This is one of the old ones, I have never had the time to blog.
I some situations you might find you self in so big trouble that you would like to recreate the original Domain and Domain Controllers policies.
This is possible with the command DCGPOFIX http://technet.microsoft.com/en-us/library/hh875588(v=ws.10).aspx
As an example you can restore the Default Domain Controllers Policy with the command DCGPOFix /Target:dc
But be careful – the tool does will not restore the security settings on the policy as you would want it to be. http://support.microsoft.com/kb/833783
So if using DCGPOFIX you will must likely need to do some security settings afterwards.
Also be aware that DCGPOFIX will not link the policy to any OU’s, so if the default links has been deleted you must create them again in GPMC.
As always a good backup is a better idea, so in order to backup your default gpo’s you can use PowerShell and run it at a scheduled interval if needed but remember to cleanup the backups, no need to have to many backups saved.
This will create a backup of the Default Domain Controllers Policy.
Backup-Gpo -Name “Default Domain Controllers Policy” -Path C:GpoBackups
http://technet.microsoft.com/en-us/library/ee461052.aspx
Please note that the folder C:GpoBackups in this example must be created before you run the command.
When you would like to restore the backup you can use Restore-Gpo
restore-Gpo -Name “Default Domain Controllers Policy” -Path C:GpoBackups
http://technet.microsoft.com/en-us/library/ee461030.aspx
This will also restore the security settings as they were at the time of the backup.
Restore-Gpo will as DCGPOFIX also not recreate missing gpo-links and they must be created again if desired.
