GUI folders missing in \\sysvol\domain\policies - Florian Frommherz [MVP] |
12-Jun-08 02:39:28
|
Howdie!
Andrei G schrieb:
If there is an accurate backup of the very first DC that you demoted (as
I believe the replication between the first and the one you added a
month ago didn't work correctly), you can restore it. Use the backup and
restore the folders to a seperate location and then copy them manually
into the "Policies" folder.
I'd first try to circumvent dcgpofix and use the backup. It doesn't
re-create all GPOs you have but the two default policies and might, if
you have Exchange running, mess its security settings up (there's a KB
for this, I think).
cheers,
Florian
--
Microsoft MVP - Windows Server - Group Policy.
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Use a newsreader! http://www.frickelsoft.net/news.html |
 |
| |
GUI folders missing in \\sysvol\domain\policies - Andrei |
12-Jun-08 08:45:00
|
Thank you very much Florian.
There is no exchange server in the domain and I realized that if there is no
policy in place then dcgofix won't do that much harm.
Anyways I'm going to take your advice 1st and put back the old policies back
to their original place and I'll report back. Question is if the AD finding
the policies is going to recreate back the necessary links and then replicate
to the other DC? |
| |
| |
GUI folders missing in \\sysvol\domain\policies - Florian Frommherz [MVP] |
12-Jun-08 01:10:56
|
Howdie!
Andrei G schrieb:
If the policies are still there (in Active Directory, in the CN=Policies
container), there shouldn't be any further steps to take than just
re-create the GUID-folders in SYSVOL.
I'd go for the re-creation. If there's anything left, feel free to post
back. Make sure replication is healthy now so that both DCs are
up-to-date right now.
cheers,
Florian
--
Microsoft MVP - Windows Server - Group Policy.
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Use a newsreader! http://www.frickelsoft.net/news.html |
| |
| |
GUI folders missing in \\sysvol\domain\policies - Andrei |
12-Jun-08 05:00:06
|
Hey Florian,
I copied over the GUIDs to the policies folder. They have been replicated to
the other DC. The GPMC sees them and it corrected some permission/security
issues. I don't see them in AD though (users and computers\advanced\default
domain policy).
By the way the usernv event id 1030 disappeared and I'm happy with that.
What else should I do. It seems to be ok.
Andrei |
| |
| |
GUI folders missing in \\sysvol\domain\policies - Florian Frommherz [MVP] |
13-Jun-08 01:28:43
|
Howdie!
Andrei G schrieb:
What do you mean by "I don't see them in AD though"?
Can you successfully open and edit the policy? Do clients apply them?
cheers,
Florian
--
Microsoft MVP - Windows Server - Group Policy.
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Use a newsreader! http://www.frickelsoft.net/news.html |
| |
| |
GUI folders missing in \\sysvol\domain\policies - Andrei |
13-Jun-08 08:41:01
|
Hey Florian,
I don't know how to check that. I can open them with GPMC and if I go in
setting tab and hit show I can see them with success or no audit etc.
Yesterday at 5 pm th usernv 1030 event id stopped.
At this point I don't know what to do more.
In administrative tools\users and computers advance view there is is a tab
there called system and in system another one called default domain policy. I
don't see the GUIDs there but I see them in sysvol.
Any idea?
Thank you. |
| |
| |
GUI folders missing in \\sysvol\domain\policies - Andrei |
13-Jun-08 08:58:01
|
Right now I ran a gpupdate on one of the clients and did not see any error in
the event viewer. Is it good? How else should I check that the global
p[policies are working fine?
Thank you.
Andrei |
| |
| |
GUI folders missing in \\sysvol\domain\policies - Florian Frommherz [MVP] |
13-Jun-08 09:50:58
|
Howdie!
Andrei G schrieb:
Check with rsop.msc on a client if all policies are applied as expected.
When turning on advanced mode, you should see the policy under System -
Policies. There should be a folder for every single policy named with
the policy's GUID. If it isn't there, you will have to restore them with
an authoritive restore from the backup of your old server. I hoped those
were replicated at least.
cheers,
Florian
--
Microsoft MVP - Windows Server - Group Policy.
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Use a newsreader! http://www.frickelsoft.net/news.html |
| |
| |
GUI folders missing in \\sysvol\domain\policies - Andrei |
13-Jun-08 10:06:03
|
Florian,
Using rsop.msc is a success. I see for example password domain policy
successfully applied and audited.
I'm checking now how to use that authoritative restore of the GUIDs. I
haven't done it before.
Do you have a link to a KB how to do it or any other source?
Thank you. |
| |
| |
GUI folders missing in \\sysvol\domain\policies - Andrei |
13-Jun-08 10:10:02
|
Hey Florian,
I repeat. The backup I have is only a copy of the sysvol folder and not a
backup of the policy. Hope that helps to evaluate better the situation.
Andrei |
| |
| |
GUI folders missing in \\sysvol\domain\policies - Andrei |
13-Jun-08 10:26:01
|
Florian,
I think I've got it. In GPMC a did 1st a backup of all policies and then an
authoritative restore of the same backup. Very simple solution :). I see now
the policies in system\policies but the folders machine and user are empty.
Maybe they should be like this.
I would say the problem is solved now.'Thank you very much.
Cheers,
Andrei |
| |
| |