Solved

Windows XP SP3 computer images created with MDT2010 do not execute Group Policies

Posted on 2013-01-14
9
401 Views
Last Modified: 2013-01-25
I have an issue in that new images we have captured starting in August of 2012 do not seem to respond to group policies, even though GPResult shows the policies were applied.

Here are the specifics;

I have a Windows network with two Windows 2008 R2 domain controllers and about 800 Windows XP Sp3 client computers. Since early 2010, we have been using the Microsoft Deployment Toolkit 2010 (MDT2010) to capture images from new base XPSP3 installs on existing hardware and then redeploy them to like hardware. We have been doing this every every new school year since. This school year, we reformatted and installed XP SP3 on our various computer types and captured new images with all of the relevant updates and applications for the new school year. However, none of the newly imaged computers seem to process group policy assignments.

When I run Gpresult form the XP XP3 client, it shows that it is applying the policies, such as drive mapping, browser defaults,  etc, but they do actually happen. There are no errors in the System or Application logs of the XP SP3 clients and no errors on the domain controllers.

I can plug an identical hardware computer that is still using the last year image and it does pick up and execute the policies, but the newly imaged, identical hardware XP SP3 computer placed in the same OU does not.

One other thing that has happened between the last school year's imaging and this school year's imaging is that we had a domain controller crash. Initially, we had DC1 and DC2. DC1 crashed over the summer of 2012 and could not be recovered so we installed DC3, joined it to the domain and let it replicate from DC2. I do not see any replication errors in either of the DC's logs. I have spent a log of time chasing this thinking it was related to the DC crash but when I discovered that computes still using the prior year's image were still executing the group policies, I decided that the DC crash could not be the problem.

Has anyone seen this type of behavior? Any ideas?

Thanks,

Dave
0
Comment
Question by:dcadler
  • 6
  • 2
9 Comments
 
LVL 16

Assisted Solution

by:choward16980
choward16980 earned 334 total points
ID: 38776696
When I run Gpresult form the XP XP3 client, it shows that it is applying the policies, such as drive mapping, browser defaults,  etc, but they do actually happen.

You meant don't actually happen, correct?

http://social.technet.microsoft.com/Forums/en/winserverGP/thread/59b7dbdc-6c2a-4f8a-888e-2b7dfc2d033c

Client side extensions installed?
0
 
LVL 18

Assisted Solution

by:Don S.
Don S. earned 166 total points
ID: 38776907
Did the system you made the new image of process policies properly before you syspreped and took the image of it?
0
 

Author Comment

by:dcadler
ID: 38778845
choward16980 - Sorry, I did mean "don't actually happen". And I did check the control panel and confirmed that KB943729 was installed. I even re-installed it with no change in the problem

dons6718 - I took a brand new out of the box Lenovo W7 laptop, ran through the initial Lenovo new computer setup, joined it to the domain, placed it in an OU that had group policies linked to it. Ran GPUpdate /force and rebooted. When it came up, GPResult shows that it is picking up the group policies but they just do not seem to execute.  This would seem to remove the sysprep process as the culprit.
0
 
LVL 16

Accepted Solution

by:
choward16980 earned 334 total points
ID: 38779266
Could you be misled in that the version of IE or office is different and you don't have the correct .adm template installed through GPO?  Like the old workstations had IE 8 and the new ones have IE9 and you're only assuming the GPO isn't working because you're only checking things in IE that should have been applied?

Hope that makes sense...
0
Complete Microsoft Windows PC® & Mac Backup

Backup and recovery solutions to protect all your PCs & Mac– on-premises or in remote locations. Acronis backs up entire PC or Mac with patented reliable disk imaging technology and you will be able to restore workstations to a new, dissimilar hardware in minutes.

 

Author Comment

by:dcadler
ID: 38779409
choward16980 - The GPOs are not just app or browser configs, nothing works. Drives don'y map, default printers do not assign, etc. The same GPOs work for images I created the last school year, just not on images (for the exact same hardware) I created for the 2012/2013 school year and, really, any new computer that I have joined to the domain since August. I am wondering if a problem did not happen when my DC1 crashed and we installed DC3 that is causing issues with SIDs assigned to new computers joined to the domain after the DC1 crash. When I re-image, I delete the old computer(s) from AD, then pull down the new image and assign a computer name (often the same name that I deleted from AD earlier, nut not always). I am wondering is something is happening at the point where the computer is joined to the domain now that is causing the GPOs to not execute.
0
 

Author Comment

by:dcadler
ID: 38780494
OK - Here is an update.

