We have 2 forests that trust each other.
One forest is datacenter.local and the other is headquarters.local.
At the data center we have 2 domain controllers, dc3.datacenter.local and dc1.datacenter.local. We also have another domain controller called dc2.datacenter.local at the headquarters office, so we have 3 domain controller in the datacenter.local domain which is also a forest.
At the headquarters office we have a domain (also a forest) called headquarters.local with 2 domain controllers, fs1.headquarters.local and fs2.headquarters.local.
Group Policy for datacenter.local is on dc3.datacenter.local which is also the PDC Emulator. Group Policy for headquarters.local is on FS1.headquarters.local which is also the PDC Emulator.
Given this environment, how does Group Policy get applied?
This may or may not be an issue, but one of the things I'm seeing in the logs for one of my member servers in the datacenter.local doamin is that group policy is coming from dc2.datacenter.local, but shouldn't it be coming from dc3.datacenter.local (which is the PDCe) since that is were Group Policy has been set.
The user account is in a different forest than the computer account. The processing of Group Policy from another forest is not allowed. Group Policy will be processed using Loopback Replace mode. The scope of the user policy settings will be determined by the location of the computer object in Active Directory. The settings will be aquired from the User Configuration of these policies.