Solved

How do group policies work?

Posted on 2014-07-24
3
126 Views
Last Modified: 2014-09-09
Can someone give me a link that explains how GPO is applied to machine from DC? I want to know if it cant hit primary DC does it round robin until it gets one it can hit? What determines what order the DC's are contacted? Thanks
0
Comment
Question by:Thomas N
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 10

Expert Comment

by:Rafael
ID: 40217602
Have you tried Group Policy informational guide from Microsoft ? It's good reading and breaks down as you need.
0
 

Author Comment

by:Thomas N
ID: 40217633
I dont have time to read that whole guide. Can you just tell me what happens when a machine logs in to get GPO, it checks its logonserver for policy but what determines where it goes next if the server is busy? Thanks
0
 
LVL 10

Accepted Solution

by:
Rafael earned 500 total points
ID: 40219977
Well, for policies, if it doesn't get a response from it's logon server, it will try to contact any other DC in the same site (pool) and then the domain as itself, if several DC's exist in the same site it uses a unpublished not quite round robin process to pick one that tends to weigh it with about 70% of the logon going to the first one in the list (top down) and 30% spread out for the others in the site.

If no DC in the same site pool responds then it'll query DNS and randomly selects one from the any DC or the domain regardless of site, tried in that order. Finally, if there are no logon servers then the user is logged in via cached credentials if enabled.

HTH
-Rafael
0

Featured Post

PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question