2,597 questions
Maybe this one helps.
https://learn.microsoft.com/en-us/troubleshoot/windows-server/group-policy/fail-to-run-gpmc
--please don't forget to upvote and Accept as answer if the reply is helpful--
Azure Active Directory Domain Services Edit Default Domain Policy SYSVOL permissions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 44%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJP%3C/text%3E%3C/svg%3E)
John Pil
1
Reputation point
I configured the azure active directory domain services . Everything seems to be okay, however when i open the group policy add-on from a Virtual Machine and i click on default domain policy or default domain controllers policy, i get the below message:
"The permissions for this gpo in the sysvol folder are inconsistent with those in active directory. it is recommended that these permissions be consistent. Contact an administrator who has rights to modify security on this gpo".
I suspect that this message is normal and i do not need to worry, however I'm not 100% sure.
Would you please share your opinion on this matter?
Microsoft Security | Microsoft Entra | Other
{count} votes
-
JamesTran-MSFT 36,911 Reputation points Microsoft Employee Moderator2022-10-26T23:02:10.287+00:00 @John Pil
I just wanted to check in and see if you had any other questions or if you were able to resolve this issue?
Sign in to comment
2 answers
Sort by: Most helpful
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Anonymous2022-10-23T21:39:41.53+00:00 -
John Pil 1 Reputation point
2022-10-24T09:44:44.11+00:00 Thank you for your answer.
I 've read the post, but this post refer to Active Directory and not to Azure Active Directory Domain Services.
Is this right?
I think it is normal for Azure Active Directory Domain Services that i do not have permissions to edit the default domain policy or default domain controllers policy, but i m not 100% sure.
Can anyone confirm that this is normal?
Sign in to comment -
-
JamesTran-MSFT 36,911 Reputation points Microsoft Employee Moderator
2022-10-24T18:56:00.357+00:00 @John Pil
Thank you for your post!From your error I found some similar support requests, and when it comes to modifying the Default Domain Policies the error message that you received is expected.
Error Message:
The permissions for this gpo in the sysvol folder are inconsistent with those in active directory. it is recommended that these permissions be consistent. Contact an administrator who has rights to modify security on this gpo.The Default Domain or Default Domain Controllers policies are not modifiable, instead the alternative is to create custom GPOs or edit the AADDC Users and AADDC Computers policies.
If you'd like to create a domain password policy, this action isn't performed by editing the Default Domain Policies, but by using the Active Directory Administrative Center and creating a fine-grained password policy to target custom groups and OUs. For more info - Password and account lockout policies on Azure Active Directory Domain Services managed domains.
I hope this helps!
If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.----------
Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.
-
JamesTran-MSFT 36,911 Reputation points Microsoft Employee Moderator
2022-10-25T16:00:12.54+00:00 @John Pil
I just wanted to check in and see if you had any other questions or if you were able to resolve this issue?
Sign in to comment -