Solved

Deleted Default Domain Policy on W2003K

Posted on 2010-09-10
29
466 Views
Last Modified: 2012-05-10
I deleted the Default Domain policy. I am in a single domain environment also running Exchange Server 2007. I have seen a few options as to how to proceed. What are the recommendations?
0
Comment
Question by:guitarcolossus
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 15
  • 6
  • 6
  • +1
29 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 33651239
Are you sure it was deleted.  The reason I ask is because   http://support.microsoft.com/kb/910201

Check for those GUID's mentioned.  Do you need to just relink it?

Thanks

Mike
0
 

Author Comment

by:guitarcolossus
ID: 33651252
Yeah, I checked for the GUID and could not find it. I'd be happy to re-check, but I'm pretty sure I deleted instead of just disassociating it.
0
 

Author Comment

by:guitarcolossus
ID: 33651262
Nope. Not there. She's definitely deleted.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 41

Expert Comment

by:Adam Brown
ID: 33651279
Run DCGPOFIX /target:domain from the command prompt and it should regenerate the Default Domain Policy. More info here: http://technet.microsoft.com/en-us/library/cc772811%28WS.10%29.aspx
0
 

Author Comment

by:guitarcolossus
ID: 33651284
ACBrown: I have seen a few links that talk about using this tool and then having to modify some settings to get Exchange to operate correctly. Is this the case?
0
 
LVL 41

Expert Comment

by:Adam Brown
ID: 33651296
I don't see why that would be the case. Exchange doesn't make any changes to the default domain policy and it doesn't require changes to work.
0
 

Author Comment

by:guitarcolossus
ID: 33651308
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 33651315
I haven't tested but from what I've seen on different boards is when you run the dcgpofix you may have to run the exchange prep again http://www.activedir.org/ListArchives/tabid/55/forumid/1/postid/31224/view/topic/Default.aspxMichael1 is Michael Smith (an exchange MVP)ThanksMike
0
 
LVL 41

Expert Comment

by:Adam Brown
ID: 33651320
The changes mentioned in some of what you're looking at may be tied to restores of the Default Domain Controller policy. If that one is still around, running the /target:domain switch will make sure the DDC policy is left alone.
0
 

Author Comment

by:guitarcolossus
ID: 33651325
So, would you all collectively agree that DCGPOFIX is a better way to go over restoring System State?
0
 

Author Comment

by:guitarcolossus
ID: 33651329
...sorry: Would you all agree that DCGPOFIX is better than restoring from System State?
0
 
LVL 41

Expert Comment

by:Adam Brown
ID: 33651338
Might also depend on the version of Exchange. I have 2010 on my test network, so...
0
 
LVL 41

Expert Comment

by:Adam Brown
ID: 33651342
Oh goodness yes. DCGPOFIX is both easier and less likely to explode on you.
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
ID: 33651346
and you still have the system state as another option
0
 

Author Comment

by:guitarcolossus
ID: 33651350
I REALLY appreciate both of you helping. I am going to get on this right now and get back to this board. I am prepared to accept multiple solutions as I
0
 

Author Comment

by:guitarcolossus
ID: 33651354
...am grateful to you both. Sorry. I'm nervous as Hell right now.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 33651362
when we are talking about Exchange and users....everyone gets nervous....normal
0
 
LVL 3

Expert Comment

by:Willy Van den Houten
ID: 33651369
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 33651374
burflags restore doesn't really help in this situation.
0
 
LVL 3

Expert Comment

by:Willy Van den Houten
ID: 33651381
0
 

Author Comment

by:guitarcolossus
ID: 33651456
All:

DCGPOFIX reports a successful restoration of the GrpPolcy, but the policy is not showing up as restored. Will I have to re-link it?
0
 

Author Comment

by:guitarcolossus
ID: 33651487
Nothing to re-link. Windows still looking for original GUID, which did not populate in Sysvol/Policies
0
 

Author Comment

by:guitarcolossus
ID: 33651627
wvdhoute:...thanks for the utility but it did nothing. DCGPOFIX has done nothing, unless I am missing something...quite possible.
0
 
