GPRESULT = differnt domain for USER and COMPUTER? Screenshots included!

i was testing out a GPO against a few users and noticed that against a user, the GPO would not take effect. after some troubleshooting and GPRESULT, the findings are confusing to me.

a litle background: before i came along, my employer's domain broke down and they rebuilt it. brought everything over to the new domain and everything is working thus far. now i find this...

GPRESULT for the suspect PC;

here's the computer configuration:

computer configuration
here's the user configuration:

user configuration
the current domain is "cu.loc" and the old one was "WIECU". my guess is that the profile on the PC is the old profile way back when the WIECU domain was active and then they just pointed the PC to the new domain. the user is able to function daily without issue except that GPOs will not apply because of being from a foreign domain? all GPOs are denied. also, the WIECU domain no longer exists.

so my question is: where is GPRESULT pulling this information from? can i go change it or update it? i was planning to just migrate profiles with USMT. lastly, does anyone know how i can scan all the PCs on my network for this issue? i'm sure there's a good handful of these out in my network. we have about 150 PCs total.

DC is Windows Server 2008 R2 Standard and clients are Windows 7 Professional. THANKS!
Bryon HuffmanAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Mike KlineCommented:
Is this running gpresult locally or from an RSoP in GPMC?  Does the same thing happen via GPMC?

If you create a new test user does this also happen.   Let me dig a bit on the gpresult I was going to give an answer but want to make sure I have the right answer :)


Unjoin from old domain, rejoin to new domain, use this to migrate profiles:
Bryon HuffmanAuthor Commented:
this is run locally on the PC that the user uses daily. we cannot unjoin this user from the old domain as the old domain doesn't exist anymore. the pc and user is already apart of the new domain. when a new user logs onto the PC, the new domain sticks with the new user.

this problem user can log into another machine, get a new profile, and the new domain will stick.

the main problem here is that the existing user (with the existing profile) is stuck back with the old domain therefore any GPO items won't work. we've tested GPO and they're coming back negative.

i'm already aware of the user profile wizard from forensit. that was going to be my next attempt. i was hoping for another avenue as well as a proper explanation.
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Bryon HuffmanAuthor Commented:
microsoft says the pc may be using cached credentials for the old domain from prior therefore GPO will never apply. we'll see if i can uncache this otherwise i will go with my original plan and migrate/restore profile and see what happens.

the search continues...
Bryon HuffmanAuthor Commented:
we figured it out. the problem was an old residual ROAMING profile entry (where the entry is, i'm not sure, maybe someone else will know or explain). a long time ago, roaming profiles were used at my workplace (before i came along) but then went away by executive decision, however the profiles were never cleaned out. so what was happening was when the user logged into the PC, there would be two profiles attached to one profile folder.
if you go to advanced system settings under the advanced tab into user profile settings, you would see two profile entries for the same user only one would be a local type and the other a roaming with the same current modified date (as in today).
so i logged into the PC as an administrator user, migrate the profile out to another user, deleted both profiles of the problem user via the interface (not manually deleting the profile folder), check to make sure all folders were gone in the profile folder location, migrated the profile back to the user, logged out, had the user log back in, waited a moment for the profile to connect itself back... done.
ran a gpupdate /force followed by gpresult /user 152 /h c:\a.html and opened up the html file to confirm that the correct domain was being attached and then also confirmed GPO was working. all is well and the user is happy!
btw, i used Forensit Profile Wizard to do the migration. it's a really nice and FREE tool.
now the question: can anyone explain this behavior. do old romaing profiles take precedence? does it bind itself to local profiles by design? i'm glad it's fixed but interesting minds wanna know!
if you know and i can prove it, then i'll mark it as answer as well! thanks for the input everyone! hopefully my horrors will shed light on another who runs into this same situation.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Bryon HuffmanAuthor Commented:
my comment is the answer however i'm still looking for the why. i'm curious to know why this behavior does what it does.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.