6.1 Workflow for Managing GPOs in Active Directory

When you work with GPOs in Active Directory, you need to be very familiar with Group Policy concepts and how Group Policy affects objects across your production environment. When working in Active Directory instead of the GP Repository, you cannot evaluate GPOs before they are in effect. Therefore, you can disrupt activity and productivity with an incorrectly defined GPO. To help avoid costly mistakes, use a test environment to verify the effects of a change before you deploy that change in your production environment.

NOTE:If you need to modify your production environment, change your OUs and GPOs during off‑hours when your organization has reduced network use and you can verify the effects of the GPOs you have implemented.

The following checklist outlines the general process and workflow for working with GPOs in Active Directory.

Installing and Configuring Your Environment

If you are upgrading from a previous version of GPA, consider the important differences in this version. For more information, see the Release Notes.

Install GPA. For more information, see Section 2.0, Installing Group Policy Administrator.

Delegate permissions in your test and production environment to define who can modify GPOs and OUs.

Configure global settings, such as default copy options and showing or hiding domains.

Creating and Modifying GPOs in Your Test Environment

Create a new GPO in the test domain. For more information, see Creating a GPO Directly in the GP Repository.

Configure policies and preferences. For more information, see the following sections:

Testing and Evaluating GPOs in Your Test Environment

Use RSoP what‑if reports to check changes. For more information, see Section 7.0, Reporting on GPOs.

Edit the test environment to fix any problems. For more information, see Editing Group Policy Settings, Preferences, and Properties.

Use RSoP after fixing any problems (as a double‑check). For more information, see Section 7.0, Reporting on GPOs.

Deploying GPOs to Your Production Environment

Back up live GPOs for disaster recovery. For more information, see Backing Up and Restoring GPOs.

Migrate within the GP Repository to the production domain. For more information, see Migrating a GPO Between GP Repository Domains.

Test the production environment. For more information, see Section 7.0, Reporting on GPOs.

Troubleshooting, Disaster Recovery, and Ongoing Management

Use RSoP to double‑check domain controller settings. For more information, see Section 7.0, Reporting on GPOs.

Run diagnostics on client computers.

Generate reports to verify settings and find GPOs. For more information, see Section 7.0, Reporting on GPOs.

Back up live GPOs for disaster recovery. For more information, see Backing Up and Restoring GPOs.

Use scripts to make common tasks easier. For more information, see Section A.0, Automating GPA Operations with .NET.