Site Views in the GPMC
By default, no sites
are present in the GPMC. The most obvious reason for this might be that
there are no GPOs linked to any sites by default. This is because there
are only two default GPOs, which are linked to the domain node and the
Domain Controllers Organizational Unit (OU).
The
GPMC does not show sites by default because it is a best practice to
limit the number of GPOs that administrators link to sites. Because
sites are IP based, linking GPOs to sites is not the most logical or
straightforward method for deploying GPO settings.
However, if you do want to add sites to the GPMC, you can do so by following these steps:
1. | In the GPMC, expand the forest node in which you want to add a domain.
|
2. | Right-click the Sites node, and then click Show Sites.
|
3. | In the Show Sites dialog box, select the check box next to each site that you want to add to the GPMC.
|
GPMC Management Limitations
Unlike with many other
interfaces for managing Active Directory directory service objects,
files and folders, and other similar objects, the GPMC does not
automatically create objects in the environment simply by adding them to
the GPMC. Because of this behavior, many of the following limitations
are characteristics of the GPMC, even though other Active Directory
management tools provide the features:
Adding a domain to the GPMC will not create the domain in Active Directory.
Adding a forest to the GPMC will not create a new forest or domain in Active Directory.
Adding a site to the GPMC will not create a new site in Active Directory.
Because forests do not have names in Active Directory, a forest added to the GPMC will be named after the forest root domain.
When you add a forest to the GPMC, only one domain is added at a time. Additional domains must be added separately.
Sites are not added by default in the GPMC. They must be added explicitly.
Group Policy is not inherited across domains or forests, even if multiple domains and forests are added to the same GPMC.
Selecting Domain Controllers for Administration of GPOs
Within the GPMC, you have complete control over which domain controller you use for management of GPOs. The domain controller that contains the
PDC (primary domain controller) emulator role is the default domain
controller for updating GPOs. Within the GPMC you can select the domain
controller for both the domain and the site for managing GPOs.
To select the domain controller you want to use for managing GPOs related to the domain, follow these steps:
1. | In the GPMC, expand the forest node in which you want to add a domain.
|
2. | Right-click the <domainname> node, and then click Change Domain Controller.
|
3. | In the Change Domain Controller dialog box, select the option associated with the domain controller that you want to use.
|
The Change Domain Controller dialog box provides many options, as shown in Figure 2.
Each of these options offers benefits:
The domain controller with the Operations Master token for the PDC emulator
This is the default option. In most cases with small to medium-sized
companies, it is best to keep the default domain controller
configuration, to simplify troubleshooting of Group Policy.
Any available domain controller When
the domain controller with the PDC emulator role is not available, or
the specific domain controller that you picked is not available, this
option selects a domain controller that is online. By far, this is the
most generic of the four settings, ensuring that you can connect to any
domain controller that is online.
Any available domain controller running Windows Server 2003 or later
Group Policy tools are aware that different operating system versions
provide additional features in the GPMC. This option is available to
help the Group Policy tools that are aware that different operating
system versions provide additional features. In some cases, schema
extensions or files may be in a different location, so the version of
the operating system is important. For example, with Windows Vista and
Windows Server 2008, the GPMC looks for the ADMX files located in the
PolicyDefinition folder. Pointing the tool to a domain controller with
the correct information is important in such a scenario.
This domain controller
When you want to optimize the placement of a setting on a domain
controller that is close to a target computer that will receive a GPO
setting, this option is ideal. This is the most precise of all of the
options, allowing you to target the modification of a GPO setting to a
specific domain controller.
Note
You
can also select the domain controller that you want to use for modeling
of GPOs. |
