How to manually create Default Domain GPO

There is a way to create Default Domain GPO. There are two GPO created when you promote a member computer or a stand-alone server to domain controller.
These two GPOs are :

  • Default Domain Group Policy
  • Default Domain Controller Group Policy.

These GPO are stored in the SYSVOL folder. Netlogon service creates two permanent GUID for these two GPO under SYSVOL folder:

Domain GPO GUID {31B2F340-016D-11D2-945F-00C04FB984F9}
DC GPO GUID {6AC1786C-016F-11D2-945F-00C04FB984F9}

Windows OS identifies default domain policies by its GUIDs located in SYSVOL folder. These GUIDs are unique for Default Domain Policy and Default Domain Controller Policy created by default.

You can use the following steps to create GPOs manually:

1. Open ADUC
2. Right click on > Property
3. Switch to Group Policy tab
4. Create a policy named “Default Domain Policy” or you can rename it if you want. AD Tools queries default domain policies by their GUIDs located in SYSVOL folder and not by name.
5. Click this GPO > Property > note down the GUID of this GPO created.
6. Go to SYSVOL folder and change the GUID to default domain policy or default domain controller policy.
7. Next you need to use a small script using ADSI to set this unique GUID into GPT of this policy in AD database. You can also edit Schema manually to do so.

You can use the ADSI Snap-in to create the GUID in GPC of that GPO.

Source to copy:


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: