• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 598
  • Last Modified:

Orphaned GPO issue

All the sudden I have this type of messages cropping up in the event log:
GroupPolicy: 1058: The processing of Group Policy failed. Windows attempted to read the file \mydomain.local\SysVol\mydomain.local\Policies\{10A9F4FA-C707-4E92-9E91-53FDFC685107}\gpt.ini from a domain controller and was not successful. 
Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
 a) Name Resolution/Network Connectivity to the current domain controller.
 b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller). 
c) The Distributed File System (DFS) client has been disabled. GroupPolicy: 1058: The processing of Group Policy failed. Windows attempted to read the file \mydomain.local\SysVol\mydomain.local\Policies\{10A9F4FA-C707-4E92-9E91-53FDFC685107}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved.

Open in new window


seems that so GPO is referenced in the AD but the actual GPO file is not present (not quite sure what has triggered this...).

I have run the FindOrphanedGPOs power-script from jhouseconsulting.com and it did indeed identify 4 orphaned GPOs:

Finding all orphaned Group Policy Objects (GPOs)...

Reading GPO information from Active Directory (CN=Policies,CN=System,DC=mydomain
,DC=local)...
Discovered 15 GPCs (Group Policy Containers) in Active Directory (CN=Policies,CN
=System,DC=mydomain,DC=local)

Reading GPO information from SYSVOL (\\mydomain.local\SYSVOL\mydomain.local\Poli
cies)...
Discovered 11 GPTs (Group Policy Templates) in SYSVOL (\\mydomain.local\SYSVOL\mydomain.local\Policies)

There are 0 GPTs in SYSVOL that don't exist in Active Directory (0.00 % of the t
otal)


There are 4 GPCs in Active Directory that don't exist in SYSVOL (26.67 % of the
total)
These are:
{10A9F4FA-C707-4E92-9E91-53FDFC685107}
{B5556118-5CBF-48AD-96E6-6CC121864261}
{D0FD14A4-C3D3-4FB3-A239-A4073EE365BE}
{DC1B4291-8306-4720-A21E-A7CD992E0E5A}

Open in new window


how do I locate the offending GPOs in the GPC admin console ?
0
Alexandre Takacs
Asked:
Alexandre Takacs
1 Solution
 
Will SzymkowskiSenior Solution ArchitectCommented:
All of the GPO's have a unique SID associsted with it. You will need to reference that SID to the once that are missing.

- Open gpmc.msc
- go through the GPO's listed
- Click on the GPO's
- Click the details tab
- You will see Unique ID (this is what you will need to reference to)
seen screenshot below...
Unique ID
Will.
0
 
Alexandre TakacsCTOAuthor Commented:
thanks - exactly what I was looking for.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now