Solved

Renaming Default Domain and Default Domain Controller Policies

Posted on 2010-08-17
5
1,511 Views
Last Modified: 2012-05-10
Hello, I am trying to troubleshoot slow logon issues with a Windows 2008 R2 Domain. I noticed that both the default domain policy and default domain controller policy have been renamed to Default Domain PolicyDONOTMod and Default Domain Controller PolicyDONOTMod respectively. These policies have also been modified. Should I be renaming these policies back? Are they OK renamed? Should I use the GPOfix tool to repair the policies? Thanks in advance.
0
Comment
Question by:njtreker1
5 Comments
 
LVL 15

Expert Comment

by:JBond2010
ID: 33456965
To narrow down the root cause:

 1.     Login your DC, open Group Policy Management in the Administrative Tools

2.     Verify whether the problematic GPO is configured correctly.

3.     Run "rsop.msc" on the DC to check whether the problematic GPO is applied correctly.

4.     Go to Group Policy Results, right click it and chose Group Policy Results Wizard, select target server name and user name which you are going to deploy GPO.
0
 
LVL 21

Accepted Solution

by:
snusgubben earned 250 total points
ID: 33457070
The GPOs are referred to with its GUID and not friendly name, so I doubt it's the renaming that is the problem.

Here are some great blog entries about the subject:

http://blogs.technet.com/b/askds/archive/2009/09/23/so-you-have-a-slow-logon-part-1.aspx

http://blogs.technet.com/b/instan/archive/2008/04/17/troubleshooting-the-intermittent-slow-logon-or-slow-startup.aspx

0
 

Author Comment

by:njtreker1
ID: 33457116
I have disabled the suspected GPO and have discovered a dramatic improvement in the logon performance. My main question is whether it is OK to have the default policies renamed.
0
 
LVL 21

Expert Comment

by:snusgubben
ID: 33457252
It's a best practice to leave the default domain policy and default domain controller policy alone, but as I said they are not applied with the friendly name. If you look in the userenv.log on i.e. a XP machine the GUID to the GPO is used.

The GUID is not changed if you rename the friendly name.

If you run a RSOP or gpresult the friendly name is reported (in a friendly reading report).
0
 
LVL 59

Assisted Solution

by:Darius Ghassem
Darius Ghassem earned 250 total points
ID: 33459072
I would have to agree you really want to leave your default domain policy alone you should make changes to new polices that you add. The Default Domain Controller Policy I would 100% leave alone do not rename this policy this is a critical policy to your domain controllers.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question