Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Delete unused "domain controllers Policy" Group Policy

Posted on 2015-01-03
4
Medium Priority
?
553 Views
Last Modified: 2015-01-04
I'm migrating from an old Windows 2003 server to Windows 2012R2. I noticed errors on the domain controllers when i looked at event viewer.  It looks to be the Policies that were created when the domain was run on Window 2000 servers.  I'm assuming the previous admin never transferred over the policy. Its not listed in the SysVOL/domain.local/polices folder.  Since the policy is not being applied to any domain controllers since it can't be located, is it safe to delete without any issues?
feel like i'm answering my own question, but better safe than sorry.
0
Comment
Question by:AfternoonShift
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 47

Assisted Solution

by:Craig Beck
Craig Beck earned 100 total points
ID: 40530258
If you're referring to the "Default Domain Controllers Policy" GPO, that policy is a built-in policy - it can't be migrated or deleted.  When you migrate to a new version of server (or update the schema in some cases) the new schema will dictate what's in that policy.
0
 
LVL 22

Accepted Solution

by:
dan_blagut earned 1000 total points
ID: 40530303
Hello

If you want that GPO can be restored by using dcgpofix command
http://technet.microsoft.com/en-us/library/hh875588.aspx
Is better to have this built-in GPO empty than delete it and perturb the domain.
Dan
0
 
LVL 38

Assisted Solution

by:Mahesh
Mahesh earned 900 total points
ID: 40530342
If the policies are not listed under sysvol policies folder, probably they are orphaned policies

I believe these are not default domain policy OR default domain controller policy you are talking about, no need to delete these default policies.

U can download GPMC sample scripts and install it
Within that there is scripts folder and underneath that script to find orphaned GPOs
Run that script before deleting any outdated GPOs from AD
http://www.microsoft.com/download/en/confirmation.aspx?id=14536

If you have 2008 R2 or above DC, you can run below PowerShell script to find out orphaned GPOs which you can safely remove
http://www.jhouseconsulting.com/2012/09/03/finding-orphaned-group-policy-objects-807
0
 

Author Comment

by:AfternoonShift
ID: 40530528
Thanks guys for the replies! The were all very helpful.

I ended up running the PS script on my 2012R2 DC and i saw it was listed as orphaned. It does match the one that was in my AD OU (Domain Controllers Folder).  Instead of removing it, i used the "DCGPOFix /ignoreschema /target:DC" command. I can now view the policy and it recreated the policy under the /sysvol/domain.local/policies folder.
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here's a look at newsworthy articles and community happenings during the last month.
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question