H
Helgi B.
I seem to have a corrupt Default DC Policy. Event ID 1000 and 1202 is logged
in the Application Logs on the DCs every 5 minutes. I have found KB article
279432 that describes similar problem but the solution suggested, to make
sure the Default DC policy is linked to the DCs OU, is not applicable (i.e.
this is already linked).
When I open the policy I have nodes for "Public Key Policies" and "IP
Security Policies on Active Directory" but I don't have "Account Policies",
"Local Policies", "Event Log", "Restricted Groups", "System Services",
"Registry" or "File System".
I have a crummy suspicion this may be caused by the DCs having been moved
from the DC OU a few months ago and then quickly moved back due to
unexpected problems. Anyway, I reckon I could probably get away with
deleting the "Default Domain Controllers" policy (or at least removing the
link from the DCs OU) and creating a new policy with the settings needed.
But I don't want to reckon, I want to be sure! I've got 8 E2K servers, the
companies Intranet plus a few other services relying on AD, so I don't want
to take any unnecessary risks.
So, Ladies and Gents, how should I progress?
Thanks,
Helgi
in the Application Logs on the DCs every 5 minutes. I have found KB article
279432 that describes similar problem but the solution suggested, to make
sure the Default DC policy is linked to the DCs OU, is not applicable (i.e.
this is already linked).
When I open the policy I have nodes for "Public Key Policies" and "IP
Security Policies on Active Directory" but I don't have "Account Policies",
"Local Policies", "Event Log", "Restricted Groups", "System Services",
"Registry" or "File System".
I have a crummy suspicion this may be caused by the DCs having been moved
from the DC OU a few months ago and then quickly moved back due to
unexpected problems. Anyway, I reckon I could probably get away with
deleting the "Default Domain Controllers" policy (or at least removing the
link from the DCs OU) and creating a new policy with the settings needed.
But I don't want to reckon, I want to be sure! I've got 8 E2K servers, the
companies Intranet plus a few other services relying on AD, so I don't want
to take any unnecessary risks.
So, Ladies and Gents, how should I progress?
Thanks,
Helgi