1
00:00:03,070 --> 00:00:06,850
So now I want to shift gears and talk about GPO importing.

2
00:00:07,810 --> 00:00:13,930
So as I mentioned earlier, GPO importing is a little different from the backup and restore scenario.

3
00:00:14,880 --> 00:00:20,250
GPO importing does use GPM c backups, but it works in a little different way.

4
00:00:21,240 --> 00:00:25,320
So it's good for primarily recovering deleted GPOs.

5
00:00:26,320 --> 00:00:33,760
So if a GPO gets deleted completely, you can create a new GPO and import a backup of the previous GPO

6
00:00:33,760 --> 00:00:34,330
into it.

7
00:00:35,320 --> 00:00:41,860
Or you can import settings from other domains in forests or import GPOs from other domains in forests.

8
00:00:42,860 --> 00:00:49,040
So if you have, for example, a test domain or a test forest and you want to test out your GPOs there

9
00:00:49,040 --> 00:00:51,770
first and then import them into your production forest.

10
00:00:51,980 --> 00:00:54,590
That's the scenario where import comes in handy.

11
00:00:55,530 --> 00:00:59,010
An import can use this feature called Migration Tables.

12
00:00:59,990 --> 00:01:05,150
Migration tables have been around since the beginning of group policy, and they're designed to convert

13
00:01:05,150 --> 00:01:10,550
certain types of data within group policy objects as they're being imported into the new domain.

14
00:01:11,510 --> 00:01:17,780
So the scenario is you have, for example, restricted groups policy that is using groups that are defined

15
00:01:17,780 --> 00:01:18,950
in the source domain.

16
00:01:19,880 --> 00:01:21,710
Maybe it's your test domain.

17
00:01:22,640 --> 00:01:27,380
And you want to convert them to the same or a different named group in the production domain.

18
00:01:27,530 --> 00:01:29,960
And that's the purpose of migration tables.

19
00:01:30,970 --> 00:01:33,160
So they can convert usernames.

20
00:01:34,180 --> 00:01:36,220
They can convert computer names.

21
00:01:37,200 --> 00:01:39,150
They can convert domain groups.

22
00:01:40,130 --> 00:01:45,110
So domain local, global and universal groups and USC paths.

23
00:01:46,060 --> 00:01:47,410
And see paths.

24
00:01:47,590 --> 00:01:53,590
Typically where you'll find those is in folder redirection policy or in software installation policy.

25
00:01:54,540 --> 00:01:59,700
Where you've got a reference to in the case of folder redirection, a path where you want to redirect

26
00:01:59,700 --> 00:02:04,730
your folders or in the case of software installation, the path to the MSI file.

27
00:02:05,690 --> 00:02:12,020
So in both those cases, you can redirect those unsee paths or remap them as you're importing the backed

28
00:02:12,020 --> 00:02:12,980
up GPO.

29
00:02:13,850 --> 00:02:17,450
And the final use case here is what are called free text or SSIDs.

30
00:02:17,660 --> 00:02:22,250
And this is where you might have entered, let's say in restricted groups or user rights assignment

31
00:02:22,250 --> 00:02:23,000
policy.

32
00:02:23,000 --> 00:02:28,430
You might have entered in by hand the name of a group or a user, and it doesn't get resolved to say

33
00:02:28,430 --> 00:02:29,330
ID per say.

34
00:02:30,240 --> 00:02:35,730
And it's entered into the group policy settings field as just the name and the textual representation

35
00:02:35,730 --> 00:02:37,200
of the name or the side.

36
00:02:38,490 --> 00:02:44,010
And in that case, you can also convert those values as they're imported into the new domain.

37
00:02:44,960 --> 00:02:48,680
Now migration tables only support policy settings.

38
00:02:49,660 --> 00:02:56,020
There's no support for any of this kind of remapping of principles and U.N. sees in group policy preferences.

39
00:02:57,020 --> 00:03:02,150
So if you're trying to move group policy preferences from one domain to the other, it's completely

40
00:03:02,150 --> 00:03:03,800
useless for that, unfortunately.

41
00:03:03,800 --> 00:03:07,730
And Microsoft doesn't really have a good solution there for that scenario.

42
00:03:08,680 --> 00:03:11,830
So this is kind of what a migration table looks like.

43
00:03:11,980 --> 00:03:14,350
And as you'll see in here, you have a source name.

44
00:03:15,290 --> 00:03:21,050
In this case, there's a source of marketing users at Candle Ecom and it's a domain global group and

45
00:03:21,050 --> 00:03:24,110
it's being mapped by a relative name into the destination.

46
00:03:25,040 --> 00:03:30,890
And what that means is we're assuming that there's a marketing users in the destination domain and we're

47
00:03:30,890 --> 00:03:35,660
going to remap it to marketing users at Steam Lab dot test or something like that.

48
00:03:36,650 --> 00:03:42,020
So that basically lets you control how the name gets mapped as it goes into the destination domain.

49
00:03:43,000 --> 00:03:45,910
So let's dig in and take a look at how this works.

50
00:03:46,910 --> 00:03:51,230
I'm going to go ahead and do a migration so you can see what this looks like.