Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

AD GPO Container Objects

Status
Not open for further replies.

WalleyeGuy

Technical User
Oct 18, 2007
44
US
Hiya All

I'm trying to clean up a whole bunch of problems left to me by my predecessor. After going through most of the containers in the Active Directory here (Native Win2K3 - one forest, domain and domain controller (for now)) I've cleaned up most of it and am now having problems with the policies container objects.

CN=Policies,CN=System,DC=domain,DC=local

Inside the policy container, there are two objects that come up as TYPE UNKNOWN (as opposed to groupPolicyContainer) and of course ADSIEDIT shows the class to be blank.

How in the world can I remove these? - I simply get "The specified directory service attribute or value does not exist" (error code 0x8007200a). domain\sysvol\domain\policies does not contain any references to these objects either.

 
The unknown part of the GPO is the GP container:

You might have to first take ownership of the object by right-clicking on the Unknown GPC, selecting Properties, clicking on the Security Tab, selecting the Advanced button, and then clicking the Owner tab.

There are to parts to a GPO: the template and the container. the template is located in SysVol and the Container part is in AD. They both need to have the same security applied.

It is best practice configure security by using gpmc and not directly on the GPC or GPT. Good luck.
 
That's some of the problem Rockstar...
There is nothing in SYSVOL, only in AD. I cannot see these objects with GPMC. Running group policy reports, I never see these two objects.

I'll try and see if taking ownership via ADUC will let me remove the items - let ya know
 
Nope, no luck. Taking control of the bogus objects did not help either.

Below is the error I receive when I do try to delete it from either ADUC or ADSIEDIT (the only two places I see references to these objects).

error.jpg
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top