Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Active Directory

Posted on 2016-08-02
16
Medium Priority
?
52 Views
Last Modified: 2016-08-04
I was looking at our AD servers as I just took them over from a previous administrator and things look a bit of a mess. First off I ran the best practice analyzer on AD Domain Services and got a couple of critical errors. I attached the screenshot. We are running Win 2008 R2. We have a number of DCs. Can this be resolved without any impact?
0
Comment
Question by:InSearchOf
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 7
16 Comments
 
LVL 16

Expert Comment

by:FOX
ID: 41739130
Screenshot is not attached
0
 

Author Comment

by:InSearchOf
ID: 41739192
Ooops. Sorry about that.
ad-best-practice.docx
0
 
LVL 16

Expert Comment

by:FOX
ID: 41739213
Those are the only 2 errors you have?  The first one is pretty self explanatory.  I would first check to see if Deny Access to this computer is set to Everyone.  If it isn't then grant access to this computer from the network to the groups it has mentioned. For your second error I would run a gpupdate /force on that server with a reboot.
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 

Author Comment

by:InSearchOf
ID: 41739215
I was able to resolve the first error. But not the second because I do not see a "Default Domain Controller Policy"
0
 
LVL 16

Expert Comment

by:FOX
ID: 41739223
Open Group Policy Management on one of your DCs and expand Group Policy Objects and you will see it there.
It is suppose to be linked to the Domain Controllers OU as well
0
 

Author Comment

by:InSearchOf
ID: 41739231
Aha. It says its linked so why do I get the the error?
0
 
LVL 16

Expert Comment

by:FOX
ID: 41739239
do a gpupdate /force from an elevated command line and then reboot.
0
 

Author Comment

by:InSearchOf
ID: 41739246
When I expand the Domain Controller OU in GPMC I see the "Domain Controllers Policy" gpo is linked
0
 
LVL 16

Expert Comment

by:FOX
ID: 41739250
Yes you mentioned that. I assume that DC is in the Domain Controller OU as well.  On that DC that has that error, open an elevated command prompt   gpupdate /force.    Then do a reboot  on it.
0
 

Author Comment

by:InSearchOf
ID: 41739260
Sorry I got wrong. There is no "Default Domain Controller Policy" in GP objects. It looks like someone replaced it or renamed with "Domain Controllers Policy"
0
 
LVL 16

Accepted Solution

by:
FOX earned 2000 total points
ID: 41739267
1. In Group Policy Management verify what Group Policy is linked to the Domain Controllers OU
2. Find a functional domain controller and verify what groups it belongs to
3. Set the domain controller that is faulting out to the same group memberships and remove any that don't match the functional one.
4.  As stated above, run a gpupdate /force on the domain controller in question and reboot.
0
 

Author Comment

by:InSearchOf
ID: 41739271
I will do a gpupdate /f with a reboot after hours. I do not want to do it during production.
0
 

Author Comment

by:InSearchOf
ID: 41739274
All my DCs are flagging the same error
0
 
LVL 16

Expert Comment

by:FOX
ID: 41739305
Link the Default domain controller policy to the domain controller OU

https://technet.microsoft.com/en-us/library/ff646920(v=ws.10).aspx
0
 

Author Comment

by:InSearchOf
ID: 41739370
Like I said there is no default controller policy. It is not there
0
 

Author Comment

by:InSearchOf
ID: 41740616
I tried the gpupdate /f with a reboot and still get the same error complaining about the "Default Controllers Policy" not being applied to the "Domain Controllers OU" when I run the Best Practice. When I go to the "Domain Controllers" OU in the GPMC I have a "Domain Controllers Policy" gpo linked.
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question