Solved

GPResult doesn't show group a User is a member of

Posted on 2012-04-12
5
3,348 Views
Last Modified: 2012-06-27
I am trying to get Group Policy working from scratch. It is possible (indeed, quite likely) that I have missed a simple step somewhere. But anyway...
I have created a new OU specifically for Group Policy testing and created a new Security Group inside it. I have added a User (me, actually) to this new Security Group.
However, whenever I run a GPResult /R [with or without /V], the User us shown as being in every Security Group that they were in before I created the new OU and Security Group but not the new one!

If I check the User in AD Users and Computers membership of the new group is shown. The OU is inside a main OU within the Domain.

Since I can't find the User as being a member of the Security Group, you will not be surprised to discover that GP Modelling doesn't indicate the the GPO will apply to the User - and it doesn't.

Machine is Windows 7, DC is Server 2010. I don't think this should matter, though!

???
0
Comment
Question by:winstalla
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 21

Expert Comment

by:Radhakrishnan R
ID: 37838001
Hi,

Have you performed a gpupdate /force after creation of the new policy? Could you run rsop and see whether the policy is getting applied to the user?

AD>>Select the affected OU>>Right click on a user>>All Tasks>>Resultant Set Of Policy (Planning)>>Run the wizard and see whether the new policy is applying.
0
 

Author Comment

by:winstalla
ID: 37838086
Run, as suggested, but I don't understand the results (duh!). I get an RsoP console, but I don't see anything in it that helps me to understand the situation.

Incidentally, yes I have done the GPUPDATE /force. And when doing the RSoP the User appeared in the new group, but a GPResult /R still shows it not being there.
0
 
LVL 21

Accepted Solution

by:
Radhakrishnan R earned 350 total points
ID: 37838148
Hi,

I hope you got the rsop result page properly, If so, In the rsop page there will be an User Configuration" Right Click on it and select Properties>>You will be able to see the policies which is applying for this user.

When you perform the gpupdate /force..Are you getting the Secli log (Application Event Log) 1704 Security policy in the Group policy objects has been applied successfully? If so, the group policy update is fine.
0
 
LVL 16

Expert Comment

by:Raymond Peng
ID: 37838149
Please take a quick look here on how to utilize RSOP:

http://www.windowsnetworking.com/articles_tutorials/Resultant-Set-Policy-Planning-Logging.html

It basically lists or policies have precedence and that can help pinpoint where it's failing
0
 

Author Closing Comment

by:winstalla
ID: 37838237
Thank you! I can now see why it doesn't work. Whether this helps is another matter.....
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This Micro Tutorial will give you basic overview of the control panel section on Windows 7. It will depth in Network and Internet, Hardware and Sound, etc. This will be demonstrated using Windows 7 operating system.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

635 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question