truckfanatic_com
asked on
I deleted Default Domain Controllers policy !
I totally screwed up and deleted the Default Domain Controllers policy
I need to recreate it, but am not sure what the default properties are for the policy or how to go about recreating it.
I was getting an
"error 1332 No mapping between account names and security ids was done"
and that is why I was proceeding to remap the default policy for the Domain controler and deleted it like an idiot. :-(
I need to recreate it, but am not sure what the default properties are for the policy or how to go about recreating it.
I was getting an
"error 1332 No mapping between account names and security ids was done"
and that is why I was proceeding to remap the default policy for the Domain controler and deleted it like an idiot. :-(
ASKER
I will try this this morning and let you know if it worked. Thanks so much for the help. I swear I searched Tech net forever and found nothing. Its all about the words you use...
I will let you know in a few hours.
I will let you know in a few hours.
ASKER
This only shows how to create a default GPO, not specifically the Domain Controller Default GPO. Were close though...i feel it.
ASKER
OK, I am somewhat on the right path. I am in the Security Analysis and Configuration Snap-In, and I try to create a new Database and import the basicdc template, BUT it keeps saying "The Data is Invalid. Import Failed"
Ok how many servers do you have that are Dcs in your network? Lets do a repair of the DC, and run a test using the DCdiag.exe. You will find the tools on the server CD.
Lets get the tools in and running t se where we stand.
I will wait for your posts.
Dawne :)
Lets get the tools in and running t se where we stand.
I will wait for your posts.
Dawne :)
ASKER
Well, I had two, and decommissioned one. That when all hell broke loose. I 'dcpromo' the server I was decommissioning, then I took it out of the domain and put it it its own workgroup, then took it down.
The server is remote, so I have to get the disk and put it in the CD. So lets continue with the results of the Diag tomorrow morning. Thanks for the help.
The server is remote, so I have to get the disk and put it in the CD. So lets continue with the results of the Diag tomorrow morning. Thanks for the help.
ASKER
OK, I downloaded DCDIAG.exe and ran it, but came up with the following error...see screen shot link:
http://www.apollointernet.com/dcdiag_error.jpg
http://www.apollointernet.com/dcdiag_error.jpg
Ok but what does your Event viewer say?
ASKER
Event Type: Information
Event Source: Application Popup
Event Category: None
Event ID: 26
Date: 3/21/2003
Time: 2:39:18 PM
User: N/A
Computer: THOR
Description:
Application popup: dcdiag.exe - Entry Point Not Found : The procedure entry point DsIsMangledDnW could not be located in the dynamic link library NTDSAPI.dll.
Event Source: Application Popup
Event Category: None
Event ID: 26
Date: 3/21/2003
Time: 2:39:18 PM
User: N/A
Computer: THOR
Description:
Application popup: dcdiag.exe - Entry Point Not Found : The procedure entry point DsIsMangledDnW could not be located in the dynamic link library NTDSAPI.dll.
pcbrat asked if I could take a look..
truckfanatic_com... do you have a system state backup of this server? Not a complete backup, just system state.
truckfanatic_com... do you have a system state backup of this server? Not a complete backup, just system state.
ASKER
I wish. Please dont scold me...I have the tape drive, just havent connected it yet :-(
"Please dont scold me..." By stating that you are begging for it.
Bad, bad, bad!!!!
There is to my knowledge no other known way to repair this other than from System State data. Sorry, I could not be of more assistance.
Bad, bad, bad!!!!
There is to my knowledge no other known way to repair this other than from System State data. Sorry, I could not be of more assistance.
ASKER
So, am I screwed? :_-o I had a feeling.
I guess it is time to backup Exchange server and start from scratch.
One last question.....If I couldnt find an answer to fix the problem, what do I do? How do I stop the thread?
I guess it is time to backup Exchange server and start from scratch.
One last question.....If I couldnt find an answer to fix the problem, what do I do? How do I stop the thread?
Post a request in Commuinty Support to close this question, be sure to place a link to the question there. Good luck with your client.
You may want to pop the drive from that box into the exchange server or another box and atleast get what data you can from it?
You may want to pop the drive from that box into the exchange server or another box and atleast get what data you can from it?
ASKER
Thanks for all the help....I will do it right this time :-)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Thanks Geek for giving Truck a hand. I had to go away for the weekend, besides I figured he was kinda shot with no backup.
Good luck Truck hope all goes well.
Dawne :)
Good luck Truck hope all goes well.
Dawne :)
ASKER
:,-( Its gonna ba a long weekend
yup.
There is a fix for this that resets it back to default.
oh too simple aswell, duh.
You guys were so close
Had your problem and was following this message thread for an idea.
The default policy is exactly the same as any other policy except it pertains to the domain controller organisational unit.
