I'm working on a new Windows Server 2012 Standard with Hyper-V Host role. I've added 3 VM servers. Everything has been patched to current and joined to an existing 2003 AD Domain.
The server in question "Washington" is destined to assume the role of the primary DC. I've joined it (as a DC, so far) to the domain with 2 * 2003 DCs and 1 * 2003 BDC. After a couple more patches and reboots, I let it sort out its position in life for a day. Then I started knocking out any issues popping up on the Best Practices Analyzer. There were only a few 'error' class entries of which I was able to correct all but this one. The 'XXXXX' are all the same and hasn't changed in 10 years.
Title: The Default Domain Controllers Policy in the domain XXXXX.com should be applied to the OU OU=Domain Controllers,DC=XXXXX,DC=com
Severity Error
Date: 6/6/2013 5:22:20 PM
Category: Configuration
Problem: The Default Domain Controllers Policy is not currently applied to the OU OU=Domain Controllers,DC=XXXXX,DC=com.
Impact: If Group Policy settings that are defined in the Default Domain Controllers Policy are not applied to domain controllers, Active Directory operations may fail.
Resolution: Link the Default Domain Controllers Policy to the OU OU=Domain Controllers,DC=XXXXX,DC=com.
http:/
----------------------
I've run through the steps. It is the only 2012 DC. the Policy is linked. It is the only policy. GPO Status: Enabled. Owner as Domain Admins. Enforced: No. Link Enabled: Yes. Path is normal.
Delegation has DC and Ent.DC "Read (from Security Filtering)" and Domain/Ent Admins "Edit settings, delete, modify security" for Allowed Permissions.
The Windows help doesn't help all that much. And, the error is either too new or obscure enough not to show up too much via Google. I did try setting the 'Enforced: Yes'... no dice. I'm trying to avoid a trial and error fix. The few things I did try, I followed up with a gpudate /force which triggers a restart.
So far, it looks like I'm going to have to step through a basic "So you wanna run DC virtually" Technet setup to see if I can catch possible misses that way. Any pointers to or suggestions would be most appreciated.
-------
Every time I come close to posting, I find one more bit of info to run down. One of the latest things I did was to run "gpresult /v " to text file. Under Computer Settings, it shows 'Domain Controllers Policy' followed by the Domain Policy. Only the Domain Policy (not the DC Policy) is listed under User Settings.