Active Directory: Restore default GPOs Default Domain Policy / Default Domain Controller Policy

Windows Server 2012R2  Windows Server 2016  Windows Server 2019

In this tutorial, we will see how to restore GPO Default Domain Policy / Default Domain Controller Policy to default.

On domain controllers, a DCGPOFIX command line tool is available to restore the 2 default policies.

Before proceeding with the restoration of the policies, I advise you to make a backup of this one before.

Restore the two policies: Default Domain Policy / Default Domain Controller Policy

From a command prompt launch as administrator between the dcgpofix command.

Confirm by entering the letter Y and confirm by pressing Enter.

A message appears indicating the operation has been completed.

Restore policy: Default Domain Policy

Enter the command dcgpofix /target Domain and confirm the action.

Restore policy: Default Domain Controller Policy

Enter the command dcgpofix /target:DC and confirm the action.


It is advised not to modify the two default policies except for certain parameters (password, kerberos …).



Related Posts


Active Directory : password policy – PSO

SommaireIntroductionCreate a password policyCreate a second strategyIdentify the password strategy that appliesIdentify a user's password policyIdentify a group password policyAssign an existing passw

Active Directory: Joining a Computer to a Domain at the Command Line

Introduction The Active Directory domain join of a computer can be done using either the GUI or using command line and PowerShell. In this tutorial, I will explain how to join a computer to a domain u

Windows Backup: installation and configuration

Presentation Windows Server includes a feature (Windows Backup) that allows you to perform full system backups or a portion of it. It can be used to back up virtual machines, SQL Server databases, fil

Scroll to Top