Enterprise Domain Controllers group got lost
- From: "DL Meade" <subtractthisnospamdmeadedeletethis@xxxxxxxxxx>
- Date: Thu, 31 Mar 2005 09:56:31 -0600
On my native mode Windows 2003 Active Directory, while running
GPMC SP1, I get this error message:
"The Enterprise Domain Controllers group does not have read access to
this GPO. The Enterprise Domain Controllers group must have read
access on all GPOs in the domain in order for GP modeling to function
properly..."
I can't find "Enterprise Domain Controllers" in my 2003 active
directory. This AD started out as Win 2000 and had some Group
policies. It was then upgraded to 2003.
Found this info:
http://www.jsifaq.com/SUBR/tip8800/rh8872.htm
This says to run the below (not done yet): I want to find this group first.
Cscript GrantPermissionOnAllGPOs.wsf "Enterprise Domain Controllers"
/Permission:Read /Domain:mydomain
More searching found this:
http://techrepublic.com.com/5208-6287-0.html?forumID=39&threadID=168872
This says to look for SID: S-1-5-9. So, in ADU&C, after turning on
"View Advanced Features", I found it as described in the above
article. It is in "Foreign Security Principles".
How do I put it back in place now that I found it?
TIA, Devin
.
- Follow-Ups:
- Prev by Date: RE: Permanently taking down DC w/all FSMO roles
- Next by Date: Distinguished name of deleted object
- Previous by thread: Group Policy Tab
- Next by thread: RE: Enterprise Domain Controllers group got lost
- Index(es):
Relevant Pages
|
