Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 479
  • Last Modified:

Deleted Default Domain Policy on W2003K

I deleted the Default Domain policy. I am in a single domain environment also running Exchange Server 2007. I have seen a few options as to how to proceed. What are the recommendations?
0
guitarcolossus
Asked:
guitarcolossus
  • 15
  • 6
  • 6
  • +1
1 Solution
 
Mike KlineCommented:
Are you sure it was deleted.  The reason I ask is because   http://support.microsoft.com/kb/910201

Check for those GUID's mentioned.  Do you need to just relink it?

Thanks

Mike
0
 
guitarcolossusAuthor Commented:
Yeah, I checked for the GUID and could not find it. I'd be happy to re-check, but I'm pretty sure I deleted instead of just disassociating it.
0
 
guitarcolossusAuthor Commented:
Nope. Not there. She's definitely deleted.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
Adam BrownSr Solutions ArchitectCommented:
Run DCGPOFIX /target:domain from the command prompt and it should regenerate the Default Domain Policy. More info here: http://technet.microsoft.com/en-us/library/cc772811%28WS.10%29.aspx
0
 
guitarcolossusAuthor Commented:
ACBrown: I have seen a few links that talk about using this tool and then having to modify some settings to get Exchange to operate correctly. Is this the case?
0
 
Adam BrownSr Solutions ArchitectCommented:
I don't see why that would be the case. Exchange doesn't make any changes to the default domain policy and it doesn't require changes to work.
0
 
guitarcolossusAuthor Commented:
0
 
Mike KlineCommented:
I haven't tested but from what I've seen on different boards is when you run the dcgpofix you may have to run the exchange prep again http://www.activedir.org/ListArchives/tabid/55/forumid/1/postid/31224/view/topic/Default.aspxMichael1 is Michael Smith (an exchange MVP)ThanksMike
0
 
Adam BrownSr Solutions ArchitectCommented:
The changes mentioned in some of what you're looking at may be tied to restores of the Default Domain Controller policy. If that one is still around, running the /target:domain switch will make sure the DDC policy is left alone.
0
 
guitarcolossusAuthor Commented:
So, would you all collectively agree that DCGPOFIX is a better way to go over restoring System State?
0
 
guitarcolossusAuthor Commented:
...sorry: Would you all agree that DCGPOFIX is better than restoring from System State?
0
 
Adam BrownSr Solutions ArchitectCommented:
Might also depend on the version of Exchange. I have 2010 on my test network, so...
0
 
Adam BrownSr Solutions ArchitectCommented:
Oh goodness yes. DCGPOFIX is both easier and less likely to explode on you.
0
 
Mike KlineCommented:
and you still have the system state as another option
0
 
guitarcolossusAuthor Commented:
I REALLY appreciate both of you helping. I am going to get on this right now and get back to this board. I am prepared to accept multiple solutions as I
0
 
guitarcolossusAuthor Commented:
...am grateful to you both. Sorry. I'm nervous as Hell right now.
0
 
Mike KlineCommented:
when we are talking about Exchange and users....everyone gets nervous....normal
0
 
Willy Van den HoutenNetwork & Security AssistantCommented:
0
 
Mike KlineCommented:
burflags restore doesn't really help in this situation.
0
 
Willy Van den HoutenNetwork & Security AssistantCommented:
0
 
guitarcolossusAuthor Commented:
All:

DCGPOFIX reports a successful restoration of the GrpPolcy, but the policy is not showing up as restored. Will I have to re-link it?
0
 
guitarcolossusAuthor Commented:
Nothing to re-link. Windows still looking for original GUID, which did not populate in Sysvol/Policies
0
 
guitarcolossusAuthor Commented:
wvdhoute:...thanks for the utility but it did nothing. DCGPOFIX has done nothing, unless I am missing something...quite possible.
0
 
Adam BrownSr Solutions ArchitectCommented:
I ran a couple tests on my test network and found that the correct syntax is dcgpofix /Ignoreschema /Target:Domain (Case sensitive, and ignoreschema has to go before target:domain.) This restored a purposefully deleted default domain policy on my test network...Not sure why it didn't work for you. Do you have anything showing up in your event log that might explain what is not happening?
0
 
guitarcolossusAuthor Commented:
acbrown2010:

I ran dcgpofix with those switches you mentioned above. The operation comes back successful without any errors, , but ho policy is populated in the properties of my domain or through Group Policy Management snap-in.

Even Viewer/Application continues to generate Event ID 1030:

Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.

Followed by Event ID 1058
Windows cannot access the file gpt.ini for GPO CN={7C3EABE3-AAA4-4382-B484-1582F68234CA},CN=Policies,CN=System,DC=MTESNJ,DC=local. The file must be present at the location <\\MTESNJ.local\SysVol\MTESNJ.local\Policies\{7C3EABE3-AAA4-4382-B484-1582F68234CA}\gpt.ini>. (The system cannot find the path specified. ). Group Policy processing aborted.
0
 
guitarcolossusAuthor Commented:
Here is my DCGPOFIX output

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\tyoung>dcgpofix /ignoreschema /target:both

Microsoft(R) Windows(R) Operating System Default Group Policy Restore Utility v5
.1

Copyright (C) Microsoft Corporation. 1981-2003

Description: Recreates the Default Group Policy Objects (GPOs) for a domain

Syntax: DcGPOFix [/ignoreschema] [/Target: Domain | DC | BOTH]


This utility can restore either or both the Default Domain Policy or the
Default Domain Controllers Policy to the state that exists immediately after
a clean install. You must be a domain administrator to perform this operation.

WARNING: YOU WILL LOSE ANY CHANGES YOU HAVE MADE TO THESE GPOs. THIS UTILITY
IS INTENDED ONLY FOR DISASTER RECOVERY PURPOSES.

You are about to restore Default Domain policy  and Default domain Controller po
licy for the following domain
MTESNJ.local
Do you want to continue: <Y/N>? y
WARNING: This operation will replace all 'User Rights Assignments' made in the c
hosen GPOs. This may render some server applications to fail. Do you want to con
tinue: <Y/N>? y
The Default Domain Policy was restored successfully
Note: Only the contents of the Default Domain Policy was restored. Group Policy
links to this Group Policy Object were not altered.
By default, The Default Domain Policy is linked to the Domain.

The Default Domain Controller Policy was restored successfully
Note: Only the contents of the Default Domain Controller Policy was restored. Gr
oup Policy links to this Group Policy Object were not altered.
By default, The Default Domain Controller Policy is linked to the Domain Control
lers OU.


C:\Documents and Settings\tyoung>
0
 
guitarcolossusAuthor Commented:
I would have preferred to use DCGPOFIX, but it went nowhere. In any case, thanks for chiming in.
0
 
Mike KlineCommented:
Thanks a lot, just a heads up, you can also split points (ac helped a lot too)

Thanks

Mike
0
 
guitarcolossusAuthor Commented:
Mike:

Just (I think) awarded some points to AC, too. Definitely grateful for the support you guys provided.
Today I restored Active Directory from a backup. It was messy for too many reasons to enumerate, but all of the lose ends are cleaned up and I have an AD that's not generating any errors.

This board and its members continue to be a valued resource...

Thane (that's me!)
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

  • 15
  • 6
  • 6
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now