Solved

Unable to get GPO's to run from 2003R2 to Vista

Posted on 2008-10-08
14
324 Views
Last Modified: 2012-05-05
Hello,

I have a mixed business environment that is compiled of all vista business computers and my server is still running 2003 R2.  I have created all my new gpo's by using my vista machine and I am currently using the updated version of GPMC.  The problem I'm running into is that the gpo's will not run or apply to any of the vista machines.  I have an OU under my DC in GPMC where I have linked the new gpo and it just won't run.  The only way I can get it to run is by link the GPO to my domain , which then runs the GPO on every pc in the domain, including the DC, but it does run my GPO's exactly the way I want them.

I have transferred all the files over from my vista machine to my server and I do know my GPO's work, but I just can't get them to run on my OU's at all.  I tired to run the dcgpofix to create the default gpo's and get an error stating it could not open the active directory object LDAP://......
0
Comment
Question by:Digmypics
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 5
14 Comments
 
LVL 14

Expert Comment

by:dfxdeimos
ID: 22671270
So you create an OU named (for example) "Vista" and put all the computer accounts that run Vista underneath it. You then try to apply a GPO object to that OU and it doesn't apply.

What policies are you trying to set? Have you used the RSoP wizard ( http://technet.microsoft.com/en-us/library/cc758010.aspx ) ?
0
 

Author Comment

by:Digmypics
ID: 22671300
Hello,

that is correct.. they are there and will not apply.. if it take the GPO and link it to my domain digmypics.com, it applies to all pc's in the entire company including domain controllers.. I'm pretty sure its due to the fact there isn't a default domain policy (not sure why its gone and I can't recreate it using dcgpofix command).
0
 
LVL 14

Expert Comment

by:dfxdeimos
ID: 22671529
So when you apply it to the entire domain it applies successfully to the Vista machines also?

If you don't have a Default Domain Policy, I would just create a new (blank) GPO, change its name, and assign it to the domain.

After you do this, try setting it up again with a Vista OU with the GPO associated with it. Run a "gpupdate /force" on one of the Vista machines in question, then use the RSoP Wizard to see where along the way the process is failing.
0
Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

 

Author Comment

by:Digmypics
ID: 22674163
yes, when I apply it to the domain it will effect vista and my xp machines with no problems.  As soon as I link the GPO to the OU (vista) it won't apply to any machines on the domain.
I've added the default GPO back in and left them blank, did a gpupdate /force, no effects.
0
 
LVL 14

Expert Comment

by:dfxdeimos
ID: 22680261
Please set it up how you would like it to be (seperate OU with the Vista machines in it, seperate GPO applied to that OU) and then run the RSoP wizard on one of the machines. A guide to RSoP can be found in my first post.
This will tell you where the process is being broken / what is being applied.
0
 

Author Comment

by:Digmypics
ID: 22681867
All my machines are vista based, we have 2 xp machines that won't be getting any GPO's sent to the.. I just used the XP boxes to test.

I will run the RSoP and see what I can come up with.  
0
 
LVL 14

Expert Comment

by:dfxdeimos
ID: 22681921
Great, I will keep an eye on this question for your resonse.
0
 

Author Comment

by:Digmypics
ID: 22682654
Hello,

Ok, according to RSoP it is showing as an applied gpo for computer and user.. just the way i want them..  I did the RSoP to use the test account and test computer that won't apply the gpo's.  According to the RSoP everyting is working ok and all my settings are there.

If i log back onto the same machine as the user not the admin of the  domain, and run group policy results, it shows no GPO's being applied.  even tho running the RSoP as domain admin will show it applying to my test account.

0
 
LVL 55

Accepted Solution

by:
McKnife earned 50 total points
ID: 22683256
Could it be the simple error of linking computer settings to an OU with user objects or vice versa?
In this case, no wonder linking to the domain root works - that way it gets applied to anything.
0
 

Author Comment

by:Digmypics
ID: 22683295
I have the GPO applied to a OU that only has one vista machine in it.  No users, only computers.. I have applied the same gpo to my users OU with the test user account only in it, still get the same problems.  It just doesn't apply or even show in gpresult
0
 

Author Comment

by:Digmypics
ID: 22683317
Do GPO's apply to secuirty groups inside of OU's?

To better clarify.. I have my OU(test)with a Group that contains the test machine in it (called tester1) and no users.  Shouldn't the GPO's apply to this group inside the OU?

I pulled the tester1 computer out of domain/computers and into the test OU, removed the group and it will apply now.

When I was running XP I used groups inside of OU's to apply my GPO's so I didn't have to move computers and users out of the default area's.> Maybe this changed in vista?
0
 
LVL 14

Expert Comment

by:dfxdeimos
ID: 22683344
Hmm... that I couldn't say for sure but I believe that functionality should be intact. You can test it easy enough by moving a Computer account into that OU. Beware of the order of GPO inheritance Local, Site, Domain, OU
0
 

Author Comment

by:Digmypics
ID: 22683370
Yup, its confirmed.. If i pull the physical pc, or user out of their default groups and place them into the OU it works fine and the GPO's apply with no issues.

But moving the users out of the users OU and the computers out of the computers OU, wouldn't this cause other issues in active directory?

The only thing that is really bugging me is that the RSoP is fine and has 100% success when my groups are inside of OU's, but doesn't work in real life.
I have the group  setup as a Global Security group which is what I used to do with my XP enviroment.  Does this need to be changed from global security group to universal distribuion group maybe?
0
 

Author Comment

by:Digmypics
ID: 22706523
Does anyone have any ideas to why the GPO's are not applying to group's inside of the OU?  I've been looking into it for days with no luck.

Thanks,
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question