Avatar of wiglack
wiglackFlag for United States of America asked on

Default Domain Policy deleted

I have a 2012 test server.  I was messing around with a central store for gpo's.  While I was creating the centralized store, I renamed the wrong folder.  This caused group policy management to display an error that I couldn't find or read the GPO for the default domain policy.  Before I figured out that I renamed the wrong directory, I deleted the default domain policy, so that I could recreate it.  I later found that I had renamed the wrong directory in sysvol.  But the damage was done and now I can't create a default policy.
I can't quite figure out how to recreate it.  Can anyone help?

BTW I could easily just wipe the domain and start over, but I want to learn how to recover from an error like this incase I encounter a client who did something as stupid as me, but in production.
Windows Server 2012Active Directory

Avatar of undefined
Last Comment
wiglack

8/22/2022 - Mon
Rob Stone

Nick Rhode

You can probably use the command: dcgpofix

http://technet.microsoft.com/en-us/library/hh875588.aspx
ASKER
wiglack

I already tried dcgpofix.  That didn't work.  I hadn't tried with the /ignorschema switch, but that didn't work either.

@Stoner79: I tried the first kb article you posted, but there is on GPO tab in ADUC.  Any suggestions?
Your help has saved me hundreds of hours of internet surfing.
fblack61
Mike Kline

Did you get any errors when you ran the command?  So the default domain policy was deleted?  I'm asking because I may spin up a VM and test this on 2012 (never tried on 2012)

Thanks

Mike
ASKER
wiglack

No errors running  dcgpofix /ignoreschema /target:Domain  I also tried dcgpofix /target:both.

It appears the policy is in the sysvol folder, but it doesn't appear in group policy management.  When I try to create a new policy called Default Domain Policy, I get an error that GPO with this name already exists.
Sandesh Dubey

It seems that the policy is still present in AD database.Open ADSiedit and check for the orphan gpo guid.

Path=CN=Policies,CN=System,DC=DomainName,DC=com by using ADSIEDIT.msc

I will also recommend before you proceed with deletition.Download resource kit tool and run gpotool.You will het the policy quid details and policy name and then proceed with deletion.http://www.microsoft.com/en-in/download/details.aspx?id=17657

Do you have sysvol backup.If yes then you can restore the policies and script folder on DC and perfrom authorative and non authorative restore of sysvol.

If no backup and default domain contoller and default domain policy is missing then you need to run dcgpofix.

To reset the Domain GPO, type dcgpofix /target:Domain
To reset the Default DC GPO, type dcgpofix /target:DC
To reset both the Domain and Default DC GPOs, type dcgpofix /target:both

Note:
Domain GPO GUID -{31B2F340-016D-11D2-945F-00C04FB984F9}
DC GPO GUID - {6AC1786C-016F-11D2-945F-00C04FB984F9}
http://support.microsoft.com/kb/556025

Hope this helps
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER
wiglack

I don't have a sysvol backup, shadow copies weren't turned on, and there is no hyperv snapshot.

I can't delete it with ADSI edit either.

error
Both of those GUID's are in the sysvol folder.
Sandesh Dubey

Both the quids are in sysvol then why are you deleting.It seeem to be permission issue.Before you proceed with deletion can you post the gpotool output.
ASKER
wiglack

C:\Program Files (x86)\Windows Resource Kits\Tools>gpotool
Validating DCs...
Available DCs:
DC1.home.wiglack.com
Searching for policies...
Found 2 policies
============================================================
Policy {31B2F340-016D-11D2-945F-00C04FB984F9}
Friendly name: Default Domain Policy
Policy OK
============================================================
Policy {6AC1786C-016F-11D2-945F-00C04FB984F9}
Friendly name: Default Domain Controllers Policy
Policy OK
============================================================

Policies OK

C:\Program Files (x86)\Windows Resource Kits\Tools>
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
SOLUTION
Sandesh Dubey

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
ASKER
wiglack

Yes they match sysvol\policies
compdigit44

From you post it appears your default domain and domain controllers policy are present but you mentioned that they are not showing up in GPMC, is this correct?

If so, try to clear you MMC cache in your profile.

Which can be found in the following location: C:\Users\%username%\AppData\Roaming\Microsoft\MMC
ASKER
wiglack

@compdigit44: I did that, no change.  I rebooted after deleting the files.  No dice.  I logged in as a new user and there still is no Default Domain Policy.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
compdigit44

Ok so when you run the gpotool it is showing the default domain / domain controllers policies named correctly, but not via GPMC is this correct.

If so, can you please upload a screen shot of what you are seeing in GPMC.
ASKER
wiglack

gpo error
ASKER CERTIFIED SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER
wiglack

How would I do that?
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23