Migrate AGPM 4.0 from Windows Server 2012 to Windows Server 2019

Mohd Arif 921 Reputation points
2021-10-08T11:31:55.69+00:00

I have Advance Group Policy Server (AGPM) 4.0 on windows Server 2012 R2. Now I am migrating them to Win 2019. I followed below steps

  1. Installed AGPM 4.0 SP3 Server version on Windows Server 2019 (VMS1)
  2. Installed AGPM 4.0 SP3 Client version on Windows Server 2019 (VMC1)
  3. Stopped AGPM service on old server (2012)
  4. Stopped AGPM service on new server AGPM (2019)
  5. Copies the archives (GPO folders) from old to new
  6. Started the AGPM service on both old and new
  7. Pointed the AGPM client to connect to new Win Server 2019 AGPM
  8. Connection is successful.

However, I am getting below issues.

  1. I am not able to see any GPO in "controlled". All the GPOs are looking in uncontrolled only.
  2. If I try to manually control the GPO in new AGPM client server (2019) then I am loosing the permission configured on old AGPM SERVER. We have setup delegation on the GPO but if I do manual control then permission will be lost.

Any support highly apprecaited. Thank you very much in advance.

Windows
Windows
A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
4,733 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,105 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,832 questions
Windows DHCP
Windows DHCP
Windows: A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.DHCP: Dynamic Host Configuration Protocol (DHCP). A communications protocol that lets network administrators manage centrally and automate the assignment of Internet Protocol (IP) addresses in an organization's network.
1,021 questions
0 comments
Accepted answer
  1. Mohd Arif 921 Reputation points
    2021-11-17T04:54:37.107+00:00

    I fixed it. Actually I was using windows explorer for gpo archive migration hence only folders were copied not permission. So I used Windows backup feature to backup and restore and then it worked fine. I think you can also use robocopy with permission switch. Anyway, windows backup feature is nice to fix it.

    Nice article to learn about AGPM

    https://superit.in/what-is-advance-group-policy-object-agpm/

    0 comments

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Limitless Technology 39,341 Reputation points
    2021-10-11T08:20:53.73+00:00

    Hello MohdArif,

    I think your issue resides that you want to use a redundancy of AGPM servers. The architecture of AGPM is intended for a unique point and centralized management of policies, thus sharing permissions between servers is not expected. You can indeed create different AGPM servers with different policy scopes, sites, domains, etc.. but they should only manage their own set.

    I can recommend the next guide on how to migrate or move the management and archive from/to servers to verify your steps: https://learn.microsoft.com/en-us/microsoft-desktop-optimization-pack/agpm/move-the-agpm-server-and-the-archive

    Also this general checklists article for different operations on AGPM: https://learn.microsoft.com/en-us/microsoft-desktop-optimization-pack/agpm/checklist-administer-the-agpm-server-and-archive-agpm40

    --------------------------------------------------------------------------------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept as answer--

    0 comments
  2. Mohd Arif 921 Reputation points
    2022-03-31T10:14:55.193+00:00
    0 comments