smodep at icloud.com
2025-Feb-15 19:38 UTC
[Samba] Lost Default Domain Controller Policy and Default Domain Policy
Default Domain Controller Policy and Default Domain Policy have been deleted/lost at some unknown time. How do I clean this up? Just delete these or can I recreate somehow? In cleaning up my pair of Samba AD DCs, I was validating access to GPOs and discovered that while my more recent custom GPSs are fine, the GPOs for Default Domain Controller Policy and Default Domain Policy are not. When I use RSAT to try to access these, I get "failed to open" errors. Using samba-tool and gpo listall, I can see these GPOs: [root at frangelico ~]# samba-tool gpo listall GPO : {6AC1786C-016F-11D2-945F-00C04FB984F9} display name : Default Domain Controllers Policy path : \\knada.lan.kitsnet.us\sysvol\knada.lan.kitsnet.us\Policies\{6AC1786C-016F-1 1D2-945F-00C04FB984F9} dn : CN={6AC1786C-016F-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=knada,DClan,DC=kitsnet,DC=us version : 0 flags : NONE GPO : {31B2F340-016D-11D2-945F-00C04FB984F9} display name : Default Domain Policy path : \\knada.lan.kitsnet.us\sysvol\knada.lan.kitsnet.us\Policies\{31B2F340-016D-1 1D2-945F-00C04FB984F9} dn : CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=knada,DClan,DC=kitsnet,DC=us version : 0 flags : NONE <stuff removed> But when I check the SysVol Policies directory, these GPO directories are gone. My more recent policies are present, so I am sure I am looking in the right place and can create new GPOs. DCGPOFix is used with a regular DC to recreate these. Is there a Samba equivalent? Otherwise, is there a good process to recreate these manually?