Tuesday 13 December 2011

Restoring a GPO from a file backup

After having GPMC crash on me today I was left with a GPO that I couldnt edit because it was "invalid". "Failed to open the group policy object the data is invalid"

Now I havn't made in backups inside of Group Policy and as such couldn't do a quick restore. What we do have is NetApp backing up the OS drive every hour... should be all I need. Well no, turns out the way to restore when you have the files is an Authorative Restore... shutting down the DC and going through a long winded process.

After some thought into it I came up with a work around. The GPMC works, so I backed up the problem GPO to disk. Inside of this backup is a copy of the files from the OS drive.

Replaced the issue registry.pol with one from the backup and restored it back into Group Policy. This did the trick, its an hour or so old but thats not too bad I hadnt made any changes since. Better than recreating the whole thing from scratch.


To locate the files in your backup restore, you need to get the UID of the GPO. Select the GPO in the GPMC and click the "Details" tab. The UID is highlighted below.

Next browse to:
"X:\Windows\SYSVOL\sysvol\<domain>\Policies\<UID>"
Where X is the drive the restore files are on. Replace <domain> and <UID> with your details.

From here select either "Machine" or "User" for which ever part of the GP got corrupted... or both, or even just use this whole folder. Use these files to replace the corrupted ones in your GPMC backup and do a restore.

To do a backup or restore, right click the policy and follow what it says.

Hope this helps...

No comments:

Post a Comment