The group policy execution test on the brand new Lenovo Laptop failed for User1 but passed on User2. Both users are members of the domain admins group. User1 could not even run gpresult. When I tried it, I got the following error;

"The processing of Group Policy failed. Windows attempted to read the file \\lssc.local\SysVol\lssc.local\Policies\{9F290071-DA81-4B93-AAD0-2AC2D70E905C}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:

a) Name Resolution/Network Connectivity to the current domain controller.

b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).

c) The Distributed File System (DFS) client has been disabled.

Computer Policy update has completed successfully."


However, when I logged onto the new Lenovo laptop as User2, GPresult ran fine and the group policies all seemed to execute.


So, to summarize my problem;

1. If I log into a Windows XP computer that was imaged in the prior school year, users are able to get group policy execution and run GPResult. Including User1 and User2 mentioned above

2. If I log onto a Windos XP computer that was imaged with images I created since August 2012, I do not get group policy execution for most users, although, I on some computers I get group policy execution for user2 mentioned above and some I do not.
 
3. I have the same problem with new computes that are just joined to the domain and dropped into an OU, without using the imaging process (like I described at the top of this comment)
0
 

Author Comment

by:dcadler
ID: 38780555
In case any of you ask, here is the results from my DC2 that has all 5 FSMO Roleswhen I run DCDIAG /V from an Admin command prompt.


Directory Server Diagnosis


Performing initial setup:

   Trying to find home server...

   * Verifying that the local machine LSSC-DC2, is a Directory Server.
   Home Server = LSSC-DC2

   * Connecting to directory service on server LSSC-DC2.

   * Identified AD Forest.
   Collecting AD specific global data
   * Collecting site info.

   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=lssc,DC=local,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
   The previous call succeeded
   Iterating through the sites
   Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=lssc,DC=local
   Getting ISTG and options for the site
   * Identifying all servers.

   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=lssc,DC=local,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
   The previous call succeeded....
   The previous call succeeded
   Iterating through the list of servers
   Getting information for the server CN=NTDS Settings,CN=LSSC-DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=lssc,DC=local
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=LSSC-DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=lssc,DC=local
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   * Identifying all NC cross-refs.

   * Found 2 DC(s). Testing 1 of them.

   Done gathering initial info.


Doing initial required tests

   
   Testing server: Default-First-Site-Name\LSSC-DC2

      Starting test: Connectivity

         * Active Directory LDAP Services Check
         Determining IP4 connectivity
         * Active Directory RPC Services Check
         ......................... LSSC-DC2 passed test Connectivity



Doing primary tests

   
   Testing server: Default-First-Site-Name\LSSC-DC2

      Starting test: Advertising

         The DC LSSC-DC2 is advertising itself as a DC and having a DS.
         The DC LSSC-DC2 is advertising as an LDAP server
         The DC LSSC-DC2 is advertising as having a writeable directory
         The DC LSSC-DC2 is advertising as a Key Distribution Center
         The DC LSSC-DC2 is advertising as a time server
         The DS LSSC-DC2 is advertising as a GC.
         ......................... LSSC-DC2 passed test Advertising

      Test omitted by user request: CheckSecurityError

      Test omitted by user request: CutoffServers

      Starting test: FrsEvent

         * The File Replication Service Event log test
         Skip the test because the server is running DFSR.

         ......................... LSSC-DC2 passed test FrsEvent

      Starting test: DFSREvent

         The DFS Replication Event Log.
         ......................... LSSC-DC2 passed test DFSREvent

      Starting test: SysVolCheck

         * The File Replication Service SYSVOL ready test
         File Replication Service's SYSVOL is ready
         ......................... LSSC-DC2 passed test SysVolCheck

      Starting test: KccEvent

         * The KCC Event log test
         Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
         ......................... LSSC-DC2 passed test KccEvent

      Starting test: KnowsOfRoleHolders

         Role Schema Owner = CN=NTDS Settings,CN=LSSC-DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=lssc,DC=local
         Role Domain Owner = CN=NTDS Settings,CN=LSSC-DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=lssc,DC=local
         Role PDC Owner = CN=NTDS Settings,CN=LSSC-DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=lssc,DC=local
         Role Rid Owner = CN=NTDS Settings,CN=LSSC-DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=lssc,DC=local
         Role Infrastructure Update Owner = CN=NTDS Settings,CN=LSSC-DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=lssc,DC=local
         ......................... LSSC-DC2 passed test KnowsOfRoleHolders

