• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 573
  • Last Modified:

Delete unused "domain controllers Policy" Group Policy

I'm migrating from an old Windows 2003 server to Windows 2012R2. I noticed errors on the domain controllers when i looked at event viewer.  It looks to be the Policies that were created when the domain was run on Window 2000 servers.  I'm assuming the previous admin never transferred over the policy. Its not listed in the SysVOL/domain.local/polices folder.  Since the policy is not being applied to any domain controllers since it can't be located, is it safe to delete without any issues?
feel like i'm answering my own question, but better safe than sorry.
0
AfternoonShift
Asked:
AfternoonShift
3 Solutions
 
Craig BeckCommented:
If you're referring to the "Default Domain Controllers Policy" GPO, that policy is a built-in policy - it can't be migrated or deleted.  When you migrate to a new version of server (or update the schema in some cases) the new schema will dictate what's in that policy.
0
 
dan_blagutCommented:
Hello

If you want that GPO can be restored by using dcgpofix command
http://technet.microsoft.com/en-us/library/hh875588.aspx
Is better to have this built-in GPO empty than delete it and perturb the domain.
Dan
0
 
MaheshArchitectCommented:
If the policies are not listed under sysvol policies folder, probably they are orphaned policies

I believe these are not default domain policy OR default domain controller policy you are talking about, no need to delete these default policies.

U can download GPMC sample scripts and install it
Within that there is scripts folder and underneath that script to find orphaned GPOs
Run that script before deleting any outdated GPOs from AD
http://www.microsoft.com/download/en/confirmation.aspx?id=14536

If you have 2008 R2 or above DC, you can run below PowerShell script to find out orphaned GPOs which you can safely remove
http://www.jhouseconsulting.com/2012/09/03/finding-orphaned-group-policy-objects-807
0
 
AfternoonShiftAuthor Commented:
Thanks guys for the replies! The were all very helpful.

I ended up running the PS script on my 2012R2 DC and i saw it was listed as orphaned. It does match the one that was in my AD OU (Domain Controllers Folder).  Instead of removing it, i used the "DCGPOFix /ignoreschema /target:DC" command. I can now view the policy and it recreated the policy under the /sysvol/domain.local/policies folder.
0

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now