Solved

GPResult doesn't show group a User is a member of

Posted on 2012-04-12
5
3,129 Views
Last Modified: 2012-06-27
I am trying to get Group Policy working from scratch. It is possible (indeed, quite likely) that I have missed a simple step somewhere. But anyway...
I have created a new OU specifically for Group Policy testing and created a new Security Group inside it. I have added a User (me, actually) to this new Security Group.
However, whenever I run a GPResult /R [with or without /V], the User us shown as being in every Security Group that they were in before I created the new OU and Security Group but not the new one!

If I check the User in AD Users and Computers membership of the new group is shown. The OU is inside a main OU within the Domain.

Since I can't find the User as being a member of the Security Group, you will not be surprised to discover that GP Modelling doesn't indicate the the GPO will apply to the User - and it doesn't.

Machine is Windows 7, DC is Server 2010. I don't think this should matter, though!

???
0
Comment
Question by:winstalla
  • 2
  • 2
5 Comments
 
LVL 21

Expert Comment

by:RK
ID: 37838001
Hi,

Have you performed a gpupdate /force after creation of the new policy? Could you run rsop and see whether the policy is getting applied to the user?

AD>>Select the affected OU>>Right click on a user>>All Tasks>>Resultant Set Of Policy (Planning)>>Run the wizard and see whether the new policy is applying.
0
 

Author Comment

by:winstalla
ID: 37838086
Run, as suggested, but I don't understand the results (duh!). I get an RsoP console, but I don't see anything in it that helps me to understand the situation.

Incidentally, yes I have done the GPUPDATE /force. And when doing the RSoP the User appeared in the new group, but a GPResult /R still shows it not being there.
0
 
LVL 21

Accepted Solution

by:
RK earned 350 total points
ID: 37838148
Hi,

I hope you got the rsop result page properly, If so, In the rsop page there will be an User Configuration" Right Click on it and select Properties>>You will be able to see the policies which is applying for this user.

When you perform the gpupdate /force..Are you getting the Secli log (Application Event Log) 1704 Security policy in the Group policy objects has been applied successfully? If so, the group policy update is fine.
0
 
LVL 16

Expert Comment

by:l33tf0b
ID: 37838149
Please take a quick look here on how to utilize RSOP:

http://www.windowsnetworking.com/articles_tutorials/Resultant-Set-Policy-Planning-Logging.html

It basically lists or policies have precedence and that can help pinpoint where it's failing
0
 

Author Closing Comment

by:winstalla
ID: 37838237
Thank you! I can now see why it doesn't work. Whether this helps is another matter.....
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question