Your network contains a production Active Directory forest named contoso.com and a test Active Directory
forest named contoso.test. A trust relationship does not exist between the forests.In the contoso.test domain, you create a backup of a Group Policy object (GPO) named GPO1.
You transfer the backup of GPO1 to a domain controller in the contoso.com domain.
You need to create a GPO in contoso.com based on the settings of GPO1.You must achieve this goal by using
the minimum amount of Administrative effort.
What should you do?
A.
From Windows PowerShell, run the Get- GPO cmdlet and the Copy- GPO cmdlet.
B.
From Windows PowerShell, run the New- GPO cmdlet and the Import- GPO cmdlet.
C.
From Group Policy Management, create a new starter GPO. Right-click the new starter GPO, and then click
Restore from Backup.
D.
From Group Policy Management, right-click the Croup Policy Objects container, and then click Manage
Backups.
Explanation:
The Import-GPO cmdlet imports the settings from a GPO backup into a specified target GPO. The target GPO
can be in a different domain or forest than that from which the backup was made and it does not have to exist
prior to the operation.
Incorrect Answers:
A: Copy-GPO requires domain trust / copy from one domain to another domain within the same forest.
C: This would create a starter GPO, not a GPO.
D: You can also restore GPOs. This operation takes a backed-up GPO and restores it to the same domain
from rom the GPO’s original which it was backed up. You cannot restore a GPO from backup into a domain
different f domain.
The New-GPO cmdlet creates a new GPO with a specified name. By default, the newly created GPO is not
linked to a site, domain, or organizational unit (OU). The Import-GPO cmdlet imports the settings from a GPO
backup into a specified target GPO. The target GPO can be in a different domain or forest than that from which
the backup was made and it does not have to exist prior to the operation.
The Restore-GPO cmdlet restores a GPO backup to the original domain from which it was saved. If the original
domain is not available, or if the GPO no longer exists in the domain, the cmdlet fails.
Since the GPO’s original domain is different and there is no trust relationship between forests, you should
execute the New-GPO command and import the already existing command into the ‘new’ domain.