GPO's not being applied, old GPO's still there

B

benutne

[H]ard|Gawd
Joined
Apr 15, 2001
Messages
1,492
Win2K3 server. My GPO's I'm appying are not really getting to the computers. Also, old GPO's that are no longer in existance are still being applied. I know this from quick gpresult. I've done gpupdate and gpupdate /force on each client machine and the server, and I still get nowhere. Its really pissing me off.
 
Hmm, I was gonna suggest the gpupdate, but I've seen you already did that.

You might want to go here --> http://support.microsoft.com/default.aspx?kbid=298444 if you already haven't

Is inheritance blocking set on the container containintg your AD objects? Or is the policy set to be disabled?

I know these things are pretty basic, but we've all made basic mistakes too.. :)

Riley
 
also make sure that members of the OU have read and apply permissons to the GPO.

best way is to make a new security group bung the required users in it the slap that onto the GPO.
 
Originally posted by Fuzznuts
also make sure that members of the OU have read and apply permissons to the GPO.

best way is to make a new security group bung the required users in it the slap that onto the GPO.
Click to expand...

Thats EXACTLY what I did. Its really pissing me off. Not only did I do that, but I also set my policy to no override just to be sure. Its as if the machines are not geting the GPO from the domain controller. It says it updated, but did not.
 
Actually, I could change the default domain policy and it wouldnt make a bit of difference. The GPO's are simply not getting to the computers. Like I said, old GPO's are still showing up on the clients. Old GPO's that I deleted. A lon time ago. It's as if gpupdate isnt working.
 
Check your DNS settings and make sure you don't have any duplicate SIDs.

If you run gpresult, do you see anything that might be the problem?
 
Nothing that I can see. Problems when gpresult is run I mean. Where in the DNS settings can I check for duplicate SID's?
 
Originally posted by benutne
Where in the DNS settings can I check for duplicate SID's?
Click to expand...
That was a two part answer.

1st. Check your DNS. Make sure the clients can ping the DC by FQDN and the NetBIOS name.

2nd. Check to make sure you don't have duplicate SIDs. (This has nothing to do with DNS.)
 
OK, I take that back. There are LOTS of problems when I run gpresult. The GPO's arent updating at all. After a quick gpupdate /force, I can run gpresult and its as if NOTHING happens. Old GPO's are still there. The new ones arent showing up. The computer and user doesnt even show as being part of the group I just added it to.
 
Disjoin and rejoin a PC from the domain. See if that fixes the problem.

Have you looked at the event log on the client PCs?
 
Allright. I just ran over to another PC and tried a ping on the DC. The DC is named domain-ctrl. I can do ping domain-ctrl, but not ping domain-ctrl.companyname.local
 
Originally posted by benutne
Allright. I just ran over to another PC and tried a ping on the DC. The DC is named domain-ctrl. I can do ping domain-ctrl, but not ping domain-ctrl.companyname.local
Click to expand...
That's the first thing that Microsoft support would say needs to be fixed. Is your DC also providing DNS?
 
OK then. I cant rejoin the domain. Says it cant find a SRV location or something.
 
Fuck it. I just removed the server from the network. Glad we have backups. Thanks for all the help anyways guys.
 
You must log in or register to reply here.
Back
Top