Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Orphaned GPO issue

Posted on 2014-02-03
2
Medium Priority
?
580 Views
Last Modified: 2014-02-03
All the sudden I have this type of messages cropping up in the event log:
GroupPolicy: 1058: The processing of Group Policy failed. Windows attempted to read the file \mydomain.local\SysVol\mydomain.local\Policies\{10A9F4FA-C707-4E92-9E91-53FDFC685107}\gpt.ini from a domain controller and was not successful. 
Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
 a) Name Resolution/Network Connectivity to the current domain controller.
 b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller). 
c) The Distributed File System (DFS) client has been disabled. GroupPolicy: 1058: The processing of Group Policy failed. Windows attempted to read the file \mydomain.local\SysVol\mydomain.local\Policies\{10A9F4FA-C707-4E92-9E91-53FDFC685107}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved.

Open in new window


seems that so GPO is referenced in the AD but the actual GPO file is not present (not quite sure what has triggered this...).

I have run the FindOrphanedGPOs power-script from jhouseconsulting.com and it did indeed identify 4 orphaned GPOs:

Finding all orphaned Group Policy Objects (GPOs)...

Reading GPO information from Active Directory (CN=Policies,CN=System,DC=mydomain
,DC=local)...
Discovered 15 GPCs (Group Policy Containers) in Active Directory (CN=Policies,CN
=System,DC=mydomain,DC=local)

Reading GPO information from SYSVOL (\\mydomain.local\SYSVOL\mydomain.local\Poli
cies)...
Discovered 11 GPTs (Group Policy Templates) in SYSVOL (\\mydomain.local\SYSVOL\mydomain.local\Policies)

There are 0 GPTs in SYSVOL that don't exist in Active Directory (0.00 % of the t
otal)


There are 4 GPCs in Active Directory that don't exist in SYSVOL (26.67 % of the
total)
These are:
{10A9F4FA-C707-4E92-9E91-53FDFC685107}
{B5556118-5CBF-48AD-96E6-6CC121864261}
{D0FD14A4-C3D3-4FB3-A239-A4073EE365BE}
{DC1B4291-8306-4720-A21E-A7CD992E0E5A}

Open in new window


how do I locate the offending GPOs in the GPC admin console ?
0
Comment
Question by:Alexandre Takacs
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 2000 total points
ID: 39829492
All of the GPO's have a unique SID associsted with it. You will need to reference that SID to the once that are missing.

- Open gpmc.msc
- go through the GPO's listed
- Click on the GPO's
- Click the details tab
- You will see Unique ID (this is what you will need to reference to)
seen screenshot below...
Unique ID
Will.
0
 
LVL 1

Author Closing Comment

by:Alexandre Takacs
ID: 39829515
thanks - exactly what I was looking for.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article I discuss my selections of the Top Four free Outlook OST File Viewers available. Open, view and read even damaged OST files by using these tools. They all provide a clear preview of all data such as emails, notes, tasks, calendars, e…
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
CodeTwo Sync for iCloud (http://www.codetwo.com/sync-for-icloud?sts=6554) automatically synchronizes your Outlook 2016, 2013, 2010 or 2007 folders with iCloud folders available via iCloud Control Panel. This lets you automatically sync them with…
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question