I have a very interesting problem that may require a very creative solution.
In short, I have inherited a school site running a Microsoft 2003R2 server. I am wanting to add a second server (as a DC) to this site to add redundancy and am working through the errors in the current domain before bringing in the second DC.
At current I am receiving multiple errors in the application event log example
Security policy cannot be propagated. Cannot access the template.
Error code = -536870656.
I have traced this file to the Default Domain Controller Policy and checked the file and this file is empty.
Two things to note...
1. There is no other DC in this domain (I would like to kill the original installer)
2. The current backups for this server only hold about 2 weeks data and this error seems to have occured well outside this time frame.
So here is the hard part....
Is there a way to repopulate the Default Domain Controller Policy without the aid of a 2nd DC or a good backup ?