?
Solved

Cant access Group Policy's after domain Rename

Posted on 2008-11-07
6
Medium Priority
?
437 Views
Last Modified: 2012-05-05
We had to change the name of our domain because our parent company changed its name. We followed the 80+ page document that microsoft provided. However, Some things must have not been changed. When I try and open the Domain Security Policy or the Domain Controller Security Policy I get this error:

"Failed to open the Group Policy Object. You may not have appropriate rights. The specified domain either does not exist or could not be contacted."

From we can tell, everything worked fine in the rename process. We never got any errors? DNS is updated, all of the workstations login to the new domain, all the shares work.  

One other thing is that when I open ASDIEDIT, I see the old domain name on the "Domain" "Configuration" and "Schema"

I assume that somewhere in the process of renaming the domain we missed something or something did not update to the new domain correctly.  Thanks in advance for any suggestions.
0
Comment
Question by:cwellsatl
  • 3
  • 3
6 Comments
 
LVL 24

Expert Comment

by:ryansoto
ID: 22908566
Ouch - domain rename fails about 40-60% of the time and if it doesnt fail issues like this occur -
My suggestion for the group policies is to rebuild from scratch unfortunately.  Its been my experience that restore those will not working after a rename has been done
0
 

Author Comment

by:cwellsatl
ID: 22908661
yeah, thats what I thought would be the answer. My concern is if GP does not work what else is broken? I dont want to be paying for this problem for years to come. And we are going to have to connect this domain to the parent company (in europe) via a trust next week. As all of our email will go to their exchange server which will then forward it over the MPLS circuit to our exchange server. So that is a whole other can of worms that can get pretty messy if AD is messed up.
0
 
LVL 24

Expert Comment

by:ryansoto
ID: 22908741
Sure can.....
I cant help with the other specific issues that you stated you were having -
Most of the time I (and my clients) find it faster and more efficient to rebuild the domain.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 

Author Comment

by:cwellsatl
ID: 22922552
We are trying to make this Domain Work anyway. I figured out that one of the steps in the document that was under Miscellaneous Tasks was not completed and the Secutiry Policies work now. However, When I go to check the FSMO Roles under Operations Masters, They still show the old name. I have not deleted the old DNS Zones yet. But wonder if I do will the new name show up under Operations Masters?
0
 
LVL 24

Expert Comment

by:ryansoto
ID: 22922898
Probably not you may need to run a meta data clean up (way to clean up old or outdated objects from AD)
http://technet.microsoft.com/en-us/library/cc736378.aspx
0
 

Accepted Solution

by:
cwellsatl earned 0 total points
ID: 23116424
Sorry for the late post. I did manage to fix it. It seems that it did not populate all of the information in DNS. I manaually added the needed information and rebooted. Has been working great ever since. Thanks for the suggestions.
0

Featured Post

[Webinar On Demand] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes it necessary to set special permissions on user objects.  For instance when using a Blackberry server, the SendAs permission needs to be set. I see many admins struggle with the setting that permission only to see it disappear within a few…
I’m willing to make a bet that your organization stores sensitive data in your Windows File Servers; files and folders that you really don’t want making it into the wrong hands.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question