Your network contains an Active Directory domain.
You need to back up all of the Group Policy objects(GPOs), Group Policy permissions, and Group Policylinks
for the domain.
What should you do?

A.
From Group Policy Management Console (GPMC), backup the GPOs.

B.
From Windows Explorer, copy the content of the %systemroot%\SYSVOL folder.

C.
From Windows Server Backup, perform a system state backup.

D.
From Windows PowerShell, run the Backup-GPO cmdlet.

Explanation:
When you backup a GPO using the Group Policy Management Console or the Backup-GPO cmdlet, the links to
domains/sites/OUs are not included. The link is indicated in an accompanying gpreport.xml, but it’s not in the
backup itself. If you restore the backup, then the GPO is not linked to anything.
Microsoft recommends that you do not modify the Sysvol structure. This recommendation also applies to
backup and restore operations of the Sysvol structure. On top of that, the SYSVOL folder only containsthe
GPT part of a GPO, so it would be an incomplete backup anyway.
The link between GPO and for example an OU is an attribute (gPLink) of the OU, not of the GPO. So, to
backup the GPOs, including the links, we have to perform a system state backup.
Reference 1:
http://www.microsoft.com/en-us/download/details.aspx?id=22478
Planning and Deploying Group Policy (Word-document)
Backing up and restoring WMI filter data, IPsec policy settings, and links to OUs
Links to WMI filters and IPsec policies are stored in GPOs and are backed up as part of a GPO. When you
restore a GPO, these links are preserved if the underlying objects still exist in Active Directory. Links to OUs,
however, are not part of the backup dataand will not be restored during a restore operation.
Reference 2:
http://social.technet.microsoft.com/Forums/en-US/winserverGP/thread/c361339f-7266-4991-8309-c957a123a455/
Does backup-gpo cmdlet backup GPO links and permission?
“Permissions are backed up but links are not. The links are actually properties of the OU and would bebacked
up as part of the system state. Please see this article for more information: http://technet.microsoft.com/en-us/
library/cc784474.aspx. The article refers to the GPMC process which is the same as the PowerShell cmdlet.”
Reference 3:
http://technet.microsoft.com/en-us/library/cc784474.aspx
Information saved in a backup
Backing up a GPO saves all information that is stored inside the GPO to the file system. This includesthe
following information:
GPO globally unique identifier (GUID) and domain.
GPO settings.
Discretionary access control list (DACL) on the GPO.
WMI filter link, if there is one, but not the filter itself.
Links to IP Security Policies, if any.
XML report of the GPO settings, which can be viewedas HTML from within GPMC.
Date and time stamp of when the backup was taken.
User-supplied description of the backup.
Information not saved in a backup
Backing up a GPO only saves data that is stored inside the GPO. Data that is stored outside the GPO isnot
available when the backup is restored to the original GPO or imported into a new one. This data that becomes
unavailable includes the following information:
Links to a site, domain, or organizational unit.
WMI filter.
IP Security policy.
Reference 4:
http://technet.microsoft.com/en-us/library/jj134176.aspx
Check Group Policy Infrastructure Status
Each GPO is stored partly in Active Directory and partly in the SYSVOL on the domain controller. The portion of
the GPO stored in Active Directory is called the Group Policy container (GPC) while the portion of theGPO
stored in the SYSVOL is called the Group Policy template (GPT). GPMC and Group Policy Management Editor
manage the GPO as a single unit. For example, when you set permissions on a GPO in GPMC, GPMC is
actually setting permissions on objects in both Active Directory and the SYSVOL. It is not recommendedthat
you manipulate these separate objects independentlyoutside of GPMC and the Group Policy Management
Editor.
It is important to understand that these two separate features of a GPO rely on different replication
mechanisms. The file system portion, GPT, is replicated through Distributed File Service Replication (DFS-R)
or File Replication Service (FRS), independently ofthe replication handled by Active Directory, GPC.