Solved

Delete unused "domain controllers Policy" Group Policy

Posted on 2015-01-03
4
503 Views
Last Modified: 2015-01-04
I'm migrating from an old Windows 2003 server to Windows 2012R2. I noticed errors on the domain controllers when i looked at event viewer.  It looks to be the Policies that were created when the domain was run on Window 2000 servers.  I'm assuming the previous admin never transferred over the policy. Its not listed in the SysVOL/domain.local/polices folder.  Since the policy is not being applied to any domain controllers since it can't be located, is it safe to delete without any issues?
feel like i'm answering my own question, but better safe than sorry.
0
Comment
Question by:AfternoonShift
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 46

Assisted Solution

by:Craig Beck
Craig Beck earned 25 total points
ID: 40530258
If you're referring to the "Default Domain Controllers Policy" GPO, that policy is a built-in policy - it can't be migrated or deleted.  When you migrate to a new version of server (or update the schema in some cases) the new schema will dictate what's in that policy.
0
 
LVL 22

Accepted Solution

by:
dan_blagut earned 250 total points
ID: 40530303
Hello

If you want that GPO can be restored by using dcgpofix command
http://technet.microsoft.com/en-us/library/hh875588.aspx
Is better to have this built-in GPO empty than delete it and perturb the domain.
Dan
0
 
LVL 37

Assisted Solution

by:Mahesh
Mahesh earned 225 total points
ID: 40530342
If the policies are not listed under sysvol policies folder, probably they are orphaned policies

I believe these are not default domain policy OR default domain controller policy you are talking about, no need to delete these default policies.

U can download GPMC sample scripts and install it
Within that there is scripts folder and underneath that script to find orphaned GPOs
Run that script before deleting any outdated GPOs from AD
http://www.microsoft.com/download/en/confirmation.aspx?id=14536

If you have 2008 R2 or above DC, you can run below PowerShell script to find out orphaned GPOs which you can safely remove
http://www.jhouseconsulting.com/2012/09/03/finding-orphaned-group-policy-objects-807
0
 

Author Comment

by:AfternoonShift
ID: 40530528
Thanks guys for the replies! The were all very helpful.

I ended up running the PS script on my 2012R2 DC and i saw it was listed as orphaned. It does match the one that was in my AD OU (Domain Controllers Folder).  Instead of removing it, i used the "DCGPOFix /ignoreschema /target:DC" command. I can now view the policy and it recreated the policy under the /sysvol/domain.local/policies folder.
0

Featured Post

The Ultimate Checklist to Optimize Your Website

Websites are getting bigger and complicated by the day. Video, images, custom fonts are all great for showcasing your product/service. But the price to pay in terms of reduced page load times and ultimately, decreased sales, can lead to some difficult decisions about what to cut.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question