      Starting test: MachineAccount

         Checking machine account for DC LSSC-DC2 on DC LSSC-DC2.
         * SPN found :LDAP/LSSC-DC2.lssc.local/lssc.local
         * SPN found :LDAP/LSSC-DC2.lssc.local
         * SPN found :LDAP/LSSC-DC2
         * SPN found :LDAP/LSSC-DC2.lssc.local/LSSC
         * SPN found :LDAP/9ef7f61a-55ca-4c0b-9540-0dac56492ca3._msdcs.lssc.local
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/9ef7f61a-55ca-4c0b-9540-0dac56492ca3/lssc.local
         * SPN found :HOST/LSSC-DC2.lssc.local/lssc.local
         * SPN found :HOST/LSSC-DC2.lssc.local
         * SPN found :HOST/LSSC-DC2
         * SPN found :HOST/LSSC-DC2.lssc.local/LSSC
         * SPN found :GC/LSSC-DC2.lssc.local/lssc.local
         ......................... LSSC-DC2 passed test MachineAccount

      Starting test: NCSecDesc

         * Security Permissions check for all NC's on DC LSSC-DC2.
         * Security Permissions Check for

           DC=ForestDnsZones,DC=lssc,DC=local
            (NDNC,Version 3)
         * Security Permissions Check for

           DC=DomainDnsZones,DC=lssc,DC=local
            (NDNC,Version 3)
         * Security Permissions Check for

           CN=Schema,CN=Configuration,DC=lssc,DC=local
            (Schema,Version 3)
         * Security Permissions Check for

           CN=Configuration,DC=lssc,DC=local
            (Configuration,Version 3)
         * Security Permissions Check for

           DC=lssc,DC=local
            (Domain,Version 3)
         ......................... LSSC-DC2 passed test NCSecDesc

      Starting test: NetLogons

         * Network Logons Privileges Check
         Verified share \\LSSC-DC2\netlogon
         Verified share \\LSSC-DC2\sysvol
         ......................... LSSC-DC2 passed test NetLogons

      Starting test: ObjectsReplicated

         LSSC-DC2 is in domain DC=lssc,DC=local
         Checking for CN=LSSC-DC2,OU=Domain Controllers,DC=lssc,DC=local in domain DC=lssc,DC=local on 1 servers
            Object is up-to-date on all servers.
         Checking for CN=NTDS Settings,CN=LSSC-DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=lssc,DC=local in domain CN=Configuration,DC=lssc,DC=local on 1 servers
            Object is up-to-date on all servers.
         ......................... LSSC-DC2 passed test ObjectsReplicated

      Test omitted by user request: OutboundSecureChannels

      Starting test: Replications

         * Replications Check
         * Replication Latency Check
            DC=ForestDnsZones,DC=lssc,DC=local
               Latency information for 4 entries in the vector were ignored.
                  4 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=DomainDnsZones,DC=lssc,DC=local
               Latency information for 4 entries in the vector were ignored.
                  4 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            CN=Schema,CN=Configuration,DC=lssc,DC=local
               Latency information for 4 entries in the vector were ignored.
                  4 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            CN=Configuration,DC=lssc,DC=local
               Latency information for 4 entries in the vector were ignored.
                  4 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=lssc,DC=local
               Latency information for 4 entries in the vector were ignored.
                  4 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
         ......................... LSSC-DC2 passed test Replications

      Starting test: RidManager

         * Available RID Pool for the Domain is 16100 to 1073741823
         * LSSC-DC2.lssc.local is the RID Master
         * DsBind with RID Master was successful
         * rIDAllocationPool is 15100 to 15599
         * rIDPreviousAllocationPool is 15100 to 15599
         * rIDNextRID: 15113
         ......................... LSSC-DC2 passed test RidManager

      Starting test: Services

         * Checking Service: EventSystem
         * Checking Service: RpcSs
         * Checking Service: NTDS
         * Checking Service: DnsCache
         * Checking Service: DFSR
         * Checking Service: IsmServ
         * Checking Service: kdc
         * Checking Service: SamSs
         * Checking Service: LanmanServer
         * Checking Service: LanmanWorkstation
         * Checking Service: w32time
         * Checking Service: NETLOGON
         ......................... LSSC-DC2 passed test Services

      Starting test: SystemLog

         * The System Event log test
         Found no errors in "System" Event log in the last 60 minutes.
         ......................... LSSC-DC2 passed test SystemLog

