Solved

Orphaned GPO issue

Posted on 2014-02-03
2
539 Views
Last Modified: 2014-02-03
All the sudden I have this type of messages cropping up in the event log:
GroupPolicy: 1058: The processing of Group Policy failed. Windows attempted to read the file \mydomain.local\SysVol\mydomain.local\Policies\{10A9F4FA-C707-4E92-9E91-53FDFC685107}\gpt.ini from a domain controller and was not successful. 
Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
 a) Name Resolution/Network Connectivity to the current domain controller.
 b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller). 
c) The Distributed File System (DFS) client has been disabled. GroupPolicy: 1058: The processing of Group Policy failed. Windows attempted to read the file \mydomain.local\SysVol\mydomain.local\Policies\{10A9F4FA-C707-4E92-9E91-53FDFC685107}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved.

Open in new window


seems that so GPO is referenced in the AD but the actual GPO file is not present (not quite sure what has triggered this...).

I have run the FindOrphanedGPOs power-script from jhouseconsulting.com and it did indeed identify 4 orphaned GPOs:

Finding all orphaned Group Policy Objects (GPOs)...

Reading GPO information from Active Directory (CN=Policies,CN=System,DC=mydomain
,DC=local)...
Discovered 15 GPCs (Group Policy Containers) in Active Directory (CN=Policies,CN
=System,DC=mydomain,DC=local)

Reading GPO information from SYSVOL (\\mydomain.local\SYSVOL\mydomain.local\Poli
cies)...
Discovered 11 GPTs (Group Policy Templates) in SYSVOL (\\mydomain.local\SYSVOL\mydomain.local\Policies)

There are 0 GPTs in SYSVOL that don't exist in Active Directory (0.00 % of the t
otal)


There are 4 GPCs in Active Directory that don't exist in SYSVOL (26.67 % of the
total)
These are:
{10A9F4FA-C707-4E92-9E91-53FDFC685107}
{B5556118-5CBF-48AD-96E6-6CC121864261}
{D0FD14A4-C3D3-4FB3-A239-A4073EE365BE}
{DC1B4291-8306-4720-A21E-A7CD992E0E5A}

Open in new window


how do I locate the offending GPOs in the GPC admin console ?
0
Comment
Question by:atak2983
2 Comments
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 500 total points
Comment Utility
All of the GPO's have a unique SID associsted with it. You will need to reference that SID to the once that are missing.

- Open gpmc.msc
- go through the GPO's listed
- Click on the GPO's
- Click the details tab
- You will see Unique ID (this is what you will need to reference to)
seen screenshot below...
Unique ID
Will.
0
 
LVL 1

Author Closing Comment

by:atak2983
Comment Utility
thanks - exactly what I was looking for.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now