Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

GPO not applied

Posted on 2014-12-10
4
Medium Priority
?
125 Views
Last Modified: 2016-06-16
Hello All,

Previously I had a problem with my GPOs created on one DC and for some reason it was missing in the other DC. Upon checking and troubleshooting it, I eventually was able to resolve by performing the DFSR authoritative restore. The problem I am facing now is that the password policy GPO linked to Domain would not apply at all. I used the GPCresult /r and of course the GPO in question was not listed as applied. I also applied the GPCupdate.exe but still the GPO in question is not applied. Any ideas or suggestions on how I should proceed on trying to resolve this issue?? Any help or recommendation is greatly appreciated. I am new to GPO concept so you would have to spell it out a little bit for me to understand. Thanks!

Lotusmail1
0
Comment
Question by:lotusmail1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 29

Accepted Solution

by:
Dan McFadden earned 1000 total points
ID: 40493681
Have you verified that replication is fully functional?  As a start, I would run the following:

1. dcdiag /e /v
2. repadmin /replsummary

Are there errors?

Also, if you know what the file name of the GPO is, does it exist on all DCs?  Are the contents of the following location, the same on all DCs?:  C:\Windows\SYSVOL\sysvol\dpa.com\Policies

Here's a decent link on troubleshooting GPO:  http://www.tech-faq.com/troubleshooting-group-policy.html

Dan
0
 

Author Comment

by:lotusmail1
ID: 40493885
Thanks for your advise. It helped a lot.

Lotusmail1
0
 
LVL 32

Assisted Solution

by:Rodney Barnhardt
Rodney Barnhardt earned 1000 total points
ID: 40494265
If you are still having a problem, I would check the FRS logs on each DC to see if you are experiencing any event ID's 13508 or 13568. These indicate JRNL_WRAP_Errors. I had a problem with GPO's randomly not processing correctly a few weeks ago. If you do, here is how to correct it.

Perform the following on one domain controller at a time. Start with the DC that has the JRNL_WRAP_ERROR in the event viewer.
 
Stop the FRS service
 
Click on Start, Run, and type REGEDIT
 
Expand HKEY_LOCAL_MACHINE
Go to the following location:
"System|CurrentControlSet|Services\NtFrs\Parameters\Backup/Restore\Process at Startup"
Double click on the value name "BurFlags"
Change the value to "d2"
 
Restart the FRS service
 
The SYSVOL should be recreated and the data will gradually repopulate. Refresh the event viewer until event ID 13516 appears indicting the rebuild is complete.

Once completed, the system will reset the registry key back. However, as stated above, you have to ensure there are no other replication problems prior to doing this.
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
What to do when Windows Update is not working correctly? What tools can I use to detect the cause of the malfunction problem? What does this numeric error code mean? These and other questions that you have been asking in the past are answered here (…
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question