My organisation has a multi-domain forest with a root domain and a few child domains underneath, serving different parts of the organisation. I want to put in a central ADMX store.
I've done this for single domain forests before with no issue. My question is, can I have a single store for the entire forest or do I need one per domain? DCs are all running Server 2016 at 2016 level.
I've Googled but haven't found an answer so I thought I'd ask here!
A Central Store is a per-domain concept. As the central store exists in the SYSVOL, and SYSVOL is only replicated among Domain Controllers within the domain, and it does not replicate to Domain Controllers in the other domains within same forest, it can be safely concluded that the Central Store is only available for each domain.
Admittedly; however, you likely only need the Central Store in the domain(s) from which you will be managing Group Policy Objects. That is, if you were only to create and manage policies in other domains from the forest root, you wouldn't necessarily need the Central Store in the other domains. As the admx/adml files in the Central Store to not actually provide any functional change on the client retrieving and processing the policy. They are only used to provide a unified/simplified management interface.
Other references: https://support.microsoft.com/en-us/help/929841/how-to-create-the-central-store-for-group-policy-administrative-templa