none
DC Promo Problem

    Question

  • Hi All,

    I've just promoted two new 2012 R2 DC's to our domain, currently we have two 2008 R2 DC's still running in Server 2003 mode.

    Everything went as planned, but after looking around for some unrelated audit history I noticed that the Default Domain Policy has somehow been reset to the default settings of 6 characters minimum and the lockout times were also changed.

    The interesting part.

    1. This happened exactly the same time as the first promotion.

    As far as I know this is not an expected result, right?

    Any help appreciated!

    Wednesday, August 10, 2016 11:58 PM

Answers

  • This is not the expected result.  The Default Domain Policy, and in fact any GPO, will not change itself on its own.

    Best Regards, Todd Heron | Active Directory Consultant

    Thursday, August 11, 2016 11:55 AM
  • It should not happen automatically. If you do have a backup of GPOs in place go ahead and restore the GPO. Also check the Audit logs if you can trace out something. 

    Thanks,

    Roushan

    Thursday, August 11, 2016 12:03 PM

All replies

  • This is not the expected result.  The Default Domain Policy, and in fact any GPO, will not change itself on its own.

    Best Regards, Todd Heron | Active Directory Consultant

    Thursday, August 11, 2016 11:55 AM
  • It should not happen automatically. If you do have a backup of GPOs in place go ahead and restore the GPO. Also check the Audit logs if you can trace out something. 

    Thanks,

    Roushan

    Thursday, August 11, 2016 12:03 PM
  • Hi,

    Are there any updates?

    Best Regards,

    Jay


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, August 16, 2016 5:22 AM
    Moderator
  • how is the Sysvol being Replicated DFSR..? FRS is disabled on 2012 R2 by default
    Tuesday, August 16, 2016 2:28 PM