GPResult doesn't show group a User is a member of

I am trying to get Group Policy working from scratch. It is possible (indeed, quite likely) that I have missed a simple step somewhere. But anyway...
I have created a new OU specifically for Group Policy testing and created a new Security Group inside it. I have added a User (me, actually) to this new Security Group.
However, whenever I run a GPResult /R [with or without /V], the User us shown as being in every Security Group that they were in before I created the new OU and Security Group but not the new one!

If I check the User in AD Users and Computers membership of the new group is shown. The OU is inside a main OU within the Domain.

Since I can't find the User as being a member of the Security Group, you will not be surprised to discover that GP Modelling doesn't indicate the the GPO will apply to the User - and it doesn't.

Machine is Windows 7, DC is Server 2010. I don't think this should matter, though!

???
winstallaAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Radhakrishnan RSenior Technical LeadCommented:
Hi,

Have you performed a gpupdate /force after creation of the new policy? Could you run rsop and see whether the policy is getting applied to the user?

AD>>Select the affected OU>>Right click on a user>>All Tasks>>Resultant Set Of Policy (Planning)>>Run the wizard and see whether the new policy is applying.
0
winstallaAuthor Commented:
Run, as suggested, but I don't understand the results (duh!). I get an RsoP console, but I don't see anything in it that helps me to understand the situation.

Incidentally, yes I have done the GPUPDATE /force. And when doing the RSoP the User appeared in the new group, but a GPResult /R still shows it not being there.
0
Radhakrishnan RSenior Technical LeadCommented:
Hi,

I hope you got the rsop result page properly, If so, In the rsop page there will be an User Configuration" Right Click on it and select Properties>>You will be able to see the policies which is applying for this user.

When you perform the gpupdate /force..Are you getting the Secli log (Application Event Log) 1704 Security policy in the Group policy objects has been applied successfully? If so, the group policy update is fine.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Raymond PengSystems EngineerCommented:
Please take a quick look here on how to utilize RSOP:

http://www.windowsnetworking.com/articles_tutorials/Resultant-Set-Policy-Planning-Logging.html

It basically lists or policies have precedence and that can help pinpoint where it's failing
0
winstallaAuthor Commented:
Thank you! I can now see why it doesn't work. Whether this helps is another matter.....
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 7

From novice to tech pro — start learning today.