My customer’s default domain and default domain controller policy were missing.

The backup system was not backing up Active Directory, so there was no way to restore the files.

Fortunately Microsoft provides a tool called DCGPOFIX.exe that you can run to restore these two default policies. However, you have to update the registry on the domain controller that you run DCGPOFIX to ‘d4’ for authoritative and ‘d2’ on all other domain controllers. This allows the new policies to get replicated to each domain controller. This is known as an authoritative restore of the File Replication Service. Don’t let it intimidate you too much, it is not as invasive as an authoritative restore of Active Directory. The FRS service is multi-master replication just like AD, and that is why a restored GPO must be set to authoritative so that the other domain controllers know who is boss =).

The policies get reset to the defaults, and you have to modify the “Manage Auditing and security log” setting in the Default Domain Controllers policy otherwise the Exchange Databases will not mount. The error “The store could not be mounted because the Active Directory information was not replicated yet.” will when you try to mount the database.

After updating this setting and refreshing group policy on each domain controller, restarting the Exchange System Attendant allows the databases to mount.

Microsoft recommends using the GPMC tool to regularly backup group policy.