Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Admin locked out of Group Policy

Status
Not open for further replies.
johnfranklin

johnfranklin

IS-IT--Management
Oct 11, 2002
35
GB
HI All,

I have a huge problem and hopefuly someone can help me out.

On the domain controller the admin has been locked out of certain areas, such as the following:

GPO
Domain Controller Security Policy
Domain Security Policy

I get this message when trying to access the GPO through AD:

Group Policy Error:

Failed to open the Group Policy Object. You may not have appropriate rights.

It also asks me to choose the PDC from 3 options, but either one I choose gives me this:

Network path not found

Then the GPO is greyed out and unusable.

Basically the first error applies to the last 2 areas that deny access to the Administrator.

I read a few articles on MS but none of them resolve the issue.

Can anyone help, or is anyone else having this same problem.

Thanks in advance.



 
Sort by date Sort by votes
Well,... when admin lost control of an object, normally you have to use ADSIEdit and take the ownership of that object.
Make a backup of your AD and try using that tool (is from resource kit). Gia Betiu
giabetiu@chello.nl
Computer Eng. CNE 4, CNE 5, soon MCSE2k
 
Upvote 0 Downvote
Is anyone a master of the ADSIEdit tool.

Because ...

Basically what happens when i use the ADSIEdite tool and locate the object, the object states that it has not been changed, ie shows a folder icon instead of a text icon.

What does this mean? or am I looking at it the wrong way.

Please help and thanks for the reply.
 
Upvote 0 Downvote
Don't try to find GPO objects in the AD. They are not there. In AD is just a link.
Try to remove the link, or something like this. Gia Betiu
giabetiu@chello.nl
Computer Eng. CNE 4, CNE 5, soon MCSE2k
 
Upvote 0 Downvote
Sorry GiaBetiu you are losing me a little here, I am sure you understand that I don't want to delete anything that might cause problems, ie the wrong one.

Can you give me the exact location of this link you are talking about please.

Thanks again for the reply.
 
Upvote 0 Downvote
Does anyone have any tips on using the ADSIEdit tool for the issue raised above.

Does anyone know where there is a tutorial of some kind relating to the ADSIEdit tool?

Thanks in advance.

 
Upvote 0 Downvote
Ok, maybe the solution with ADSIedit is not easy. Sorry, I couldn't chack myslef what could hapen. I cannot give you directl the solution. Loosing access for Admin is a big issue.
Have a look on the tools for managing AD from MS resource kit:
Myabe ACLdiag can do something.
I will try (if i will have time) to have a look also in whatthose tools can do.
Anyway, everything you want to do, don't even think about to do it to your production system. Make a backup of it, or clone it, or something similar. Gia Betiu
giabetiu@chello.nl
Computer Eng. CNE 4, CNE 5, soon MCSE2k
 
Upvote 0 Downvote
Thanks for this information, I will look into it, If I sort it out I will post the solution to you.

THanks again, sorry for not getting back sooner.

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

MattM1975
  • Locked
  • Question
Domain Admin Logon 1
Replies
2
Views
373
ADB100
ADB100
goombawaho
  • Locked
  • Question
Microsoft Azure Active Directory - Backup Admin Account 1
Replies
2
Views
960
goombawaho
goombawaho
mangentle
  • Locked
  • Question
What are the key advantages of using Microsoft Windows Servers for businesses?
Replies
1
Views
1K
gbaughma
gbaughma
DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
820
DrB0b
DrB0b
Mohamed-IT
  • Locked
  • Question
Windows server 2019 password locked
Replies
1
Views
302
strongm
strongm

Part and Inventory Search

Sponsor

Back
Top