {D3435C39-3854-4C81-A0C1-B393A0850294}
GPO is not in the Repository. Importing it to DC=GPATestDomain
Linking GPO: {31B2F340-016D-11D2-945F-00C04FB984F9}
GPO is not in the Repository. Importing it to DC=GPATestDomain
*********************************
Processing OU=Domain Controllers
Linking GPO: {6AC1786C-016F-11D2-945F-00C04fB984F9}
GPO is not in the Repository. Importing it to OU=Domain
Controllers
*********************************
Processing OU=Test01
No GPOs associated with this OU.
*********************************
Processing OU=Test02
No GPOs associated with this OU.
**************************
Done processing the OUs.
fix
In NetIQ Group Policy Administrator 4.5 and NetIQ Group Policy Administrator 4.6 the Offline Mirror does not allow the ability to specify SQL credentials.
As a workaround, you can edit the offlinemirror.vbs file and manually enter the SQL connection string using the steps below:
- Go to the C:\Program Files\netiq\group policy administator 4.5\bin directory.
- Make a backup copy of offlinemirror.vbs.
- Open offlinemirror.vbs and edit the connection string below:
Find:
oGPRroot.ConnectTo("PROVIDER = SQLOLEDB.1;Integrated Security=SSPI;Initial 'Catalog=GPO_REPOSITORY;Data Source=" & sServer & ";Use Procedure for Prepare=1;Auto Translate=True;Packet Size=4096;Use Encryption for Data=False;Tag with column collation 'when possible=False")
and replace with:
GPRroot.ConnectTo("Provider=SQLOLEDB.1;Password=Password_of_SQL_account;User ID=Remote_User_name;Initial Catalog=GPO_REPOSITORY;Data Source=Repository_Server_machine;Use Procedure for Prepare=1;Auto Translate=True;Packet Size=4096;Workstation ID=Console_Machine_Name;Use Encryption for Data=False;Tag with column collation when possible=False")
- Select File | Save to save the changes to offlinemirror.vbs.
- Run the command line below from the C:\Program Files\netiq\group policy adminstrator 4.5\bin directory:
runofflinemirror FQDN_of_domain Repository_machine_name