FYI: There is a Win2k version of this tool for re-creating the DDCP and DDP here: http://download.microsoft.com/download/6/1/8/618ecc9d-2edd-42fe-9a53-7f1 971154697/RecreateDefpol.EXE
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Monday, January 31, 2005 8:33 AM To: [email protected] Subject: RE: [ActiveDir] Missing 'default domain policy gpo' in sysvol folder Hi Adam, you are right. DCGPOfix is only for Windows 2003. In this case I would agree to the procedure Guido described. If you have different domains you can copy the default domain policy from any other domain (as long as you didn't modify this policy). You do not need to create a new domain. A new DC wouldn't recreate the default domain policy. It would just replicate the current domain policies... Volker > Hi Guido, thanks for you reply. > > The target domain is a child from the root. I will build a lab domain > (as > root) and replicate the server name, then copy over the GPO folder. > Do you think that will be okay? > > Would introducing a DC to this damaged domain recreate the default > domain gpo? > > Regards > > Adam > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, > Guido > Sent: 31 January 2005 13:11 > To: [email protected] > Subject: RE: [ActiveDir] Missing 'default domain policy gpo' in sysvol > folder > > as this is a default GPO with a well-known ID, you can copy the > {6AC1786C-016F-11D2-945F-00C04fB984F9} folder from the SYSVOL of > another AD installation (e.g. from your test-lab or from virtual > machine etc.). > Just make sure, that source's GPO isn't configured with anything > specific to that domain. > > The safest way would be to install a new single-domain AD forest in > your lab and then copy the folder from there to your production DC. > > /Guido > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of knighTslayer > Sent: Monday, January 31, 2005 1:50 PM > To: [email protected] > Subject: RE: [ActiveDir] Missing 'default domain policy gpo' in sysvol > folder > > I have the KB for the security settings, but I cannot find anything on > actually regenerating the GPO other than a restore. Restore is not an > option. > > Thanks > > Adam > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Peter Johnson > Sent: 31 January 2005 12:38 > To: [email protected] > Subject: RE: [ActiveDir] Missing 'default domain policy gpo' in sysvol > folder > > IIRC there is a MS doc on recovering the default GPO and security > settings. > This might apply in this scenario? > > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of knighTslayer > Sent: 31 January 2005 14:23 > To: [email protected] > Subject: RE: [ActiveDir] Missing 'default domain policy gpo' in sysvol > folder > > There is one more domain controller in this domain, and that too has > the files missing. > > I will look at the file recovery, but I doubt very much that I will > recover it. > > Thanks for your help so far. > > Anyone else got any ideas? > > Regards > > Adam > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Chandra Burra > Sent: 31 January 2005 12:15 > To: [email protected] > Subject: Re: [ActiveDir] Missing 'default domain policy gpo' in sysvol > folder > > Do that domain has a replication partner.....if yes can you check on > that server if you can copy that folder off... > > others i can think of is the tool to restore the deleted items from > the harddisk - like File restore from winternals > > > On Mon, 31 Jan 2005 11:48:14 -0000, knighTslayer > <[EMAIL PROTECTED]> wrote: >> The GPO GUID is missing from the sysvol directory. I understand your >> suggestion about the permissions and I followed the KB which relates >> to this, but simply, the object (folder) is missing from the sysvol > folder. >> >> I am unable to edit it, because it is missing. >> >> Adam >> >> -----Original Message----- >> From: [EMAIL PROTECTED] >> [mailto:[EMAIL PROTECTED] On Behalf Of Chandra >> Burra >> >> Sent: 31 January 2005 11:36 >> To: [email protected] >> Subject: Re: [ActiveDir] Missing 'default domain policy gpo' in >> sysvol > >> folder >> >> Adam., >> >> If i understood the problem correct --> you are able to c the GP In >> the GPUC >> --> but are not able to edit. >> >> then can you confirm that the object exisit. Go to GPUC--> System --> >> Polocies and check for the GP SID u r mentionging. >> >> If that exisits and you are not able to edit that GP then its simply >> issue with permissions on that child domain. >> >> Regards, >> Chandra >> >> On Mon, 31 Jan 2005 11:14:14 -0000, knighTslayer >> <[EMAIL PROTECTED]> wrote: >> > Chandra, thanks for your response. I looked in Lost and found and >> > it is empty. >> > >> > Regards >> > >> > Adam >> > >> > -----Original Message----- >> > From: [EMAIL PROTECTED] >> > [mailto:[EMAIL PROTECTED] On Behalf Of Chandra >> > Burra >> > Sent: 31 January 2005 11:08 >> > To: [email protected] >> > Subject: Re: [ActiveDir] Missing 'default domain policy gpo' in >> > sysvol folder >> > >> > did u try in Lost and Found >> > >> > AD users & Computes --> View --> Advanced Features ( check this) to >> > get more folders on the left panel. >> > >> > Regards, >> > Chandra >> > >> > On Mon, 31 Jan 2005 10:26:33 -0000, knighTslayer >> > <[EMAIL PROTECTED]> wrote: >> > > Hi, >> > > >> > > Running Windows 2000 sp4 Active Directory. >> > > Domain concerned is a child domain off the root domain. >> > > >> > > I cannot edit the default domain policy object through ADUC or >> > > GPO > >> > > edit. I get a Group Policy Error: >> > > >> > > "Failed to open the Group Policy Object. You may not have >> > > appropriate rights." >> > > >> > > I followed KB 294275, however it occurred to me that the actual >> > > folder is missing in \Sysvol\Domain\Policies\ >> > "{6AC1786C-016F-11D2-945F-00C04fB984F9}" >> > > >> > > There are no backups or copies of the directories anywhere. This >> > > is a domain without users (yet) and was set-up by another 3rd >> > > party under the control of the root domain admins. >> > > >> > > Can I regenerate the default domain gpo or is there another >> > > option > >> > > to recreate this? >> > > >> > > TIA >> > > >> > > Adam >> > > >> > > List info : http://www.activedir.org/List.aspx >> > > List FAQ : http://www.activedir.org/ListFAQ.aspx >> > > List archive: >> > > http://www.mail-archive.com/activedir%40mail.activedir.org/ >> > > >> > List info : http://www.activedir.org/List.aspx >> > List FAQ : http://www.activedir.org/ListFAQ.aspx >> > List archive: >> > http://www.mail-archive.com/activedir%40mail.activedir.org/ >> > >> > List info : http://www.activedir.org/List.aspx >> > List FAQ : http://www.activedir.org/ListFAQ.aspx >> > List archive: >> > http://www.mail-archive.com/activedir%40mail.activedir.org/ >> > >> List info : http://www.activedir.org/List.aspx >> List FAQ : http://www.activedir.org/ListFAQ.aspx >> List archive: >> http://www.mail-archive.com/activedir%40mail.activedir.org/ >> >> List info : http://www.activedir.org/List.aspx >> List FAQ : http://www.activedir.org/ListFAQ.aspx >> List archive: >> http://www.mail-archive.com/activedir%40mail.activedir.org/ >> > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
