Unable to get GPO's to run from 2003R2 to Vista
Hello,
I have a mixed business environment that is compiled of all vista business computers and my server is still running 2003 R2. I have created all my new gpo's by using my vista machine and I am currently using the updated version of GPMC. The problem I'm running into is that the gpo's will not run or apply to any of the vista machines. I have an OU under my DC in GPMC where I have linked the new gpo and it just won't run. The only way I can get it to run is by link the GPO to my domain , which then runs the GPO on every pc in the domain, including the DC, but it does run my GPO's exactly the way I want them.
I have transferred all the files over from my vista machine to my server and I do know my GPO's work, but I just can't get them to run on my OU's at all. I tired to run the dcgpofix to create the default gpo's and get an error stating it could not open the active directory object LDAP://......
I have a mixed business environment that is compiled of all vista business computers and my server is still running 2003 R2. I have created all my new gpo's by using my vista machine and I am currently using the updated version of GPMC. The problem I'm running into is that the gpo's will not run or apply to any of the vista machines. I have an OU under my DC in GPMC where I have linked the new gpo and it just won't run. The only way I can get it to run is by link the GPO to my domain , which then runs the GPO on every pc in the domain, including the DC, but it does run my GPO's exactly the way I want them.
I have transferred all the files over from my vista machine to my server and I do know my GPO's work, but I just can't get them to run on my OU's at all. I tired to run the dcgpofix to create the default gpo's and get an error stating it could not open the active directory object LDAP://......
ASKER
Hello,
that is correct.. they are there and will not apply.. if it take the GPO and link it to my domain digmypics.com, it applies to all pc's in the entire company including domain controllers.. I'm pretty sure its due to the fact there isn't a default domain policy (not sure why its gone and I can't recreate it using dcgpofix command).
that is correct.. they are there and will not apply.. if it take the GPO and link it to my domain digmypics.com, it applies to all pc's in the entire company including domain controllers.. I'm pretty sure its due to the fact there isn't a default domain policy (not sure why its gone and I can't recreate it using dcgpofix command).
So when you apply it to the entire domain it applies successfully to the Vista machines also?
If you don't have a Default Domain Policy, I would just create a new (blank) GPO, change its name, and assign it to the domain.
After you do this, try setting it up again with a Vista OU with the GPO associated with it. Run a "gpupdate /force" on one of the Vista machines in question, then use the RSoP Wizard to see where along the way the process is failing.
If you don't have a Default Domain Policy, I would just create a new (blank) GPO, change its name, and assign it to the domain.
After you do this, try setting it up again with a Vista OU with the GPO associated with it. Run a "gpupdate /force" on one of the Vista machines in question, then use the RSoP Wizard to see where along the way the process is failing.
ASKER
yes, when I apply it to the domain it will effect vista and my xp machines with no problems. As soon as I link the GPO to the OU (vista) it won't apply to any machines on the domain.
I've added the default GPO back in and left them blank, did a gpupdate /force, no effects.
I've added the default GPO back in and left them blank, did a gpupdate /force, no effects.
Please set it up how you would like it to be (seperate OU with the Vista machines in it, seperate GPO applied to that OU) and then run the RSoP wizard on one of the machines. A guide to RSoP can be found in my first post.
This will tell you where the process is being broken / what is being applied.
This will tell you where the process is being broken / what is being applied.
ASKER
All my machines are vista based, we have 2 xp machines that won't be getting any GPO's sent to the.. I just used the XP boxes to test.
I will run the RSoP and see what I can come up with.
I will run the RSoP and see what I can come up with.
Great, I will keep an eye on this question for your resonse.
ASKER
Hello,
Ok, according to RSoP it is showing as an applied gpo for computer and user.. just the way i want them.. I did the RSoP to use the test account and test computer that won't apply the gpo's. According to the RSoP everyting is working ok and all my settings are there.
If i log back onto the same machine as the user not the admin of the domain, and run group policy results, it shows no GPO's being applied. even tho running the RSoP as domain admin will show it applying to my test account.
Ok, according to RSoP it is showing as an applied gpo for computer and user.. just the way i want them.. I did the RSoP to use the test account and test computer that won't apply the gpo's. According to the RSoP everyting is working ok and all my settings are there.
If i log back onto the same machine as the user not the admin of the domain, and run group policy results, it shows no GPO's being applied. even tho running the RSoP as domain admin will show it applying to my test account.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I have the GPO applied to a OU that only has one vista machine in it. No users, only computers.. I have applied the same gpo to my users OU with the test user account only in it, still get the same problems. It just doesn't apply or even show in gpresult
ASKER
Do GPO's apply to secuirty groups inside of OU's?
To better clarify.. I have my OU(test)with a Group that contains the test machine in it (called tester1) and no users. Shouldn't the GPO's apply to this group inside the OU?
I pulled the tester1 computer out of domain/computers and into the test OU, removed the group and it will apply now.
When I was running XP I used groups inside of OU's to apply my GPO's so I didn't have to move computers and users out of the default area's.> Maybe this changed in vista?
To better clarify.. I have my OU(test)with a Group that contains the test machine in it (called tester1) and no users. Shouldn't the GPO's apply to this group inside the OU?
I pulled the tester1 computer out of domain/computers and into the test OU, removed the group and it will apply now.
When I was running XP I used groups inside of OU's to apply my GPO's so I didn't have to move computers and users out of the default area's.> Maybe this changed in vista?
Hmm... that I couldn't say for sure but I believe that functionality should be intact. You can test it easy enough by moving a Computer account into that OU. Beware of the order of GPO inheritance Local, Site, Domain, OU
ASKER
Yup, its confirmed.. If i pull the physical pc, or user out of their default groups and place them into the OU it works fine and the GPO's apply with no issues.
But moving the users out of the users OU and the computers out of the computers OU, wouldn't this cause other issues in active directory?
The only thing that is really bugging me is that the RSoP is fine and has 100% success when my groups are inside of OU's, but doesn't work in real life.
I have the group setup as a Global Security group which is what I used to do with my XP enviroment. Does this need to be changed from global security group to universal distribuion group maybe?
But moving the users out of the users OU and the computers out of the computers OU, wouldn't this cause other issues in active directory?
The only thing that is really bugging me is that the RSoP is fine and has 100% success when my groups are inside of OU's, but doesn't work in real life.
I have the group setup as a Global Security group which is what I used to do with my XP enviroment. Does this need to be changed from global security group to universal distribuion group maybe?
ASKER
Does anyone have any ideas to why the GPO's are not applying to group's inside of the OU? I've been looking into it for days with no luck.
Thanks,
Thanks,
What policies are you trying to set? Have you used the RSoP wizard ( http://technet.microsoft.com/en-us/library/cc758010.aspx ) ?