Missing group policy for KDC claim support (DAC)

Some days ago, I wanted to activate the group policy for the KDC claim support to use Dynamic Access Control.

The AD domain consisted of Windows Server 2008 R2 and Server 2012 domain controllers. Because it was a new group policy of Server 2012, I contacted such a 2012 DC.

To my surprise, I could not find the group policy for KDC claim support.

After having ruled out a number of errors, it could only be the group policy template files ( .admx) themselves causing the problem.
It seemed the policy was just not there.
I remembered that there exists a central group policy pool (central store) in SYSVOL (folder “PolicyDefinitions”).

It showed that it only contained Server 2008 R2 templates.
So I copied the necessary ADMX-file (don’t forget the associated voice file) from the local group policy folder of the 2012 server (C:\Windows\PolicyDefinitions) into the central store.

Finally I was able to set up the claim policy and could use Dynamic Access Control on the “mixed” AD domain.

Links:

.ADMX managing step-by-step (Microsoft)

Did this help you? Share it or leave a comment:

Artikel erstellt am: 30.06.2014

Leave a Reply

<p>Your email is safe with us.<br/>Information about our <a href="https://activedirectoryfaq.com/contact-us/">data protection policies</a></p>

Dynamic AD Groups

Links

Social Icons Widget

Dynamic Entra ID Groups

Recent Articles

Categories