Time Sync Problem on AD 2003 domain

I did exactly that. I defaulted the default policy and left it default. Then
created a new policy with just bare-bones settings (for right now) - stuff
like password age, etc, and put that policy at the top of the tree and it
seems to work great..

However.... I am having people getting profile issues and 1508 errors. At
first I thought it was just damaged profiles from the errors in the default
GPO and that once we clean those up, we'll be ok. But this morning we had a
user who had not previously had issues - no event log errors and no profile
corrupt messages - get his profile trashed. Some people just had to reboot
and they were fine but others - like him - lost their profile and had to have
settings copied over from the old profile.

Doing a rebuild of the damaged profiles on those who have been having to
reboot to come up to their profile seems to fix the problem (using uphclean
in the 1 case we tried it also seems to solve the problem) but we didn't see
any of these problems until I tried to make changes to resolve the time issue.
With the default GPO back to default, it looks like we might still be losing
profiles.

When I ran the dcgpofix, I had to run it with /ignoreschema because of the
whole v30 - v31 thing brought about by R2. Could it have missed something
because of that? If so, where can I find a copy of the default settings for
defaut domain and default domain controller policies so I can manually
compare them?

Do you have any other ideas of which way to go?

Also, Can we use CopyProfile in the process of creating the new profiles or
will this possibly copy the corrupt garbage over?

Looks like it's snowballed. It seems that UPHClean should be installed on
all machines. It helps with what you are seeing.

The dcgpofix tool should have put them back to default. So you are ok. As
far as comparing GPOs, you can use the Security & Configuration Analysis
snap- in to compare the security and account settings to the default DC
template. Don't apply anything, just run a comparison. Read the following
for more info.

I haven't used CopyProfile yet, but from reading up on it, it appears it
will copy a profile, not clean it up. So IMHO, I am leaning towards tgat it
will copy over any corrupted files. My only suggestion is to test it.

Which INF template should I be using for checking that my Default Domain GPO
policies and controller policies are back to defaut?

I tried DC security.inf and there were a lot of differences that I didn't add
to the policy I created.
The ones I see listed are :
compatws
dc security
hisecdc
hisecws
iesacls
rootsec
securedc
securews
setup security

Sorry, I was thinking Windows 2000, which had a basicdc.inf template, which
Windows 2003 does not. For Windows 2003, you'll have to use the dcgpofix
tool.