GPResult doesn't show group a User is a member of

I am trying to get Group Policy working from scratch. It is possible (indeed, quite likely) that I have missed a simple step somewhere. But anyway...
I have created a new OU specifically for Group Policy testing and created a new Security Group inside it. I have added a User (me, actually) to this new Security Group.
However, whenever I run a GPResult /R [with or without /V], the User us shown as being in every Security Group that they were in before I created the new OU and Security Group but not the new one!

If I check the User in AD Users and Computers membership of the new group is shown. The OU is inside a main OU within the Domain.

Since I can't find the User as being a member of the Security Group, you will not be surprised to discover that GP Modelling doesn't indicate the the GPO will apply to the User - and it doesn't.

Machine is Windows 7, DC is Server 2010. I don't think this should matter, though!

???
winstallaAsked:
Who is Participating?
 
Radhakrishnan RSenior Technical LeadCommented:
Hi,

I hope you got the rsop result page properly, If so, In the rsop page there will be an User Configuration" Right Click on it and select Properties>>You will be able to see the policies which is applying for this user.

When you perform the gpupdate /force..Are you getting the Secli log (Application Event Log) 1704 Security policy in the Group policy objects has been applied successfully? If so, the group policy update is fine.
0
 
Radhakrishnan RSenior Technical LeadCommented:
Hi,

Have you performed a gpupdate /force after creation of the new policy? Could you run rsop and see whether the policy is getting applied to the user?

AD>>Select the affected OU>>Right click on a user>>All Tasks>>Resultant Set Of Policy (Planning)>>Run the wizard and see whether the new policy is applying.
0
 
winstallaAuthor Commented:
Run, as suggested, but I don't understand the results (duh!). I get an RsoP console, but I don't see anything in it that helps me to understand the situation.

Incidentally, yes I have done the GPUPDATE /force. And when doing the RSoP the User appeared in the new group, but a GPResult /R still shows it not being there.
0
 
Raymond PengSystems EngineerCommented:
Please take a quick look here on how to utilize RSOP:

http://www.windowsnetworking.com/articles_tutorials/Resultant-Set-Policy-Planning-Logging.html

It basically lists or policies have precedence and that can help pinpoint where it's failing
0
 
winstallaAuthor Commented:
Thank you! I can now see why it doesn't work. Whether this helps is another matter.....
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.