Link to home
Start Free TrialLog in
Avatar of winstalla
winstallaFlag for United Kingdom of Great Britain and Northern Ireland

asked on

GPResult doesn't show group a User is a member of

I am trying to get Group Policy working from scratch. It is possible (indeed, quite likely) that I have missed a simple step somewhere. But anyway...
I have created a new OU specifically for Group Policy testing and created a new Security Group inside it. I have added a User (me, actually) to this new Security Group.
However, whenever I run a GPResult /R [with or without /V], the User us shown as being in every Security Group that they were in before I created the new OU and Security Group but not the new one!

If I check the User in AD Users and Computers membership of the new group is shown. The OU is inside a main OU within the Domain.

Since I can't find the User as being a member of the Security Group, you will not be surprised to discover that GP Modelling doesn't indicate the the GPO will apply to the User - and it doesn't.

Machine is Windows 7, DC is Server 2010. I don't think this should matter, though!

???
Avatar of Radhakrishnan
Radhakrishnan
Flag of India image

Hi,

Have you performed a gpupdate /force after creation of the new policy? Could you run rsop and see whether the policy is getting applied to the user?

AD>>Select the affected OU>>Right click on a user>>All Tasks>>Resultant Set Of Policy (Planning)>>Run the wizard and see whether the new policy is applying.
Avatar of winstalla

ASKER

Run, as suggested, but I don't understand the results (duh!). I get an RsoP console, but I don't see anything in it that helps me to understand the situation.

Incidentally, yes I have done the GPUPDATE /force. And when doing the RSoP the User appeared in the new group, but a GPResult /R still shows it not being there.
ASKER CERTIFIED SOLUTION
Avatar of Radhakrishnan
Radhakrishnan
Flag of India image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Please take a quick look here on how to utilize RSOP:

http://www.windowsnetworking.com/articles_tutorials/Resultant-Set-Policy-Planning-Logging.html

It basically lists or policies have precedence and that can help pinpoint where it's failing
Thank you! I can now see why it doesn't work. Whether this helps is another matter.....