smodep at icloud.com
2025-Feb-15 19:38 UTC
[Samba] Lost Default Domain Controller Policy and Default Domain Policy
Default Domain Controller Policy and Default Domain Policy have been
deleted/lost at some unknown time. How do I clean this up? Just delete these
or can I recreate somehow?
In cleaning up my pair of Samba AD DCs, I was validating access to GPOs and
discovered that while my more recent custom GPSs are fine, the GPOs for
Default Domain Controller Policy and Default Domain Policy are not. When I
use RSAT to try to access these, I get "failed to open" errors. Using
samba-tool and gpo listall, I can see these GPOs:
[root at frangelico ~]# samba-tool gpo listall
GPO : {6AC1786C-016F-11D2-945F-00C04FB984F9}
display name : Default Domain Controllers Policy
path :
\\knada.lan.kitsnet.us\sysvol\knada.lan.kitsnet.us\Policies\{6AC1786C-016F-1
1D2-945F-00C04FB984F9}
dn :
CN={6AC1786C-016F-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=knada,DClan,DC=kitsnet,DC=us
version : 0
flags : NONE
GPO : {31B2F340-016D-11D2-945F-00C04FB984F9}
display name : Default Domain Policy
path :
\\knada.lan.kitsnet.us\sysvol\knada.lan.kitsnet.us\Policies\{31B2F340-016D-1
1D2-945F-00C04FB984F9}
dn :
CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=knada,DClan,DC=kitsnet,DC=us
version : 0
flags : NONE
<stuff removed>
But when I check the SysVol Policies directory, these GPO directories are
gone. My more recent policies are present, so I am sure I am looking in the
right place and can create new GPOs.
DCGPOFix is used with a regular DC to recreate these. Is there a Samba
equivalent? Otherwise, is there a good process to recreate these manually?