LVL 41

Expert Comment

by:Adam Brown
ID: 33651937
I ran a couple tests on my test network and found that the correct syntax is dcgpofix /Ignoreschema /Target:Domain (Case sensitive, and ignoreschema has to go before target:domain.) This restored a purposefully deleted default domain policy on my test network...Not sure why it didn't work for you. Do you have anything showing up in your event log that might explain what is not happening?
0
 

Author Comment

by:guitarcolossus
ID: 33652045
acbrown2010:

I ran dcgpofix with those switches you mentioned above. The operation comes back successful without any errors, , but ho policy is populated in the properties of my domain or through Group Policy Management snap-in.

Even Viewer/Application continues to generate Event ID 1030:

Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.

Followed by Event ID 1058
Windows cannot access the file gpt.ini for GPO CN={7C3EABE3-AAA4-4382-B484-1582F68234CA},CN=Policies,CN=System,DC=MTESNJ,DC=local. The file must be present at the location <\\MTESNJ.local\SysVol\MTESNJ.local\Policies\{7C3EABE3-AAA4-4382-B484-1582F68234CA}\gpt.ini>. (The system cannot find the path specified. ). Group Policy processing aborted.
0
 

Author Comment

by:guitarcolossus
ID: 33652060
Here is my DCGPOFIX output

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\tyoung>dcgpofix /ignoreschema /target:both

Microsoft(R) Windows(R) Operating System Default Group Policy Restore Utility v5
.1

Copyright (C) Microsoft Corporation. 1981-2003

Description: Recreates the Default Group Policy Objects (GPOs) for a domain

Syntax: DcGPOFix [/ignoreschema] [/Target: Domain | DC | BOTH]


This utility can restore either or both the Default Domain Policy or the
Default Domain Controllers Policy to the state that exists immediately after
a clean install. You must be a domain administrator to perform this operation.

WARNING: YOU WILL LOSE ANY CHANGES YOU HAVE MADE TO THESE GPOs. THIS UTILITY
IS INTENDED ONLY FOR DISASTER RECOVERY PURPOSES.

You are about to restore Default Domain policy  and Default domain Controller po
licy for the following domain
MTESNJ.local
Do you want to continue: <Y/N>? y
WARNING: This operation will replace all 'User Rights Assignments' made in the c
hosen GPOs. This may render some server applications to fail. Do you want to con
tinue: <Y/N>? y
The Default Domain Policy was restored successfully
Note: Only the contents of the Default Domain Policy was restored. Group Policy
links to this Group Policy Object were not altered.
By default, The Default Domain Policy is linked to the Domain.

The Default Domain Controller Policy was restored successfully
Note: Only the contents of the Default Domain Controller Policy was restored. Gr
oup Policy links to this Group Policy Object were not altered.
By default, The Default Domain Controller Policy is linked to the Domain Control
lers OU.


C:\Documents and Settings\tyoung>
0
 

Author Closing Comment

by:guitarcolossus
ID: 33653853
I would have preferred to use DCGPOFIX, but it went nowhere. In any case, thanks for chiming in.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 33654774
Thanks a lot, just a heads up, you can also split points (ac helped a lot too)

Thanks

Mike
0
 

Author Comment

by:guitarcolossus
ID: 33655189
Mike:

Just (I think) awarded some points to AC, too. Definitely grateful for the support you guys provided.
Today I restored Active Directory from a backup. It was messy for too many reasons to enumerate, but all of the lose ends are cleaned up and I have an AD that's not generating any errors.

This board and its members continue to be a valued resource...

Thane (that's me!)
0

Featured Post

Forrester Webinar: xMatters Delivers 261% ROI

Guest speaker Dean Davison, Forrester Principal Consultant, explains how a Fortune 500 communication company using xMatters found these results: Achieved a 261% ROI, Experienced $753,280 in net present value benefits over 3 years and Reduced MTTR by 91% for tier 1 incidents.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question