1

All my DCs are Win2008R2, the forest functional level and domain functional level are all on 2008R2. So now we have more and more Win2012R2 servers joining our domain. I am having hard time to control those Win2012R2 servers from GPOs that created on Win2008R2 DCs.

I have ADMX templates for Win2012R2 installed on Win2008R2 DC center store and the win update GPO just wont work on Win2012R2 somehow.

I am thinking that if I just promote a Win2012R2 to be a DC then use this new DC to create GPO to control other Win2012R2 servers. Not sure if this will work or not.

Upgrade current Win2008R2 DCs to 2012R2 and raise the functional level are not the option at this moment.

Any idea?

Root Loop
  • 902
  • 4
  • 24
  • 45

1 Answers1

1

You can promote 2012r2 servers to DC's in your domain, but they will make minor changes to schema and other aspects of your infrastructure - see adprep for details (this is not raising the functional level). This really shouldn't be a problem.

GPOs not applying to your 2012r2 servers is likely to be something completely different. With a few exceptions group policies should apply equally well to Win XP,7,10, 2003...2016. you don't need 2012r2 DC's to make policies for 2012r2 member servers. Run gpresult /z on your 2012r2 servers to work out why the policies aren't applying. You haven't got WMI filters for specific operating systems on all your policies have you?

Jim ReesPotter
  • 308
  • 2
  • 10