Solved

How to find stale {GUID} folders in SYSVOL

Posted on 2009-05-16
6
2,197 Views
Last Modified: 2013-12-05
For the past week or so, I keep having Userenv 1000 on the DC's and 1030/1058 on the clients, and the errors basically say "Windows cannot access the file gpt.ini for GPO"... When I look at the Sysvol folders on the DC's, all of them have different total numbers of {GUID} folders, some have 20+, some have 50+ folders... How can I determine which DC's hold the correct/current {GUID} and which ones I should remove.  Thanks.
0
Comment
Question by:Silly013
  • 2
  • 2
  • 2
6 Comments
 
LVL 31

Accepted Solution

by:
Toni Uranjek earned 400 total points
ID: 24402354
Hi!

I would suggest that you download gpotool.exe which is part of Resource Kit:

"Windows Server 2003 Resource Kit Tools"
http://www.microsoft.com/downloads/details.aspx?familyid=9d467a69-57ff-4ae7-96ee-b18c4790cffd&displaylang=en

Use this toll to check for GPO consistency in your domain.

If you want to remove "orphaned" GPO from SYSVOL, you should install Group Policy Managment Console:

"Group Policy Management Console with Service Pack 1"
http://www.microsoft.com/downloads/details.aspx?FamilyID=0A6D4C24-8CBD-4B35-9272-DD3CBFC81887&displaylang=en

After GPMC is installed, go to command prompt and to "%programfiles%\gpmc\scripts" folder. Execute the following script "FindOrphanedGPOsInSYSVOL.wsf". It will list orphaned Group Policy Objects.

HTH

Toni
; command to find orphaned GPOs - substitue test.local with your domain

cscript FindOrphanedGPOsInSYSVOL.wsf /domain:test.local

Open in new window

0
 
LVL 27

Expert Comment

by:bluntTony
ID: 24402503
It also looks like you have a problem with FRS replicating SYSVOL, causing the differences.

The chance are, unless you changed the default, then your PDC will be holding the 'correct' set of policies (the GPMC by default connects to the PDC emulator).

Run DCDIAG (from the support tools on the OS CD) on your DCs - see what errors it returns.
0
 
LVL 2

Author Comment

by:Silly013
ID: 24404972
@bluntTony - replications tests from dcdiag are okay.  (We used to have replication problems because of a couple of failed DC's.. but I did remove the metadata using ntdsutil, and everything seemed to work fine until the past week.)
@toniur - i'm working toward your tips using gpmc-- the script yielded only two orphaned GPO's... and I still  don't know where the other extra 25+ came from.  Anyways.. I compared the GUID's from System folder in ADUC / GPMC and ADSIEDIT... the result is pretty much the same... so what I'm thinking is to just create a folder on each of the DC's and move those that don't match with what found in the System folder, and see how it goes.  Please let me know if this workaround would be okay to do.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 31

Expert Comment

by:Toni Uranjek
ID: 24405361
Did you run gpotool.exe? It will show you version mismatches between GPOS?
Create backup of all GPOs with GPMC before you move or delete anything.
0
 
LVL 27

Assisted Solution

by:bluntTony
bluntTony earned 100 total points
ID: 24405991
If you create a text file in one SYSVOL share, does it appear in all others? If it does, what you have suggested could work, but then if replication has failed previously some folders may not match what is in the same folder in another replica set, if you've made changes to the GPO.

If you know which is your 'good' replica, you might also want to try and re-initialise FRS so that all members sync.

http://support.microsoft.com/kb/290762

Like toniur says, though, ensure you've got backups before working on it!


0
 
LVL 2

Author Closing Comment

by:Silly013
ID: 31582191
Everything seems to be fine now... I'll keep my eyes on the situation for a week and let you guys know if there's further problem.  Thanks!
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Learn about cloud computing and its benefits for small business owners.
Know what services you can and cannot, should and should not combine on your server.
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now