Solved

How to find stale {GUID} folders in SYSVOL

Posted on 2009-05-16
6
2,218 Views
Last Modified: 2013-12-05
For the past week or so, I keep having Userenv 1000 on the DC's and 1030/1058 on the clients, and the errors basically say "Windows cannot access the file gpt.ini for GPO"... When I look at the Sysvol folders on the DC's, all of them have different total numbers of {GUID} folders, some have 20+, some have 50+ folders... How can I determine which DC's hold the correct/current {GUID} and which ones I should remove.  Thanks.
0
Comment
Question by:Silly013
  • 2
  • 2
  • 2
6 Comments
 
LVL 31

Accepted Solution

by:
Toni Uranjek earned 400 total points
ID: 24402354
Hi!

I would suggest that you download gpotool.exe which is part of Resource Kit:

"Windows Server 2003 Resource Kit Tools"
http://www.microsoft.com/downloads/details.aspx?familyid=9d467a69-57ff-4ae7-96ee-b18c4790cffd&displaylang=en

Use this toll to check for GPO consistency in your domain.

If you want to remove "orphaned" GPO from SYSVOL, you should install Group Policy Managment Console:

"Group Policy Management Console with Service Pack 1"
http://www.microsoft.com/downloads/details.aspx?FamilyID=0A6D4C24-8CBD-4B35-9272-DD3CBFC81887&displaylang=en

After GPMC is installed, go to command prompt and to "%programfiles%\gpmc\scripts" folder. Execute the following script "FindOrphanedGPOsInSYSVOL.wsf". It will list orphaned Group Policy Objects.

HTH

Toni
; command to find orphaned GPOs - substitue test.local with your domain

cscript FindOrphanedGPOsInSYSVOL.wsf /domain:test.local

Open in new window

0
 
LVL 27

Expert Comment

by:bluntTony
ID: 24402503
It also looks like you have a problem with FRS replicating SYSVOL, causing the differences.

The chance are, unless you changed the default, then your PDC will be holding the 'correct' set of policies (the GPMC by default connects to the PDC emulator).

Run DCDIAG (from the support tools on the OS CD) on your DCs - see what errors it returns.
0
 
LVL 2

Author Comment

by:Silly013
ID: 24404972
@bluntTony - replications tests from dcdiag are okay.  (We used to have replication problems because of a couple of failed DC's.. but I did remove the metadata using ntdsutil, and everything seemed to work fine until the past week.)
@toniur - i'm working toward your tips using gpmc-- the script yielded only two orphaned GPO's... and I still  don't know where the other extra 25+ came from.  Anyways.. I compared the GUID's from System folder in ADUC / GPMC and ADSIEDIT... the result is pretty much the same... so what I'm thinking is to just create a folder on each of the DC's and move those that don't match with what found in the System folder, and see how it goes.  Please let me know if this workaround would be okay to do.
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 
LVL 31

Expert Comment

by:Toni Uranjek
ID: 24405361
Did you run gpotool.exe? It will show you version mismatches between GPOS?
Create backup of all GPOs with GPMC before you move or delete anything.
0
 
LVL 27

Assisted Solution

by:bluntTony
bluntTony earned 100 total points
ID: 24405991
If you create a text file in one SYSVOL share, does it appear in all others? If it does, what you have suggested could work, but then if replication has failed previously some folders may not match what is in the same folder in another replica set, if you've made changes to the GPO.

If you know which is your 'good' replica, you might also want to try and re-initialise FRS so that all members sync.

http://support.microsoft.com/kb/290762

Like toniur says, though, ensure you've got backups before working on it!


0
 
LVL 2

Author Closing Comment

by:Silly013
ID: 31582191
Everything seems to be fine now... I'll keep my eyes on the situation for a week and let you guys know if there's further problem.  Thanks!
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Independent domain networks for setup 6 109
File Server Migration from 2003 to 2008R2 3 60
sccm client without collection 1 37
Which browser works with XP 16 96
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
Issue: One Windows 2008 R2 64bit server on the network unable to connect to a buffalo Device (Linkstation) with firmware version 1.56. There are a total of four servers on the network this being one of them. Troubleshooting Steps: Connect via h…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

937 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

5 Experts available now in Live!

Get 1:1 Help Now