Hi Darren,
22 Domain Controllers at Windows 2000/ SP4.
Just about 15mins ago I restarted the NTfrs service on DC's then I made the
change on the PDC Emulator on the password policy.
I noted down the file size and time stamp of that gpttmpl.inf file. It's set
to 11:58 (CST) today when I changed the policy. While looking at some of the
other DC's its set to last year (perhaps the last time I made a change to
the scurity policies.
Now I will wait for it to replicate then see what happens.
What if this file reverts back to what it was (with last years time stamp),
any thoughts at that point...
Your help is very much appreciated.
Thanks,
"Firefox - Rediscover the web "
----Original Message Follows----
From: "Darren Mar-Elia" <[EMAIL PROTECTED]>
Reply-To: ActiveDir@mail.activedir.org
To: <ActiveDir@mail.activedir.org>
Subject: RE: [ActiveDir] Default Domain Policy Issues
Date: Tue, 28 Jun 2005 09:45:48 -0700
How many DCs do you have and what OS version? First thing you can do is
go to the PDC role holder DC, look at the file at
\SYSVOL\<domain>\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\MACHINE
\Microsoft\Windows NT\SecEdit\gpttmpl.inf. Note its size, and
date/timestamp. Then check the same file on all other DCs. They should
be the same. This is the file that delivers the security policy within
the Default Domain Policy. If its not in synch, then you could be
getting the differences you are experiencing.
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Devan Pala
Sent: Tuesday, June 28, 2005 7:00 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Default Domain Policy Issues
Well I've just downloaded Sonar and Ultrasoound.
Sonar tells me evrything is OK!
Not sure what I'm looking for actually, how can I pinpoint which DC is
causing the reversion back to the old setting (being authoratative)?
Thanks,
----Original Message Follows----
From: "joe" <[EMAIL PROTECTED]>
Reply-To: ActiveDir@mail.activedir.org
To: <ActiveDir@mail.activedir.org>
Subject: RE: [ActiveDir] Default Domain Policy Issues
Date: Mon, 27 Jun 2005 18:28:13 -0400
I would check very carefully to verify the policy has made it properly
to all DCs. It is possible you have a little policy battle going on
where one or more machines have the old policy and the rest have the
newer policy and they keep changing it back and forth. I have seen this
more times than I can count. It is due to the fact that domain level
account policy replicates both through FRS and through AD.
joe
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Devan Pala
Sent: Monday, June 27, 2005 6:02 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Default Domain Policy Issues
Hi all,
After making changes to the Password Policy (Enforing password History)
for a child domain's Default Domain Policy it reverts back to the
previous setting right after the replication cycle has completed with
other DC's.
I don't see any out of the ordinary NTFRS log events.
Any leads would be appreciated?
Thanks,
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
