none
Restore GPO "Default Domain Policy" in Windows Server 2008

    Question

  • How do I restore the GPO "Default Domain Policy" of Windows Server 2008 Standard for the default installation?

    Thanks
    Leandro Lacerda
    Monday, August 18, 2008 8:11 PM

Answers

  •  

    Hi,

     

    Typically, we can use Dcgpofix.exe tool to restore default domain policy. However, it may occur error message "The Active Directory schema version for this domain, and the version supported by this tool do not match", when running on Windows server 2008. You can use dcgpofix.exe /ignoreschema switch to ignore this error message. For the detail syntax of Dcgpofix.exe, you can input Dcgpofix /? in command prompt to find more explanation.

     

    In addition, we can use backup and restore function provided in GMPC to restore default domain policy without losing any setting, ACL, GUID etc. For more information about the GPMC, visit the following Microsoft Web site:

    http://www.microsoft.com/windowsserver2003/gpmc/default.mspx

     

    Hope this helps.

    Tuesday, August 19, 2008 3:09 AM
    Moderator

All replies

  •  

    Hi,

     

    Typically, we can use Dcgpofix.exe tool to restore default domain policy. However, it may occur error message "The Active Directory schema version for this domain, and the version supported by this tool do not match", when running on Windows server 2008. You can use dcgpofix.exe /ignoreschema switch to ignore this error message. For the detail syntax of Dcgpofix.exe, you can input Dcgpofix /? in command prompt to find more explanation.

     

    In addition, we can use backup and restore function provided in GMPC to restore default domain policy without losing any setting, ACL, GUID etc. For more information about the GPMC, visit the following Microsoft Web site:

    http://www.microsoft.com/windowsserver2003/gpmc/default.mspx

     

    Hope this helps.

    Tuesday, August 19, 2008 3:09 AM
    Moderator
  • Thank you!!
    Leandro Lacerda
    Tuesday, August 19, 2008 12:48 PM
  • Hi, 

    I am having a problem trying to restore with dcgpofix.exe. It keeps telling me that:

    "Unable to read EFS certificates from Registry.pol file of Default Domain Policy..."

    and quits.

    How do I restore it?! Cannot edit it, and get an error message every 5 minutes to the log... Running AD in mixed mode with 2008 R2 servers and 2003 servers. I edited the PKI stuff and after that this happened. I'm starting to get some heat on, because I don't know how this problem will affect...

    Any help would be appreciated!

     

    Thanks,

    Petteri

    Wednesday, March 31, 2010 6:52 PM