Announcement

Collapse
No announcement yet.

Reseting Default Domain Policy...

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Reseting Default Domain Policy...

    I came to a new job and have been diagnosing everything.

    One of the things that I noticed is that they modified the Default Domain policy and it is currently 'unlinked' to the domain.

    So, I am looking for a way to restore the default domain policy back to its original settings and relink it back to the domain.

    Anyone have some suggestions? I am not quite sure the best course of action with this.

    Thanks.

    TCG

  • #2
    Re: Reseting Default Domain Policy...

    Forgot to add, the Default Domain Controller Policy has been modified as well...

    *sigh*

    So I need to basically revert both of these policies back to what they were originally when the server was installed.

    I have been using google, but no luck lately.

    Comment


    • #3
      Re: Reseting Default Domain Policy...

      Ok...found the:

      dcgpofix

      builtin command.
      Tested it in a lab environment and seemed to to the trick.

      Any caveats I need to be aware of with this command?

      Thanks,

      TCG

      Comment


      • #4
        Re: Reseting Default Domain Policy...

        Set up a brand new domain from scratch in a test environment (I suggest virtual).

        You can then use Microsoft's Group Policy Management Console to export the untouched default GPOs from that new domain, and re-import them into your production domain. This should work for any GPO.

        Jas
        VCDX3 #34, VCDX4, VCDX5, VCAP4-DCA #14, VCAP4-DCD #35, VCAP5-DCD, VCPx4, vEXPERTx4, MCSEx3, MCSAx2, MCP, CCAx2, A+
        boche.net - VMware Virtualization Evangelist
        My advice has no warranties. Follow at your own risk.

        Comment


        • #5
          Re: Reseting Default Domain Policy...

          Originally posted by jasonboche View Post
          Set up a brand new domain from scratch in a test environment (I suggest virtual).

          You can then use Microsoft's Group Policy Management Console to export the untouched default GPOs from that new domain, and re-import them into your production domain. This should work for any GPO.

          Jas
          Ahh....good idea.

          And I can import just the Default Domain and Default Domain Controller policies?

          Comment


          • #6
            Re: Reseting Default Domain Policy...

            Yup. more words
            VCDX3 #34, VCDX4, VCDX5, VCAP4-DCA #14, VCAP4-DCD #35, VCAP5-DCD, VCPx4, vEXPERTx4, MCSEx3, MCSAx2, MCP, CCAx2, A+
            boche.net - VMware Virtualization Evangelist
            My advice has no warranties. Follow at your own risk.

            Comment


            • #7
              Re: Reseting Default Domain Policy...

              Originally posted by jasonboche View Post
              Yup. more words
              One last question:

              When you import policies, does it overwrite JUST the policies that are being imported?

              For example, I have about 12 GPO's currently in production (including default domain and default DC). Now, if I setup a brand new domain and backup the freshly setup default domain and default DC policies (only ones at time of install), when I import this into my lab and production environments, it will only restore OVER those two policies? It will not affect the other GPO's?

              Just wanted to clarify.
              Thanks.

              Comment


              • #8
                Re: Reseting Default Domain Policy...

                Yep. Exactly. Correct
                VCDX3 #34, VCDX4, VCDX5, VCAP4-DCA #14, VCAP4-DCD #35, VCAP5-DCD, VCPx4, vEXPERTx4, MCSEx3, MCSAx2, MCP, CCAx2, A+
                boche.net - VMware Virtualization Evangelist
                My advice has no warranties. Follow at your own risk.

                Comment


                • #9
                  Re: Reseting Default Domain Policy...

                  Ok...finally got around to setting up a virtual Domain environment...backed up the GPO's using the GPMC.

                  Now, I have them on my USB key and I was just checking them out.
                  do I need to edit them at all? I was looking through the XML files and they have the name of the domain and server I setup.

                  Being as the names are different, that would seem to be a problem?

                  Comment


                  • #10
                    Re: Reseting Default Domain Policy...

                    DO NOT EDIT the backed up GPO files by hand.

                    What will happen when you go to restore the GPOs in your other environment is you will run the migration editor tool thingy that creates a translation table mapping all old names (SIDS) with new names. After the translation mapping is complete, then it is safe to import the GPO. It wouldn't be a bad idea to first back up the existing GPOs so you have a back out plan and also a means to dissect the GPO later on in a test or lab environment to break it down and see what it was doing.

                    Jas
                    VCDX3 #34, VCDX4, VCDX5, VCAP4-DCA #14, VCAP4-DCD #35, VCAP5-DCD, VCPx4, vEXPERTx4, MCSEx3, MCSAx2, MCP, CCAx2, A+
                    boche.net - VMware Virtualization Evangelist
                    My advice has no warranties. Follow at your own risk.

                    Comment

                    Working...
                    X