Default Domain Policy
Posted on 2009-05-12
Gee what a mess...
Got this "new" client who's been looked after by clowns.
Where should I start...
- DCDiag full of errors
- AD replication ok between 2003 and 2008 but fails between 2008 and 2008
- AD Site and Services still refers to old accounts
- DNS not configured
- GPO not applying to some machines
- GPO can be edited from 2008 DC but can't from 2003 DC
- "Default Domain Policy" is blank, and replaced by another "Company Default Policy" which has weird settings, etc.
I'll start with rebuilding the GPO and cleaning up the AD Schema. As the Default Domain Policy is blank, I need to recreate it from scratch...(and of course there were no backup until now).
My question : is there a "Default "Default Domain Policy" " I can download and apply ? Or should I just build a lab environment, write down all the settings and create these in the live environment ? or a procedure from Msoft to recreate this GPO from a template somewhere ?