I've been working on this issue for quite some time now, and I have really just ran out of things to try for this issue.
This all started several months back when I started looking into AD replication. I found AD had not replicated across sites so I dove into that issue. I tried a couple of things before getting BurFlags to work - recreating the policies on all of the domain controllers besides the PDC. This started replication to working again, but I've had various issues (such as the one I have right now) along the way and I really don't know what is causing this or how to fix it without recreating the entire domain.
It seems that every time I go to edit a group policy, the one I need to edit is inaccessible. This times it's my Windows 7 policy that I need to edit, and I'd rather not have to recreate the entire thing again...
So here's a little info about our setup:
2 sites - Site (A) has 4 domain controllers, Site (B) has 2 domain controllers
2003 Functional Level, but have 2003, 2003 R2, 2008, and 2008 R2 Domain Controllers
It looks like replication has been modified from the default replication schedule, but this was not done by me - it was done by the previous IT guy. I don't think I would ever modify the replication schedule, but for some reason, he did. I don't want to modify it back because I don't know why it was changed in the first place, though I wish it was back to normal because replicating 1 an hour is kind of annoying when we have, at minimum, 3 bonded T1 lines (so we definitely have the bandwidth)
We have about 52 policies currently setup.
The particular issue I'm having today is when I try to EDIT the Windows 7 Policy, I get a prompt "Group Policy Error. Failed to open the Group Policy Object. You may not have appropriate rights. Details: The system cannot find the path specified", then the group policy management editor comes up with red X icons in it, and nothing displaying (like the policy is corrupt or something).
On the policy's Settings tab, all my policy settings show up like it's working fine. I have even been able to export those settings to HTML so I can print them off in case I have to recreate the policy.
On the policy's Details tab, the Unique ID has been written down, and I browsed to "\\<domain-name>.com\sysvo
"... The weird thing is this particular GUID is showing up twice (as two directories). The first one is the GUID, and the second one is the GUID and "_NTFRS_22ec101d" at the end.
At first glance, this sounds like a replication issue just because of the NTFRS on and the multiple policy folders, but at this point I don't know.
The "regular" policy folder has only two files:
The "Long" policy folder has what appears to be a full policy listing:
The file permissions look correct on the folders, subfolders, and files within. The permissions in the Group Policy Management Console appear to be correct as well (Delegation Tab):
Authenticated Users: Read (from Security Filtering)
Domain Admins: Edit settings, delete, modify security
Domain Computers: Read (from Security Filtering)
Enterprise Admins: Edit settings, delete, modify security
ENTERPRISE DOMAIN CONTROLLERS: Read
SYSTEM: Edit settings, delete, modify security
I've tried playing around with DCDIAG and repadmin/replmon, but haven't made any progress.
If you'd like me to give something a shot, please leave detailed instructions on what/how to run it. For example, if you want me to give you replication summary, don't just say "can you provide replication summary?". Please say "can you run 'repadmin /showrepl' and 'repadmin /replsummary' and post the results here?" - this would be greatly appreciated to ease confusion and make things as easy as possible.
Please let me know what you guys have for me!
Thank you so much!