Can't view all Security Settings in any GPO's when the PDC Emulator is down

  • Thread starter Thread starter bryan.rutkowski
  • Start date Start date
B

bryan.rutkowski

In one of our Domains we were doing a System State backup on the PDC
Emulator. When this machine went down to go into AD Restore Mode I
could not look at some of the security settings on any Group Policy I
had created. Mainly I could not view Local Policies, Account Policies,
and Event Log. I tried from multiple other Domain Controllers in the
domain, but none of them would display those settings listed above.
Once the PDC came back up we were able to view all of those Security
Settings again.

Does anyone know why when the PDC Emulator goes down all of those
settings are not shown anymore and can't be accessed?
 
I understand that the PDC Emulator is the default choice when editing
GPO's, so you would have to select to connect to another DC in the
domain.

In the GPMC console I would right click the domain, and select "Change
Domain Controller" i would then select a secondary DC that was still
running and try to edit any of the policies. The Security Settings
were still not showing up. It's like they were removed once the PDC
emulator when down. As soon as the PDC emulator came back online I
could edit the Security Settings again.

I guess to re-state my question, why when the PDC Emulator goes down
are you allowed to edit most other GPO settings, but none of the
Machine Policy - Security Settings.
 
I haven't played with GPMC in some time and never tested that specific
functionality. I could easily see it being implemented that way though
because the PDC is the only machine that can authoritatively speak to
the domain security policy.

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm
 
Back
Top