Group Policy Not Applying

I administer a Window Server 2003 as a domain running active directory.  Everything works well for about 3 years now because we have been running all the local computers as workgroups even though the server was setup as a domain.  We also run terminal services to access our company MRP.

I am going to switch all the computers to the domain which has the name of "company.local" .  I've setup a OU called CUSTSERV right under the domain in the ADUC mmc.  I've moved one person from "Users" to "CUSTSERV" OU, created and linked a group policy on the CUSTSERV OU named "CUSTSERV Policy".  Gpresults show this user has the CUSTSERV policy applied along with the default domain policy.

Unfortunately, the CUSTSERV Policy does not apply when she logs into the domain from her computer.  I've only set a couple of policies on the CUSTSERV Policy and none of them apply.  Her computer is running XP SP2.  I know she's authenticating through the domain because she doesn't have a local account on the machine.

What am I doing wrong here?  
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Make sure all the clients are pointed to the DC for DNS only.

Try disabling firewall on client if it isn't already.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Also keep in mind that the GPO has two sections:

User and Computer

if you set up User settings,  the GPO must be linked to where the user account is in AD
If you set up Computer settings, the GPO must be linked to where the computer account is in AD

So you could create an OU,  and then a users and computers child OU under that.  Then link the GPO at the top level OU you created.
It could also depend on what you're trying to do. For instance if you're trying to set up a password policy at an OU Level but already have one at the domain level that won't work. You can only have one password policy per domain.
psychopenguinAuthor Commented:
Wow.  Days and weeks were wasted over such a simple solution.  It makes complete sense.  However, when all DNS queries are resolved for everything else, I wouldn't have thought it would be the answer to this.  Thank you.
You're welcome.

The DNS server on your DC has the ability to resolve internet address as long as you don't have a firewall blocking port 53.  

Your clients depend on the SRV records located in AD/DNS to locate a DC to then apply group policy.
So I recommend you never use a third party DNS in your server/client configuration.  

You can pull up properties on the DNS server in the DNS console on the DC and then configure the forwarders tab to point to ISP with no issue.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.