Solved

What is the best way to recreate the Default Domain Policy on an a production system.

Posted on 2014-11-11
7
154 Views
Last Modified: 2014-11-13
I have corruption on my default domain policy and  I need to recreate it. What is the best way to remake this policy without causing little or no down time on the domain?

Below is a screenshot of what the policy looks like.

Corrupt Group Policy
0
Comment
Question by:JerryPotter
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 54

Expert Comment

by:McKnife
ID: 40436237
Say, you don't do backups of your DCs? The GPOs are just files and files can be restored from backups.
If you prefer an empty, default def.dom.pol, read https://support.microsoft.com/kb/556025?wa=wsignin1.0 for options.
0
 

Author Comment

by:JerryPotter
ID: 40436251
Thanks for the quick response, we have backups, but the problem is I am not sure when the GPO became corrupt. I also found those options before. Does anyone know which option is the easiest? Does Dcgpofix.exe work well?
0
 
LVL 54

Expert Comment

by:McKnife
ID: 40436271
"I am not sure when the GPO became corrupt" - I'd restore it from backup, it's just a folder. Do you have file level backups of your DC?
0
Comparison of Amazon Drive, Google Drive, OneDrive

What is Best for Backup: Amazon Drive, Google Drive or MS OneDrive? In this free whitepaper we look at their performance, pricing, and platform availability to help you decide which cloud drive is right for your situation. Download and read the results of our testing for free!

 

Author Comment

by:JerryPotter
ID: 40436303
I do have file level backups, unfortunately I believe that this became corrupt before I started working here and that was almost 3 years ago. I know we have changed how our backup works and I believe, got rid of the old things. I think I am stuck with remaking it. I do have a printed copy of the GPO with the settings that were in it.
0
 
LVL 54

Accepted Solution

by:
McKnife earned 250 total points
ID: 40436315
Since 3 years the default domain policy is corrupt? How would you know that?
Well, use dcgpofix and recreate your settings. http://technet.microsoft.com/en-us/library/hh875588.aspx explains the syntax, you should restore only the defdompol, not both.
0
 
LVL 17

Assisted Solution

by:Learnctx
Learnctx earned 250 total points
ID: 40436445
A lot of companies set a PKI policy in their default domain policy. I would investigate first if you are patched for this:

https://support.microsoft.com/kb/2028605

It would suggest to me that something like this is the cause if the problem has been around for potentially 3 years because the problem only affects GPO reports and GPMC's settings view. The settings themselves are fine and still apply. With investigating before you try restoring or fixing any GPO files for potential corruption.
0
 

Author Comment

by:JerryPotter
ID: 40441469
Thanks for the answers, I found out I did have some corrupt files and also the Certificate Services Client was messed up. After fixing that issue I ran the dcgpofix and reconfigured everything. Everything seems to be working. Thanks for the help.
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question