Link to home
Start Free TrialLog in
Avatar of InSearchOf
InSearchOfFlag for United States of America

asked on

Active Directory

I was looking at our AD servers as I just took them over from a previous administrator and things look a bit of a mess. First off I ran the best practice analyzer on AD Domain Services and got a couple of critical errors. I attached the screenshot. We are running Win 2008 R2. We have a number of DCs. Can this be resolved without any impact?
Avatar of FOX
FOX
Flag of United States of America image
Screenshot is not attached
Avatar of InSearchOf
InSearchOf
Flag of United States of America image

ASKER

Ooops. Sorry about that.
ad-best-practice.docx
Avatar of FOX
FOX
Flag of United States of America image
Those are the only 2 errors you have?  The first one is pretty self explanatory.  I would first check to see if Deny Access to this computer is set to Everyone.  If it isn't then grant access to this computer from the network to the groups it has mentioned. For your second error I would run a gpupdate /force on that server with a reboot.
Avatar of InSearchOf
InSearchOf
Flag of United States of America image

ASKER

I was able to resolve the first error. But not the second because I do not see a "Default Domain Controller Policy"
Avatar of FOX
FOX
Flag of United States of America image
Open Group Policy Management on one of your DCs and expand Group Policy Objects and you will see it there.
It is suppose to be linked to the Domain Controllers OU as well
Avatar of InSearchOf
InSearchOf
Flag of United States of America image

ASKER

Aha. It says its linked so why do I get the the error?
Avatar of FOX
FOX
Flag of United States of America image
do a gpupdate /force from an elevated command line and then reboot.
Avatar of InSearchOf
InSearchOf
Flag of United States of America image

ASKER

When I expand the Domain Controller OU in GPMC I see the "Domain Controllers Policy" gpo is linked
Avatar of FOX
FOX
Flag of United States of America image
Yes you mentioned that. I assume that DC is in the Domain Controller OU as well.  On that DC that has that error, open an elevated command prompt   gpupdate /force.    Then do a reboot  on it.
Avatar of InSearchOf
InSearchOf
Flag of United States of America image

ASKER

Sorry I got wrong. There is no "Default Domain Controller Policy" in GP objects. It looks like someone replaced it or renamed with "Domain Controllers Policy"
ASKER CERTIFIED SOLUTION
Avatar of FOX
FOX
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of InSearchOf
InSearchOf
Flag of United States of America image

ASKER

I will do a gpupdate /f with a reboot after hours. I do not want to do it during production.
Avatar of InSearchOf
InSearchOf
Flag of United States of America image

ASKER

All my DCs are flagging the same error
Avatar of FOX
FOX
Flag of United States of America image
Link the Default domain controller policy to the domain controller OU

https://technet.microsoft.com/en-us/library/ff646920(v=ws.10).aspx
Avatar of InSearchOf
InSearchOf
Flag of United States of America image

ASKER

Like I said there is no default controller policy. It is not there
Avatar of InSearchOf
InSearchOf
Flag of United States of America image

ASKER

I tried the gpupdate /f with a reboot and still get the same error complaining about the "Default Controllers Policy" not being applied to the "Domain Controllers OU" when I run the Best Practice. When I go to the "Domain Controllers" OU in the GPMC I have a "Domain Controllers Policy" gpo linked.