We finally got our new server up and running as a new domain controller. Now we have a server 2008 and server 2012 as our DCs – our main DC was running server 2003, ouch. Trying to manage windows 7 machines with server 2003 was not fun so this was very exciting for me. I was working last week on making sure things were syncing properly between the two of them so I could start cleaning up group policy and look in to changing the way I have our printers set up. Things are a little different in group policy management editor, but not much.
One thing I did notice is you can now easily check the status of active directory and sysvol replication for the domain. When you open group policy management click on your domain and to the right the first tab will be the status. You can hit the detect now button on the bottom right to pull it and see what it says.
When I did this for the first time last week, instead of it saying 1 domain controller with replication in sync, it had 1 for domain controller with replication in progress. I can’t remember exactly what it said when you clicked the arrow next to it to show the details. But if you clicked on the domain controller this is the window that opened:
I tried figuring this out for at least 3 hours before I finally found a site that told me how to fix it. Being interrupted and having to work on other things probably didn’t help. It’s been a week now and I don’t remember what the site was. Clearly the permissions are messed up, but where to fix the permissions was the problem. All you need to do is open group policy management editor for whatever policy is on the list above. Right-click on the policy name and go to properties.
Go to the security tab, click advanced near the bottom and in the permissions tab click restore defaults. That was it, it was that simple. But it took forever for me to find the solution. Now one thing I noticed the next day was that resetting the permissions also resets who the policy applies to. Obviously I have the intern policy in order to lock down where they can go and what they can do. After resetting the permissions I logged in the next day and thought things looked weird because my control panel was missing. I logged in to the domain controller and noticed under security filtering in group policy management it was set for authenticated users instead of just the intern group. I didn’t realize it reset who it applies to until it applied to me, whoops. Luckily only 2 other people noticed before I fixed it.