I was asked to help out in a problem, there is a domain still operating at a 2003 functional level, there are 2008 R2 member servers in this domain and we need to know if there is anything we have to do to plan or anticipate when trying to apply the GPO settings to the 2008 R2 member servers.
- Will I need a 2008 R2 server with GPMC in order to deploy the GPO settings or can we deploy them with the GP tools in 2003 server?
- are there any gotchas we need to know about.
Appreciate the feedback.
Our situation is that we have member servers we need to apply security settings for not Domain controllers, we have no intention of standing up 2008 DC's, we only need to know what's required or involved to successfully patch those 2008 R2 servers in a 2003 domain. Someone from another team mentioned the following: Requirements: ADPREP /forestprep, then ADPREP /domainprep /gpprep, this updates the GUIDs for the GPOs in order to enable the increased security requirements. There is no need to deploy a 2008 R2 or 2012 R2 Domain Controller, only a member server is needed to update the forest GUIDs, and when running the ADPREP /domainprep /gpprep is ran it will update both the domain GUIDs, and GPO GUIDs, without affecting the functionality of the forest or domain functional level.
My question is, are these steps required, we have no plans of using ADMX, we just have a GPO to apply server policies and that's it. I did search extensively and did not find any solution to this question. Thanks.