      Test omitted by user request: Topology

      Test omitted by user request: VerifyEnterpriseReferences

      Starting test: VerifyReferences

         The system object reference (serverReference)

         CN=LSSC-DC2,OU=Domain Controllers,DC=lssc,DC=local and backlink on

         CN=LSSC-DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=lssc,DC=local

         are correct.
         The system object reference (serverReferenceBL)

         CN=LSSC-DC2,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=lssc,DC=local

         and backlink on

         CN=NTDS Settings,CN=LSSC-DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=lssc,DC=local

         are correct.
         The system object reference (msDFSR-ComputerReferenceBL)

         CN=LSSC-DC2,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=lssc,DC=local

         and backlink on CN=LSSC-DC2,OU=Domain Controllers,DC=lssc,DC=local are

         correct.
         ......................... LSSC-DC2 passed test VerifyReferences

      Test omitted by user request: VerifyReplicas

   
      Test omitted by user request: DNS

      Test omitted by user request: DNS

   
   Running partition tests on : ForestDnsZones

      Starting test: CheckSDRefDom

         ......................... ForestDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... ForestDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : DomainDnsZones

      Starting test: CheckSDRefDom

         ......................... DomainDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... DomainDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : Schema

      Starting test: CheckSDRefDom

         ......................... Schema passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Schema passed test CrossRefValidation

   
   Running partition tests on : Configuration

      Starting test: CheckSDRefDom

         ......................... Configuration passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Configuration passed test CrossRefValidation

   
   Running partition tests on : lssc

      Starting test: CheckSDRefDom

         ......................... lssc passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... lssc passed test CrossRefValidation

   
   Running enterprise tests on : lssc.local

      Test omitted by user request: DNS

      Test omitted by user request: DNS

      Starting test: LocatorCheck

         GC Name: \\LSSC-DC2.lssc.local

         Locator Flags: 0xe00033fd
         PDC Name: \\LSSC-DC2.lssc.local
         Locator Flags: 0xe00033fd
         Time Server Name: \\LSSC-DC2.lssc.local
         Locator Flags: 0xe00033fd
         Preferred Time Server Name: \\LSSC-DC2.lssc.local
         Locator Flags: 0xe00033fd
         KDC Name: \\LSSC-DC2.lssc.local
         Locator Flags: 0xe00033fd
         ......................... lssc.local passed test LocatorCheck

      Starting test: Intersite

         Skipping site Default-First-Site-Name, this site is outside the scope

         provided by the command line arguments provided.
         ......................... lssc.local passed test Intersite
0
 

Author Comment

by:dcadler
ID: 38781390
Here is the output from the repadmin command ran on the domain controller, LSSC-DC2, which has all of the FSMO roles.

repadmin /showrepl lssc-dc2 /verbose /all /intersite




Default-First-Site-Name\LSSC-DC2

DSA Options: IS_GC

Site Options: (none)

DSA object GUID: 9ef7f61a-55ca-4c0b-9540-0dac56492ca3

DSA invocationID: 51334a52-0c5d-43ff-9447-a505b640bef5



==== INBOUND NEIGHBORS ======================================



==== OUTBOUND NEIGHBORS FOR CHANGE NOTIFICATIONS ============



DC=lssc,DC=local

    Default-First-Site-Name\LSSC-DC3 via RPC

        DSA object GUID: e5b24d33-3605-42bf-8b6e-f559abceebec

        Address: e5b24d33-3605-42bf-8b6e-f559abceebec._msdcs.lssc.local

        WRITEABLE

        Last attempt @ 2013-01-15 23:53:24 was successful.



CN=Configuration,DC=lssc,DC=local

    Default-First-Site-Name\LSSC-DC3 via RPC

        DSA object GUID: e5b24d33-3605-42bf-8b6e-f559abceebec

        Address: e5b24d33-3605-42bf-8b6e-f559abceebec._msdcs.lssc.local

        WRITEABLE

        Last attempt @ 2013-01-15 16:28:58 was successful.



CN=Schema,CN=Configuration,DC=lssc,DC=local

    Default-First-Site-Name\LSSC-DC3 via RPC

        DSA object GUID: e5b24d33-3605-42bf-8b6e-f559abceebec

        Address: e5b24d33-3605-42bf-8b6e-f559abceebec._msdcs.lssc.local

        WRITEABLE

        Last attempt @ 2012-09-23 02:11:02 was successful.