Here we go.
load active direcory users and computers.
right click the domain controller OU / properties.
select group policy.
add a new default policy.
rename it to the domain contoller policy
edit it.
It quite happily replicates to other domain controllers with the approriate permissions intact.
The actual problem i had differed in that the policy was corrupt and i couldn;t edit it but i was able to delete the reference to the policy and start a new one.
oh too simple aswell, duh.
You guys were so close
Had your problem and was following this message thread for an idea.
The default policy is exactly the same as any other policy except it pertains to the domain controller organisational unit.
Here we go.
load active direcory users and computers.
right click the domain controller OU / properties.
select group policy.
add a new default policy.
rename it to the domain contoller policy
edit it.
It quite happily replicates to other domain controllers with the approriate permissions intact.
The actual problem i had differed in that the policy was corrupt and i couldn;t edit it but i was able to delete the reference to the policy and start a new one.
Thanks Netmage. I will file this one away as a tidbit for future reference. As we all know its a little harder troubleshotting something your not really looking at on your own. Wish you would have let the questioner know though, probobally would have saved him a rebuild. (chuckle).
Dawne :)
Dawne :)
ASKER
:-( Well, I did it any everything is humming along. Thanks everyone, it wasnt as bad as I thought, only one whole night lost.
FYI: PCBRAT and MSGEEK, I requested that you guys get 50 points each just for a thank in helping me try to resolve this.
PS: Netmage, close timing, but if I just had you around a week earlier :-)
FYI: PCBRAT and MSGEEK, I requested that you guys get 50 points each just for a thank in helping me try to resolve this.
PS: Netmage, close timing, but if I just had you around a week earlier :-)
>PS: Netmage, close timing, but if I just had you around a week earlier :-)
Believe me, i was :-/
I'd tagged this message thread from the begining and couldn;t add anything.
Here's my story found out after a bit of investigation
Up to my neck in it with much the same mess and all cause cause some moron reset a server in a remote office cause he thought chkdsk was taking too long after his original reset cause the broadband went down or so he says.
The server enventually restarted and i don;t know how but the domain controller policy got chundered and replicated to all the other controllers. ( thought this wasn;t sposed to happen when it conflicts with the master controller)
This bumped all the terminal server users out with a lack of permission to logon locally and that where i came in.
At this point the general domain policy overrides saved my butt till i eventually setup a new domain controller policy.
lol, there are now trained and assigned server operators at these locations and a particular computer has no reset button.
Yeah, what a week.
Believe me, i was :-/
I'd tagged this message thread from the begining and couldn;t add anything.
Here's my story found out after a bit of investigation
Up to my neck in it with much the same mess and all cause cause some moron reset a server in a remote office cause he thought chkdsk was taking too long after his original reset cause the broadband went down or so he says.
The server enventually restarted and i don;t know how but the domain controller policy got chundered and replicated to all the other controllers. ( thought this wasn;t sposed to happen when it conflicts with the master controller)
This bumped all the terminal server users out with a lack of permission to logon locally and that where i came in.
At this point the general domain policy overrides saved my butt till i eventually setup a new domain controller policy.
lol, there are now trained and assigned server operators at these locations and a particular computer has no reset button.
Yeah, what a week.
ASKER
PCBRAT, please post a comment at this link so I can give you some thank you points:
https://www.experts-exchange.com/questions/20576018/Points-for-PCBRAT.html
https://www.experts-exchange.com/questions/20576018/Points-for-PCBRAT.html
ASKER
MSGEEK, Please post a comment at this link so I can give you some thank you points:
https://www.experts-exchange.com/questions/20576019/Points-for-MSGEEK.html
https://www.experts-exchange.com/questions/20576019/Points-for-MSGEEK.html
Sorry I missed out on some of this, my power has been out sinece 4/3, great post. :(
I think the reason for the "dcdiag.exe - Entry Point Not Found : The procedure entry point DsIsMangledDnW could not be located in the dynamic link library NTDSAPI.dll." error is due to using an old version of DCDIAG.EXE.
If you are using Windows 2000 Service Pack 3, you need the updated version from here:
Windows 2000 Support Tools: DCDiag.exe Utility Update
http://www.microsoft.com/downloads/details.aspx?FamilyID=23870a87-8422-408c-9375-2d9aaf939fa3&DisplayLang=en
If you are using Windows 2000 Service Pack 3, you need the updated version from here:
Windows 2000 Support Tools: DCDiag.exe Utility Update
http://www.microsoft.com/downloads/details.aspx?FamilyID=23870a87-8422-408c-9375-2d9aaf939fa3&DisplayLang=en
Try these links for me. They may help you find what you need and where to go. Let me know if this helps and keep us posted.
http://support.microsoft.com/default.aspx?scid=kb;en-us;226243
http://support.microsoft.com/default.aspx?scid=kb;en-us;322143
Dawne :)