Restored default domain controller policy

David Kim 66 Reputation points
2021-07-21T03:17:37.543+00:00

We applied some security setting on domain controllers and our application broke.
These were many security GPOs added that it was difficult to figure out how to fix it.
Next we decided to restore the "default domain controller policy" by creating a new domain with new DCs.
The new default domain controller policy GPO was restored on the original domain's domain controllers.
See errors below:

Running enterprise tests on : ds.domain.com
Starting test: LocatorCheck
Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1722
A Global Catalog Server could not be located - All GC's are down.
Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1722
A Primary Domain Controller could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(TIME_SERVER) call failed, error 1722
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error 1722
A Good Time Server could not be located.
Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1722
A KDC could not be located - All the KDCs are down.
......................... ds.domain.com failed test LocatorCheck

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,807 questions
{count} vote

1 answer

Sort by: Most helpful
  1. Daisy Zhou 28,006 Reputation points Microsoft Vendor
    2021-07-21T07:24:03.547+00:00

    Hello @David Kim ,

    Thank you for posting here.

    To better understand your question, please confirm the following information at your convenience.

    1-Based on the description "we decided to restore the "default domain controller policy" by creating a new domain with new DCs", I understand you have backed up the "default domain controller policy" on DC in the old domain as below, right?

    116606-gpo1.png

    2-Based on the description "The new default domain controller policy GPO was restored on the original domain's domain controllers", how did you restore default domain controller policy GPO on new DC in the new domain from backed up default domain controller policy GPO on DC in the old domain?

    In my test lab, when I back up GPO named 111 (in domain a.local), I can restore this GPO to only GPO named 111 in the same domain (in domain a.local).

    116557-gpo2.png

    If I restored GPO named 111(in domain a.local) to another GPO named 222 in the same domain (in domain a.local), then I will see message "No backups found".

    Or if I copied backed up GPO named 111 (in domain a.local)to DC in domain named b.local and restored the backed up GPO named 111 to any GPO in b.local, then I will see message "No backups found".

    116608-gpo3.png

    3-Where did you see the errors you mentioned above? Or the errors above appears after you run one command (what command)?

    Would you please check and view all GPO settings within Default Domain Controllers Policy on DC in the old domain? If so, I suggest you had better configure these GPO settings on Default Domain Controllers Policy on new DC in the new domain.

    Hope the information above is helpful to you.

    Should you have any question or concern, please feel free to let us know.

    Best Regards,
    Daisy Zhou

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.