Can't view all Security Settings in any GPO's when the PDC Emulator is down

B

bryan.rutkowski

In one of our Domains we were doing a System State backup on the PDC
Emulator. When this machine went down to go into AD Restore Mode I
could not look at some of the security settings on any Group Policy I
had created. Mainly I could not view Local Policies, Account Policies,
and Event Log. I tried from multiple other Domain Controllers in the
domain, but none of them would display those settings listed above.
Once the PDC came back up we were able to view all of those Security
Settings again.

Does anyone know why when the PDC Emulator goes down all of those
settings are not shown anymore and can't be accessed?
 
J

Joe Richards [MVP]

The PDC is used for many things, one of them, as you found, is the
target for the policy editors.

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm
 
B

bryan.rutkowski

I understand that the PDC Emulator is the default choice when editing
GPO's, so you would have to select to connect to another DC in the
domain.

In the GPMC console I would right click the domain, and select "Change
Domain Controller" i would then select a secondary DC that was still
running and try to edit any of the policies. The Security Settings
were still not showing up. It's like they were removed once the PDC
emulator when down. As soon as the PDC emulator came back online I
could edit the Security Settings again.

I guess to re-state my question, why when the PDC Emulator goes down
are you allowed to edit most other GPO settings, but none of the
Machine Policy - Security Settings.
 
J

Joe Richards [MVP]

I haven't played with GPMC in some time and never tested that specific
functionality. I could easily see it being implemented that way though
because the PDC is the only machine that can authoritatively speak to
the domain security policy.

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Missing DC in ADSS Default-first-site NTDS Settings 9
Can't logon to one DC if other DC is down 9
Windows 2003 domain PDC emulator down and users unable to login 3
login on PDC 1
Please help! FsmoCheck PDC role is down. 2
dcdiag failed - PDC is down 12
PDC crashed, now what? 6
Use the Additional DC when PDC is down 0

Top