Unable to edit Group Policy objects. You might not have the appropriate rights

Yousuf Shahzad 26 Reputation points
2022-05-09T07:05:25.98+00:00

Hi

I am trying to edit group policy objects on our second DC but showing the below error:

"Unable to open the Group Policy Object. You might not have the appropriate rights".

We have two DCs (dc-01 & dc-02) replicating but unfortunately, the first DC (dc-01) is offline and cannot be online in the future.

Schema master dc-01.abc.local
Domain naming master dc-01.abc.local
PDC dc-01.abc.local
RID pool manager dc-01.abc.local
Infrastructure master dc-01.abc.local
The command completed successfully.

When I check the 'Settings' of any Group Policy Object, it shows me 'No Settings Defined'.

Any solution, please.

Regards

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,219 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Gary Reynolds 9,406 Reputation points
    2022-05-09T09:47:59.78+00:00

    Hi @Yousuf Shahzad

    Typically the GPMC will try to edit the policies on the PDC in the domain, if the PDC is offline, then this might be the reason you are seeing the error, assuming you do have permissions to edit the policy.

    If the PDC is going to be off-line for an extended period of time and you don't intend to power it back on, then it would be best to seize the roles to the other server
    https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/transfer-or-seize-fsmo-roles-in-ad-ds

    and then do a meta data cleanup to remove the old server.

    https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/ad-ds-metadata-cleanup
    https://techcommunity.microsoft.com/t5/itops-talk-blog/step-by-step-manually-removing-a-domain-controller-server/ba-p/280564

    With AD it's recommended that you have two or more DCs so you have some redundancy, so I would recommend adding another server as a DC.

    Gary.

    0 comments No comments