6.2 Understanding GP Explorer

GPA offers cross‑forest management, giving you the ability to control enterprise management capabilities from a single GPA Console. If the required trust relationships are set up properly, you can select a domain belonging to a different forest and administer policies on that domain.

NOTE:For cross‑forest management to perform successfully, ensure the proper trusts are in place between forests.

GP Explorer provides a Group Policy‑centric interface to Active Directory. It provides a hierarchical view of policies associated with OUs, domains, and sites. GP Explorer also provides the administrator with basic and advanced GPO management features, such as GPO reporting, backups and restores, search, and delegation.

Each GPA Console connects to a domain controller and its associated domain. When you expand GP Explorer, GPA displays the domain to which you are connected.

6.2.1 Domain Node

From the domain node, you can search for and link to GPOs, back up, restore, and replicate GPOs. In addition, GPA allows you to toggle the inheritance option for all GPOs within the domain and view and change domain node properties.

You define GPOs at the domain level, unless you define a local policy. When you expand a domain node you can see the OU hierarchy and the associated GPOs. Use the Action menu to work with GPOs in the domain node.

6.2.2 Organizational Unit Node

From an OU node, you can link a Group Policy to an OU. When you expand an OU node, you can see the GPOs that are associated with the OU. In addition, GPA allows you to toggle the inheritance option for all GPOs within the domain. Use the Action menu to work with GPOs in the organizational unit node.

6.2.3 GPO Node

From a GPO node, you can use the Action menu to edit, back up, import, delete, rename, and specify properties for GPOs.

6.2.4 Unlinked GPOs Node

The Unlinked GPOs node lists the GPOs in a domain that have no links to any container in the same domain. This information can be very useful when you need to find and resolve orphaned GPOs.

In any domain, GPOs can exist that were created for test purposes but not subsequently deleted. Also, links to a GPO can be deleted, but not the entire GPO itself. Though such orphaned GPOs exist in the domain, they are not seen on any GPO property page for an OU‑level or domain‑level node. In an ideal production environment, the Active Directory containers do not have any orphaned GPOs.

You can use the Unlinked GPOs container to clean up the Active Directory environment by identifying orphaned GPOs. Administrators can then delete them or link them to an OU, domain, or site.

6.2.5 Sites GPO Node

The Sites GPO node under the GP Explorer node displays the available list of sites. GPA displays any GPOs linked to these sites. To view the report on the site GPOs, click the site node in the left pane, and then select the Summary of GPOs tab in the right pane.