AWG Blogs

  • Coding without IF statements - Found below linked article that provides tips on how to avoid using IF statements, with one of the benefits being readability. The tips largely are based o...
    1 day ago
  • Microservices - A species would be a combination of roles [DCI?], instead of being characterized as an animal, which would not necessarily be the best description. At a ...
    2 weeks ago
  • CoR compared to Pipe and Filter - Java World implies the pipes-and-filters architectural style described by Parnas Software systems often employ the equivalent of pipes (e.g., email filter...
    7 months ago
  • Getting ADB Working for SPH-M840 - Had a SPH-M840 Galaxy Ring Virgin Mobile 3G Android version 4.1.2, attempting to install apps from Android Studio failed to detect device. Installed SAMSUN...
    1 year ago
  • How to check if I have write permissions to an Oracle table - SELECT CASE WHEN COUNT(*) > 0 THEN 'YES' ELSE 'NO' END AS PERMISSIONS FROM ( SELECT privilege FROM ( select * from dba_tab_privs where (grantee = 'MY_USE...
    1 year ago
  • Flyweight vs Singleton - Implementations seems to be virtually identical, differing only in style, where the flyweight object is created and held by associated objects (containers:...
    2 years ago
  • init-param vs context-param - see for background. Gist: context-param variables are global and accessible thro...
    2 years ago
  • rbenv vs RVM - RVM is responsible not only for changing Ruby versions, but for installing rubies and managing gemsets, as well. ...Along with rbenv [to manage ruby versi...
    2 years ago

Saturday, September 25, 2010

Missing GPOs After DC Decommission

I followed the standard Microsoft method for decommissioning a domain controller. After retiring the server from lab, to my consternation, I started getting errors such as the following, for instance, when running gpupdate /force from a member workstation:The processing of Group Policy failed. Windows attempted to read the file \\my.domain\sysvol\my.domain\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.i
ni from a domain controller and was not successful. Group Policy settings may no
t be applied until this event is resolved. This issue may be transient and could
be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller
has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.

I found out that all the GPOs were missing from \\my.domain\sysvol\my.domain\policies. In fact even the policies folder was missing until and I created a couple of new GPOs in gpmc.msc.
The only way to fix things now is delete the dangling referenced GPOs from Group Policy Management (for which there is no corresponding ID file in the policies folder), and recreate them. I should have either backed up the DC or the GPOs individually so that I could restore them.
I followed the decommision procedure to a tee, however, I did encounter errors which I assumed were cleared up after fixing them...but apparently not.

Other symptoms of this problem: when you right click the policy in Group Policy Management and click edit, this error message appears: "Failed to open the group policy object. You may not have appropriate rights." "Details: the system cannot find the path specified."

Besides the missing GPOs, the NetLogon share was missing as well. This was solved by creating a folder called "Scripts" in \\my.domain\sysvol\my.domain and rebooting the computer.

No comments:

Post a Comment