I have an existing Active directory infrastructure and there is a new version of windows 2025 so I wanted to update group policy to include the 2025 admx templates.
High-level Steps
- Create OU structure
- Create a new GPO
- download and install admx for 2025
- backup policy definitions on active directory server
- copy and replace on active directory server policy definitions
- check gpo is getting the new policy
- Download admx for edge (Optional)
- extract policy file (Optional)
- copy and replace on active directory server policy definitions (Optional)
- check gpo is getting the new policy (Optional)
- Move server to new OU
- add server to gpo
- update policy on server
So I created this OU structure in the existing active directory just to separate things out.
OU=Servers
OU=2025
├── OU=DomainControllers
├── OU=Infrastructure
│ ├── OU=DHCP
│ ├── OU=DNS
│ └── OU=CertificateServices
├── OU=FileServers
├── OU=WebServers
├── OU=ApplicationServers
│ ├── OU=SQL
│ ├── OU=Exchange
│ └── OU=CustomApps
├── OU=Management
│ ├── OU=Monitoring
│ ├── OU=Backup
│ └── OU=PatchManagement
├── OU=TestServers
├── OU=LegacyServers
└── OU=Quarantine
└── OU=Staging
I created a new group policy under 2025 OU called windows-2025-basepolicy-thedate
Now I will download the updates for admx windows 2025
https://www.microsoft.com/en-us/download/details.aspx?id=106295
I will installed the msi file “Install Administrative Templates (.admx) for Windows Server2025 November 2024 Update.msi”
the installation location – C:\Program Files (x86)\Microsoft Group Policy\Windows Server2025 November 2024 Update (24H2)\PolicyDefinitions
Now on your active directory server backup this folder just in case. –
\\vmware.local\SYSVOL\vmware.local\Policies\PolicyDefinitions
You can replace just what is new but there might be updates to the existing ADMX files that why I will be replacing it all and no need to copy all the languages just copy en-us
copy the files from C:\Program Files (x86)\Microsoft Group Policy\Windows Server2025 November 2024 Update (24H2)\PolicyDefinitions to \\vmware.local\SYSVOL\vmware.local\Policies\PolicyDefinitions
see below screen shot ( I selected all ADMX files and En-us to replace on the active directory server in the sysvol location above)
Now edit your group policy to ensure the new updates are there
Now you should have “Policy definitions (ADMX files) retrieved from the central store” message
Now I will install admx for edge software as an extra
download the .cab file
https://www.microsoft.com/en-us/edge/business/download?form=MA13FJ
Extract files
Copy the new admx files including the en-us over to the sysvol folder same location as above
Source C:\temp\MicrosoftEdgePolicyTemplates.zip\windows\admx
En-us folder and the three edge files
Destination
\\vmware.local\SYSVOL\vmware.local\Policies\PolicyDefinitions
Now the edge group policy updates should be there
Now move the server into the OU and add server to GPO
Add server to GPO
Run the following on the server in command prompt as admin
gpupdate /force (forces group policy update)
gpresult /R (show group policy objects applied)
gpresult /H c:\report.html (get report)