1

Hi all,

I have done a good amount of research on this and think its time to post a direct question to my issue. I have seen recently a GPO within an OU not applying even with gpupdate /force. The user and the computer both reside within that same OU, so it should be a simple thing. Since it is not I ran gpreult /h gpresult.html and I open the file to see an event ID 7016. Within that event is the GUID which I then open powershell, type in get-gpo -guid and the ID number and it says it is not found. Now would this issue restrict other policies from happening, or am I going down the wrong path? I haven’t seen a GPO not work that is under the root level of an OU for a user and machine, also under that same OU, so any hints or suggestions would be great!

2 Spice ups
2

Do you have the correct security scope applied? If the objects are in the correct OU, you still need to make sure they’re included under “Security Filtering” on the first tab, either explicitly, or using “Authenticated Users” which is a catch-all.

3

Sorry, I should have mentioned this. One GPO is for all authenticated users, and the other has specific security groups with users that fall into them.

4

Must be something wrong with Security Filtering i guess , you can also try ENFORCING GPO option as you want to apply GPO to OU level only. Hope this helps

5

If you want to apply GP to only specific security groups, GP still needs authenticated users to have read access (not apply in this case).

6

It wound up being an old Microsoft update where if you have select groups you need to add domain computers.