asked on Understanding Group Policy on Windows 2008 r2 Server and forest trusts
We have 2 forests that trust each other.
One forest is datacenter.local and the other is headquarters.local.
At the data center we have 2 domain controllers, dc3.datacenter.local and dc1.datacenter.local. We also have another domain controller called dc2.datacenter.local at the headquarters office, so we have 3 domain controller in the datacenter.local domain which is also a forest.
At the headquarters office we have a domain (also a forest) called headquarters.local with 2 domain controllers, fs1.headquarters.local and fs2.headquarters.local.
Group Policy for datacenter.local is on dc3.datacenter.local which is also the PDC Emulator. Group Policy for headquarters.local is on FS1.headquarters.local which is also the PDC Emulator.
Given this environment, how does Group Policy get applied?
This may or may not be an issue, but one of the things I'm seeing in the logs for one of my member servers in the datacenter.local doamin is that group policy is coming from dc2.datacenter.local, but shouldn't it be coming from dc3.datacenter.local (which is the PDCe) since that is were Group Policy has been set.
Microsoft Legacy OSActive DirectoryWindows Server 2008
Last Comment
Sandesh Dubey
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Will this actually work?
Event ID: 1109 Source: Microsoft-Windows-GroupPol
The user account is in a different forest than the computer account. The processing of Group Policy from another forest is not allowed. Group Policy will be processed using Loopback Replace mode. The scope of the user policy settings will be determined by the location of the computer object in Active Directory. The settings will be aquired from the User Configuration of these policies.
http://technet.microsoft.com/en-us/library/cc727296(v=ws.10).aspx
Resolve
• Enable cross-forest user Group Policy processing
• Open the Group Policy Management Console (GPMC).
• Create a new Group Policy object (GPO) or select an existing one.
• Edit the GPO and enable the following policy setting: AllowCross-Forest User Policy and Roaming User Profiles (located in Administrative Templates\System\Group Policy).
• Log off and restart the computer.
Event ID: 1109 Source: Microsoft-Windows-GroupPol
The user account is in a different forest than the computer account. The processing of Group Policy from another forest is not allowed. Group Policy will be processed using Loopback Replace mode. The scope of the user policy settings will be determined by the location of the computer object in Active Directory. The settings will be aquired from the User Configuration of these policies.
http://technet.microsoft.com/en-us/library/cc727296(v=ws.10).aspx
Resolve
• Enable cross-forest user Group Policy processing
• Open the Group Policy Management Console (GPMC).
• Create a new Group Policy object (GPO) or select an existing one.
• Edit the GPO and enable the following policy setting: AllowCross-Forest User Policy and Roaming User Profiles (located in Administrative Templates\System\Group Policy).
• Log off and restart the computer.
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
The user account is in a different forest than the computer account. The processing of Group Policy from another forest is not allowed. Group Policy will be processed using Loopback Replace mode. The scope of the user policy settings will be determined by the location of the computer object in Active Directory. The settings will be aquired from the User Configuration of these policies.