Sysvol Permission Issue on single Domain controller

I am having an issue on one of my domain controllers. When I access the Group Policy Management Console to modify any of my login scripts I am getting an error message that I don't have permission to access the file location in the sysvol directory. The account that I am using has domain admin rights. I have attached the error message. We have three domain controllers and this one in question is a brand new DC. Some recent domain changes in recent weeks have been the removal of my last 2003 DC and the raising of the functional level of the domain and forest.
Screen Capture of the error message
LVL 1
ISSoFHAAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

 
CompProbSolvCommented:
I've seen a similar problem before where the Sysvol folder either doesn't exist or the permissions are wrong.  The fact that this is not a single Domain Controller makes it much easier to fix.

Does the Sysvol folder exist?  If so, it should be very similar to that folder on the other Domain Controllers.

You could look at the differences and repair them manually.  This link will show you how to recreate it from one of the working DCs:
https://support.microsoft.com/en-us/kb/315457
0
 
ISSoFHAAuthor Commented:
Here are a couple more details that I neglected to mention.

1. This happened to a different 2008 DC about two days after I removed the last 2003 server. I removed that DC as well which is why I have added this new DC now the new is experiencing the same issue after working for about a week flawlessly.
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
Is your replication work as expected? Try running the following replication commands.

repadmin /replsum
repadmin /showrepl
repadmin /bridgeheads
DCDiag /v

Also

netdom query fsmo

If you have completely removed the DC and re-added this DC you should not have any issues with permissions on Sysvol. There seems to be a more systemic issue.

Will.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
ISSoFHAAuthor Commented:
Will, I have run the commands and the fail I received was the NCSecDesc test and I know that one is ok if you don't plan on using RODCs in your domain.

Although a side note to whomever reads this make sure you run from an elevated command prompt of you will see a bunch of failures.
0
 
compdigit44Commented:
Have you run dcdiag /v /e >c:\dcdiag.txt

Any error in the event logs on the DC's?
0
 
ISSoFHAAuthor Commented:
I ended up having to call microsoft on the issue.
0

Experts Exchange Solution brought to you by ConnectWise

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
 
ISSoFHAAuthor Commented:
Microsoft support ended up assisting me with the issue.
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
Cna you please provide what the fix was?

Will.
0
 
ISSoFHAAuthor Commented:
From what I can tell he set the permissions on the top level of the policy folder and then forced the folder inheritance.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.