A. If you try and load the basicdc.inf file using the Security Configuration and Template MMC snap-in you get an error if you try and load the basicdc.inf file.

You also get errors in event viewer if you try and import it into a default domain controllers group policy object.

This is basically caused by an error in the .inf file which is trying to reference environment variables:

  • SYSVOL
  • DSDIT
  • DSLOG

The problem is they only exist during the DCPROMO process and so to resolve you need to manually add them to the machines environment space.

You should first make a note of what the values should be. To find sysvol perform the following:

C:\&gt;<b>net share sysvol</b><br>
Share name                                        SYSVOL<br>
Path <b>                                              C:\WINNT\SYSVOL\sysvol</b><br>
Remark                                            Logon server share<br>
Maximum users                                     No limit<br>
Users<br>
The command completed successfully.

Make a note of the path name.

To find the DSDIT and DSLOG values check the registry at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters

DSDIT is equal to 'DSA Working Directory' and DSLOG is equal to 'Database log files path'.

Click here to view image

The next step is to create the environment variables:

  1. Right click on 'My Computer' and select properties
  2. Select the Advanced tab and click 'Environment Variables'
  3. Under the 'System variables' area click New
  4. Enter a name of 'SYSVOL' and the value equal to your net share sysvol value, e.g. C:\WINNT\SYSVOL\sysvol
  5. Click OK
  6. Repeat steps 3-5 for DSDIT and DSLOG also
  7. Click OK to all dialogs
  8. Goto to the command prompt and enter:
    C:\> secedit /refreshpolicy machine_policy /enforce

You should now be able to load the template with no problems and also this will solve any event log errors.