Solved

Group Policy Problem - Default Domain Policy

Posted on 2006-11-30
4
377 Views
Last Modified: 2012-08-13
I made a change to a policy within our default domain policy. Whats strange is some computers get the update and some dont. Even though when I run a gpresult they are pulling from the same DC. When I do a gpresult, I do see two default domain policies being applied. Is that normal?  Can a group policy become corrupt?

I only have two DC in this site...

Windows 2003 Server and XP clients
0
Comment
Question by:bonadio171
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 6

Accepted Solution

by:
d50041 earned 200 total points
ID: 18046646
run gpotool.exe /dc:dcname

and review the results.

generally don't use the default domain policy or default domain server policy, make your own GPO's.

In the gpo mmc run the wizward againt a computer that is not getting the gpo.

Yes it is normal to have several GPO's listed, yes a group policy can become corrupt, its a file.
0
 
LVL 6

Assisted Solution

by:trippleO7
trippleO7 earned 200 total points
ID: 18047465
Sure policies can become corrupt, especially when making changes through the SYSVOL dir instead of using Group Policy Management Console (GPMC).

I'm unsure if you're aware, but there are two default policies created during an AD install.  Defaut Domain Policy and Default Domain CONTROLLER Policy.  The controller policy is automatically applied to the "Domain Controllers" OU and your DC's are automatically added to that.  If you are seeing two default domain policies being applied, is there a chance that you have applied both of the default policies to your computers on accident?  That could render adverse affects....

Another thing that could be happening is Policy Inheritance.  When you create an OU under your Domain name, and create a new policy to that OU, it will inherit the default domain policy as well by default, unless you explicitly told that OU to block policy inheritance.

If you haven't done so alread, I suggest downloading GPMC from MS via http://www.microsoft.com/downloads/details.aspx?familyid=0A6D4C24-8CBD-4B35-9272-DD3CBFC81887&displaylang=en

This will give you a clear picture of what's going on as it's displayed better than the built in GP editor in 2000/2003.

Verify this info then let me know if that looks OK.  I'll go from there.  We just need to start with some basics first.

Thanks!
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
This is a high-level webinar that covers the history of enterprise open source database use. It addresses both the advantages companies see in using open source database technologies, as well as the fears and reservations they might have. In this…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question