Hi everyone,
I’ve made some new GPO’s that aren’t applying to anyone on the network.
Changes to preexisting GPO’s are taking effect.
When I run a gpupdate, I get the following;
I’m a little out of my depth if I’m being honest.
5 Spice ups
Have you run dcdiag on your domain controllers?
1 Spice up
rockn
(Rockn)
3
And are these GPOs OS specific like WIndows 10? Can you browse to the sysvol and netlogon shares from one of the computers/users the policy is applied to? Possible replication issue if you have more than one DC.
I’m was thinking replication issue but im unsure what to do about it as everything “seems” to be replicating.
I ran a dcdiag and everything passed.
I did browse to the sysvol and the folder mentioned in the above wasn’t there.
Check the permissions on the gpt.ini file and compare to the other GPOs. Make sure you set the security on the GPO consistently with your other GPOs.
The machine or user needs permission to read it in order to see if it applies.
Again, that gpt doesn’t exist. Neither dc’s have that file/folder in there sysvol.
I did some more googling after my other topic on reddit gave me a push in the right direction then ended up with me getting the answer I needed.
In case anyone has this issue it was fixed with 2 steps.
-
Turn off ad replication and then turn it back on again.(I also manually copied the sysvol\policies folder across but I doubt that did anything)
-
use power shell to get the GPO name for the string listed as being the issue(we found it was on an AD that existed long before I started) then find and delete that GPO
