RE: Enterprise Domain Controllers group got lost

Tech-Archive recommends: Fix windows errors by optimizing your registry

---

• From: "Dman" <Dman@xxxxxxxxxxxxxxxxxxxxxxxxx>
• Date: Thu, 31 Mar 2005 08:35:02 -0800

---

I believe you will always get this error in a Windows 2000 environment, that
had previous GPOs created, then is upgraded to Windows 2003. This first
article you referenced is indeed the solution. Run through that and you
shouldn't need to do anything else.


"DL Meade" wrote:

> On my native mode Windows 2003 Active Directory, while running
>
> GPMC SP1, I get this error message:
>
> "The Enterprise Domain Controllers group does not have read access to
> this GPO. The Enterprise Domain Controllers group must have read
> access on all GPOs in the domain in order for GP modeling to function
> properly..."
>
> I can't find "Enterprise Domain Controllers" in my 2003 active
> directory. This AD started out as Win 2000 and had some Group
> policies. It was then upgraded to 2003.
>
> Found this info:
> http://www.jsifaq.com/SUBR/tip8800/rh8872.htm
>
> This says to run the below (not done yet): I want to find this group first.
>
> Cscript GrantPermissionOnAllGPOs.wsf "Enterprise Domain Controllers"
> /Permission:Read /Domain:mydomain
>
> More searching found this:
> http://techrepublic.com.com/5208-6287-0.html?forumID=39&threadID=168872
>
> This says to look for SID: S-1-5-9. So, in ADU&C, after turning on
> "View Advanced Features", I found it as described in the above
> article. It is in "Foreign Security Principles".
>
> How do I put it back in place now that I found it?
>
>
>
> TIA, Devin
>
>
>
.

---

• Follow-Ups:
  • Re: Enterprise Domain Controllers group got lost
    • From: DL Meade

• References:
  • Enterprise Domain Controllers group got lost
    • From: DL Meade

• Prev by Date: Re: Maximum no of child domains in Windows 2003
• Next by Date: Re: Logon from W95 again
• Previous by thread: Enterprise Domain Controllers group got lost
• Next by thread: Re: Enterprise Domain Controllers group got lost
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Enterprise Domain Controllers group got lost ... > had previous GPOs created, then is upgraded to Windows 2003. ... The Enterprise Domain Controllers group must have read ... (microsoft.public.windows.server.active_directory) RE: Locked out local admin accounts... ... if you are managing a Windows domain without the GPMC you are MAD! ... - Create nice reports with the GPOs that are ... >> having the administrator account locked out aren't showing any login ... (Security-Basics) Re: Default Domain Controller Policy and Default Domain Policy ... The dcgpofix.exe program is included on Windows Server 2003. ... If the policy folders do exist, you just need to re-establish the links. ... > options at the Default GPOs, ... (microsoft.public.win2000.group_policy) RE: Intermittant GPO failure to apply ... Welcome to our SBS newsgroup. ... If you want have the Windows XP SP2 client computer in the SBS domain. ... Sometimes I can get all the workstations GPOs working ... (microsoft.public.windows.server.sbs) RE: Will SP2 GPO admin templates overwrite SP1s? ... SP1 GPOs, it will add some some GPOs such as the GPOs for the firewalls. ... If you install the WinXP SP2 .adm files on the domain controller, ... truncated" error message when you try to modify or to view GPOs in Windows ... This posting is provided "AS IS" with no warranties, ... (microsoft.public.windowsxp.security_admin)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.active_directory  > 2005-04