Active Directory

I was looking at our AD servers as I just took them over from a previous administrator and things look a bit of a mess. First off I ran the best practice analyzer on AD Domain Services and got a couple of critical errors. I attached the screenshot. We are running Win 2008 R2. We have a number of DCs. Can this be resolved without any impact?
InSearchOfAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

FOXActive Directory/Exchange EngineerCommented:
Screenshot is not attached
InSearchOfAuthor Commented:
Ooops. Sorry about that.
ad-best-practice.docx
FOXActive Directory/Exchange EngineerCommented:
Those are the only 2 errors you have?  The first one is pretty self explanatory.  I would first check to see if Deny Access to this computer is set to Everyone.  If it isn't then grant access to this computer from the network to the groups it has mentioned. For your second error I would run a gpupdate /force on that server with a reboot.
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

InSearchOfAuthor Commented:
I was able to resolve the first error. But not the second because I do not see a "Default Domain Controller Policy"
FOXActive Directory/Exchange EngineerCommented:
Open Group Policy Management on one of your DCs and expand Group Policy Objects and you will see it there.
It is suppose to be linked to the Domain Controllers OU as well
InSearchOfAuthor Commented:
Aha. It says its linked so why do I get the the error?
FOXActive Directory/Exchange EngineerCommented:
do a gpupdate /force from an elevated command line and then reboot.
InSearchOfAuthor Commented:
When I expand the Domain Controller OU in GPMC I see the "Domain Controllers Policy" gpo is linked
FOXActive Directory/Exchange EngineerCommented:
Yes you mentioned that. I assume that DC is in the Domain Controller OU as well.  On that DC that has that error, open an elevated command prompt   gpupdate /force.    Then do a reboot  on it.
InSearchOfAuthor Commented:
Sorry I got wrong. There is no "Default Domain Controller Policy" in GP objects. It looks like someone replaced it or renamed with "Domain Controllers Policy"
FOXActive Directory/Exchange EngineerCommented:
1. In Group Policy Management verify what Group Policy is linked to the Domain Controllers OU
2. Find a functional domain controller and verify what groups it belongs to
3. Set the domain controller that is faulting out to the same group memberships and remove any that don't match the functional one.
4.  As stated above, run a gpupdate /force on the domain controller in question and reboot.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
InSearchOfAuthor Commented:
I will do a gpupdate /f with a reboot after hours. I do not want to do it during production.
InSearchOfAuthor Commented:
All my DCs are flagging the same error
FOXActive Directory/Exchange EngineerCommented:
Link the Default domain controller policy to the domain controller OU

https://technet.microsoft.com/en-us/library/ff646920(v=ws.10).aspx
InSearchOfAuthor Commented:
Like I said there is no default controller policy. It is not there
InSearchOfAuthor Commented:
I tried the gpupdate /f with a reboot and still get the same error complaining about the "Default Controllers Policy" not being applied to the "Domain Controllers OU" when I run the Best Practice. When I go to the "Domain Controllers" OU in the GPMC I have a "Domain Controllers Policy" gpo linked.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.