?
Solved

Renaming Default Domain and Default Domain Controller Policies

Posted on 2010-08-17
5
Medium Priority
?
1,633 Views
Last Modified: 2012-05-10
Hello, I am trying to troubleshoot slow logon issues with a Windows 2008 R2 Domain. I noticed that both the default domain policy and default domain controller policy have been renamed to Default Domain PolicyDONOTMod and Default Domain Controller PolicyDONOTMod respectively. These policies have also been modified. Should I be renaming these policies back? Are they OK renamed? Should I use the GPOfix tool to repair the policies? Thanks in advance.
0
Comment
Question by:njtreker1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 15

Expert Comment

by:JBond2010
ID: 33456965
To narrow down the root cause:

 1.     Login your DC, open Group Policy Management in the Administrative Tools

2.     Verify whether the problematic GPO is configured correctly.

3.     Run "rsop.msc" on the DC to check whether the problematic GPO is applied correctly.

4.     Go to Group Policy Results, right click it and chose Group Policy Results Wizard, select target server name and user name which you are going to deploy GPO.
0
 
LVL 21

Accepted Solution

by:
snusgubben earned 1000 total points
ID: 33457070
The GPOs are referred to with its GUID and not friendly name, so I doubt it's the renaming that is the problem.

Here are some great blog entries about the subject:

http://blogs.technet.com/b/askds/archive/2009/09/23/so-you-have-a-slow-logon-part-1.aspx

http://blogs.technet.com/b/instan/archive/2008/04/17/troubleshooting-the-intermittent-slow-logon-or-slow-startup.aspx

0
 

Author Comment

by:njtreker1
ID: 33457116
I have disabled the suspected GPO and have discovered a dramatic improvement in the logon performance. My main question is whether it is OK to have the default policies renamed.
0
 
LVL 21

Expert Comment

by:snusgubben
ID: 33457252
It's a best practice to leave the default domain policy and default domain controller policy alone, but as I said they are not applied with the friendly name. If you look in the userenv.log on i.e. a XP machine the GUID to the GPO is used.

The GUID is not changed if you rename the friendly name.

If you run a RSOP or gpresult the friendly name is reported (in a friendly reading report).
0
 
LVL 59

Assisted Solution

by:Darius Ghassem
Darius Ghassem earned 1000 total points
ID: 33459072
I would have to agree you really want to leave your default domain policy alone you should make changes to new polices that you add. The Default Domain Controller Policy I would 100% leave alone do not rename this policy this is a critical policy to your domain controllers.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Suggested Courses
Course of the Month10 days, 12 hours left to enroll

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question