Solved

How to Cleanup the Policies folder in Sysvol

Posted on 2007-11-15
7
1,963 Views
Last Modified: 2012-08-13
I have group policy folders in my sysvol folder that are not being used.  When I look in AD and list all the policies, those appear to be deleted.  Is there a tool that would compare the two and delete the ones that are no longer being used?
0
Comment
Question by:securitythreat
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 20288750
Stop are you sure they are not in use? you will have two that are in use the default domain an default domain controllers policy (the domain policy starts 31B2F.....) Load the group policy management console and backup your policies before you delete anything
0
 
LVL 57

Accepted Solution

by:
Pete Long earned 500 total points
ID: 20288761
Get Gpotool.exe from the resource kit and it will tell you what policy is doing what.

GPOTool.exe: Group Policy Verification Tool
Category
Group Policy Verification tool is included in the Windows Server 2003 Deployment Kit.

Version compatibility
The Group Policy Verification tool works on Windows 2000 and higher computers. You use Group Policy Verification tool to check the health of the Group Policy objects on domain controllers. The tool checks GPOs for consistency on each domain controller in your domain. The tool also determines whether the policies are valid and displays detailed information about replicated Group Policy objects (GPOs).

GPOTool.exe ships with the Microsoft Windows 2003 Server Resource Kit and is also available as a free download at the Gpotool.exe: Group Policy Verification Tool page.

For more information about the Group Policy Verification tool, type GPOTool /? at the command line. You can find full documentation for Group Policy Verification tool in the Windows Server 2003 Deployment Kit Tools.

http://technet2.microsoft.com/windowsserver/en/library/e926577a-5619-4912-b5d9-e73d4bdc94911033.mspx?mfr=true
0
 
LVL 1

Author Comment

by:securitythreat
ID: 20288764
I have policies.  They were deleted.  The DC they were deleted from was having FRS issues.  The deletions showed up in ad across the board.  However, the policies folder did not delete the policies out of there.  The FRS issue led to a authoritive restore to resolve.  Once the restore was completed, replication continued.  However, the restore replicated all the old folders.  As a result, the policies deleted in AD but show up in the folder.
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 1

Author Comment

by:securitythreat
ID: 20288782
Once identified, is it ok to manually delete the folders of the un-used gpo's?
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 20288959
Yes - you can manually delete them straight from the sysvol/domainname/policys folder  - if they error when you try and delete them you might need to mess about with dcscalcs but we will cross that bridge when we come to it :)

Pete
0
 
LVL 1

Author Comment

by:securitythreat
ID: 20289063
Ok... right now they are mismatched... so trying to figure that out... thanks for your help all
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 20289153
ThanQ
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question