unable to remove or run any commands on the GPO, unable to find the GPOAdmin ID
説明
Configuration store on AD and a GPO is stuck in checked out unable to change this status Exported the configuration to a new GPO and are back up and running on the new one.
However the issue is that we can't delete the old one that is stuck no matter what we do. None of the commands work and even checking the properties doesn't work, so no way to check the GPOAdmin ID in order to do a manual deletion from AD.
原因
This issue has to do with an object getting into an unknown state in GPOADmin with an AD / ADLDS configuration store.
対策
The best way to find the GPOAdmin do this may be to get the list of GPOs registered in GPOADmin using PowerShell and then parsing the GPO you're looking for out of the list.
There is 3 places to delete the gpo from :
The file store
The Configuration Container VC Root : CN=VCRoot,CN=Wentworth,CN=QGPM,CN=Quest,CN=Services,CN=Configuration,DC=<DC Component>,DC=<DC Component>,DC=com
The Configuration Container Version Control : CN=Version Control,CN=Wentworth,CN=QGPM,CN=Quest,CN=Services,CN=Configuration,DC=<DC Component>,DC=<DC Component>,DC=com
As you can’t read the GPO properties inside GPOAdmin you can find it using the powershell below
# this can be used to locate the file store location and the Version Control objects to delete $GPOID = "{$($GPOGUID.Guid)}" $GPODN = Get-ADObject -Filter * -searchbase 'CN=VCRoot,CN=Wentworth,CN=QGPM,CN=Quest,CN=Services,CN=Configuration,DC=<DC Component>,DC=<DC Component>,DC=com' -Properties adminDisplayName | where { $_.adminDisplayName -eq $GPOID } | select -ExpandProperty DistinguishedName $GPODN # output will show you where in the VC root the object is that needs to be deleted