DC=DomainDnsZones,DC=lssc,DC=local

    Default-First-Site-Name\LSSC-DC3 via RPC

        DSA object GUID: e5b24d33-3605-42bf-8b6e-f559abceebec

        Address: e5b24d33-3605-42bf-8b6e-f559abceebec._msdcs.lssc.local

        WRITEABLE

        Last attempt @ 2013-01-15 23:41:27 was successful.



DC=ForestDnsZones,DC=lssc,DC=local

    Default-First-Site-Name\LSSC-DC3 via RPC

        DSA object GUID: e5b24d33-3605-42bf-8b6e-f559abceebec

        Address: e5b24d33-3605-42bf-8b6e-f559abceebec._msdcs.lssc.local

        WRITEABLE

        Last attempt @ 2013-01-15 19:03:14 was successful.



==== KCC CONNECTION OBJECTS ============================================

Connection --

    Connection name : 8f5c9f3e-3430-4f5f-8c93-43f5b3a4f70d

    Server DNS name : LSSC-DC2.lssc.local

    Server DN  name : CN=NTDS Settings,CN=LSSC-DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=lssc,DC=local

        Source: Default-First-Site-Name\LSSC-DC3

                No Failures.

        TransportType: intrasite RPC

        options:  isGenerated

        ReplicatesNC: DC=DomainDnsZones,DC=lssc,DC=local

        Reason:  RingTopology

                Replica link has been added.

        ReplicatesNC: DC=ForestDnsZones,DC=lssc,DC=local

        Reason:  RingTopology

                Replica link has been added.

        ReplicatesNC: CN=Schema,CN=Configuration,DC=lssc,DC=local

        Reason:  RingTopology

                Replica link has been added.

        ReplicatesNC: DC=lssc,DC=local

        Reason:  RingTopology

                Replica link has been added.

        ReplicatesNC: CN=Configuration,DC=lssc,DC=local

        Reason:  RingTopology

                Replica link has been added.

        enabledConnection: TRUE

        whenChanged: 20120923063111.0Z

        whenCreated: 20120923061610.0Z

        Schedule:

        day: 0123456789ab0123456789ab

        Sun: 111111111111111111111111

        Mon: 111111111111111111111111

        Tue: 111111111111111111111111

        Wed: 111111111111111111111111

        Thu: 111111111111111111111111

        Fri: 111111111111111111111111

        Sat: 111111111111111111111111

1 connections found.

Partition Replication Schedule Loading:

     

      00      01      02      03      04      05      06      07      08      09      10      11

     

 0 1 2 3 0 1 2 3 0 1 2 3 0 1 2 3 0 1 2 3 0 1 2 3 0 1 2 3 0 1 2 3 0 1 2 3 0 1 2 3 0 1 2 3 0 1 2 3

        Sun: 050000000500000005000000050000000500000005000000050000000500000005000000050000000500000005000000

        Sun: 050000000500000005000000050000000500000005000000050000000500000005000000050000000500000005000000

        Mon: 050000000500000005000000050000000500000005000000050000000500000005000000050000000500000005000000

        Mon: 050000000500000005000000050000000500000005000000050000000500000005000000050000000500000005000000

        Tue: 050000000500000005000000050000000500000005000000050000000500000005000000050000000500000005000000

        Tue: 050000000500000005000000050000000500000005000000050000000500000005000000050000000500000005000000

        Wed: 050000000500000005000000050000000500000005000000050000000500000005000000050000000500000005000000

        Wed: 050000000500000005000000050000000500000005000000050000000500000005000000050000000500000005000000

        Thu: 050000000500000005000000050000000500000005000000050000000500000005000000050000000500000005000000

        Thu: 050000000500000005000000050000000500000005000000050000000500000005000000050000000500000005000000

        Fri: 050000000500000005000000050000000500000005000000050000000500000005000000050000000500000005000000

        Fri: 050000000500000005000000050000000500000005000000050000000500000005000000050000000500000005000000

        Sat: 050000000500000005000000050000000500000005000000050000000500000005000000050000000500000005000000

        Sat: 050000000500000005000000050000000500000005000000050000000500000005000000050000000500000005000000
0
 

Author Closing Comment

by:dcadler
ID: 38821127
I am splitting the points because the suggestions helped me narrow down the issue. The problem was actually caused by several corrupt GPOs. Once I removed them, the remaining policies started working. Thanks
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Join & Write a Comment

When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup". After a while, you have entered a loop for Auto repair which does not fix anything and you will be in a  panic as all your work w…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now