You may encounter issues where deleting a GPO results in unintended modifications to multiple SoMs. This occurs because GPOADmin synchronizes with GPMC behavior and removes the GPO from any linked SoMs. Without visibility into which SoMs will be affected, you may accidentally impact production configurations.
When a GPO is deleted in GPMC, it is automatically removed from any SoMs where it is linked. To maintain consistency between the live environment and GPOADmin, GPOADmin mirrors this behavior by applying corresponding actions during a GPO deletion deployment.
This workflow is intended behavior and not a defect. The system design ensures that GPO links remain synchronized across both GPMC and GPOADmin environments.
An enhancement has been introduced in GPOADmin to notify users of any Scope of Management (SoM) objects that will be affected when a Group Policy Object (GPO) deletion is deployed. This enhancement ensures visibility and control over SoMs that contain links to the GPO being deleted.
1) Alert Users when a GPO deletion is triggered and identify all affected SoMs.
2) Provide a pre-deployment warning listing all SoMs that currently contain a link to the GPO.
3) Allow users an opportunity to:
Review the affected SoMs
Approve and deploy related SoM changes
Or remove the GPO link from the SoMs prior to executing the deletion
This enhancement helps prevent unintended configuration changes by giving users visibility and time to take corrective steps.
Important Considerations:
Even with this warning in place, issues may still occur if user does not review the affected SoMs prior to deletion.
The alert mechanism serves as a reminder but does not override the intended GPO/GPMC synchronization behavior.
Expected Impact:
This new warning and SoM notification mechanism will help customers avoid unexpected SoM modifications when deleting GPOs, improving operational control and reducing risk of configuration drift.
The enhancement ID for this issue is 593100.
