Windows 2012 R2 Active directory problem after applying GPO

[axilleas]

Hello to all

We have a single domain based on two DCs windows 2012 R2.
We added a gpo on domain tree in GPMC. I noticed that access to domain exchnage store stooped and immediately removed the GPO. But it was too late. It seems that has done some issues to Active directory.

All domain computers and member servers have lost introduction with the DCs. What I mean is that , instaed of the domain name ,on network icon, appears "network".
I removed and rejoined computers on the domain without problem but still the domain name is not come up. ONLY the two DCs have domain name on network identification.


All domain services (DNS,netlogon) are running.
My main concern is the exchange which I removed and rejoined on domain but network icon says "Network" Not the domain name ( Information store and exchamnge address is in "starting" mode)

I did dcdiag /c for DNS testing and failed on Delegation test
The error reffered to an oold dc that has been removed a year ago. Is that could be a problem for the whole domain systems to see: the domain ? I beleive ius the GPO taht caused the issue. But I am lost on wwhat that might be

Thank you for listening. Any ideas will be more appreciated.

 

[DrB0b]

1 What GPO did you set that caused the issue?
2 Read all of this and see what you find:

https://www.mcbsys.com/blog/2018/03/network-location-awareness-doesnt-identify-domain/

Learning - A never ending quest for knowledge usually attained by being thrown in a situation and told to fix it NOW.

 

[axilleas]

Thank you for the answer

. Could I send you the GPO ?
It is about Windows 7 and has been applied to Dcs an exchange....

 

[DrB0b]

Go to your DC, click on the GPO in question, click on the Settings tab, and expand the policies it enforces. Then take a screenshot and apply to a post here.

Learning - A never ending quest for knowledge usually attained by being thrown in a situation and told to fix it NOW.

 

[axilleas]

Hello,

These are some screenshots of WIndows 7 policy

I send policy in images .If you cannot view them send me any mai lof yours.

 

[technome]

The error refereed to an old dc that has been removed a year ago"

How was the DC removed ? Through AD or just physically removed? .

Run dcdiag /c /v and netdiag on both DCs, output to a file

Dcdiag /fix....

https://www.techwalla.com/articles/how-to-fix-active-directory-dns-problems

Check you FSMO roles

https://activedirectorypro.com/how-to-check-fsmo-roles/

You may have to do some manual AD cleanup.....

https://www.faqforge.com/windows-server-2012-r2/clean-active-directory-domain-server-2012-r2/

........................................

"Computers in the future may weigh no more than 1.5 tons."
Popular Mechanics, 1949

 

[axilleas]

When i try to make a gpupdate /force that fails. I check the event viewer and says error 49 invalid credentials. But how that possible?

 

[technome]

Axilleas....

First off, you posted twice over this issue.

You want others to figure out your issue but you did not clean up your original problems found in AD after running Dcdiag.exe

Personally I refuse to help any more as your willing to allow issues to remain in your AD which were there before you GPO issue, which could be causing it. Basically your doing problem solving back ass-ed, and you want help? Sorry I am not wasting my time.







........................................

"Computers in the future may weigh no more than 1.5 tons."
Popular Mechanics, 1949