troubleshooting Question

Default Domain Policy missing

Avatar of Sean Doolan
Sean DoolanFlag for Ireland asked on
Microsoft Server OSWindows Server 2003Active Directory
16 Comments2 Solutions3597 ViewsLast Modified:
I am having an issue at a site I support and need some advise.

1 * Win 2K SP4 Server Standard DC running dhcp/dns/File & print
1 * Server 2003 Standard running Exchange 2003 Standard
6 * Member Servers running Win 2000 server or Win 2003 standard.
30 XP clients

Last week I went to install a new server 2003 R2  SP2 server to become the new
DC running dhcp/dns/File & print.

On the existing Win 2K Standard DC I ran from the Win 2003 R2 cd2
adprep /forestprep
adprep /domainprep

On the new 2003 R2 server
I added it as a member server to the domain and then I ran a Dcpromo on it and all seems to run fine.
On the new dc the Sysvol and the Netlogon folders were automatically created and shared and I can see the login scripts are in them.

I am getting an issue on the new 2003 Dc in the event log every 5 minutes.
Event ID: 1058
“Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=Athlone,DC=local. The file must be present at the location <\\Athlone.local\sysvol\Athlone.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>. (The system cannot find the path specified. ). Group Policy processing aborted.”

Looking from both servers at the Sysvol\sysvol\athlone.local\policies folder I do not see a folder called 31B2F340-016D-11D2-945F-00C04FB984F9, I do see another folder called A0CA9A6E-1944-46E7-4124178B1C9F.
When I go onto active directory on either DC I can access the GPO I have on the users OU but when I try to access the Domain Controllers – Default Domain Controllers  Policy to edit it I get an error “Failed to open the group policy object. You may not have the appropiate rights,the system cannot find the path specified.

Also when I try to access the Default Domain Policy I get the same errors.

I ran DCDIAG on the 2K DC and it comes back all fine.

Looking online for fixes I have come across:
1)      Using DCGPOFIX for Server 2003 to recreate the Default Domain Controllers  Policy
2)      Dcgpofix for server 2000 to recreate the Default Domain Controllers  Policy
I have read there can be issues after the 2 above of where “The Dcgpofix tool does not restore security settings in the Default Domain Controller Policy to their original state
3)  , this instructs me on “How to rebuild the SYSVOL tree and its content in a domain”
I have not moved over the 5 FSMO roles to the new DC as yet as I intend to retire the 2000 DC as its an old server.

So I may have 2 other options
a)      Move over the 5 roles onto the new DC and setup dhcp/dns and then try the DCGPOFIX
b)      Demote the new DC and then run the DCGPOFIX on the 2K Server.

I have read
By ChiefIT

Any advise?
Senior Solution Architect

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 2 Answers and 16 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 2 Answers and 16 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros