Solved

New Group Policy's are not showing up under the domain share

Posted on 2015-01-06
6
187 Views
Last Modified: 2015-01-06
When I browse to \\domain.local\\SYSVOL\domain.local\Policies from certain workstations, I only see 14 policies when there should be 15. If I browse using the server name instead of the domain name, I can see all 15 policies. However, the Group Policies have to be visible from the domain share in order for them to be applied. The policy that is missing is one that I just created yesterday so it appears that I'm only seeing the old policies and not the new one. Where should I start looking?

This is Windows Server 2008 R2.
0
Comment
Question by:fkoyer
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 79

Accepted Solution

by:
arnold earned 500 total points
ID: 40534451
If the GPO is not showing up in sysvol this often means there is n error in the GPO or security settings on the share check the GPO in GPMC to see whether the AD and sysvol have same number which is an indicator when they differ that there is something wrong in the GPO preventing it from being updated/written out.

After reading, through your issue is that when using the domain share you are looking at a cached instance. Do you have multiple Dcs?
0
 
LVL 1

Author Comment

by:fkoyer
ID: 40534463
We do have a Windows 2003 Server at another site that is also a domain controller just as a backup. But the 2008 R2 server is the "main" server. The workstations are at the same site as the 2008 R2 server.

Can you elaborate on this? "check the GPO in GPMC to see whether the AD and sysvol have same number". I can check the GPO in GPMC but what am I looking for?

Thanks
0
 
LVL 1

Author Comment

by:fkoyer
ID: 40534577
I think the problem may be that the 2008 R2 and the 2003 FRS replication is not working. I am seeing this in the FRS event log

The File Replication Service is having trouble enabling replication from SERVER to CC-TS01 for c:\windows\sysvol\domain using the DNS name SERVER.domain.local. FRS will keep retrying.
 Following are some of the reasons you would see this warning.
 
 [1] FRS can not correctly resolve the DNS name SERVER.domain.local from this computer.
 [2] FRS is not running on SERVER.domain.local.
 [3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers.
 
I've made sure FRS is running on both servers. We did recently change our IP subnet at both sites so both servers were assigned a new IP address. But DNS is displaying the correct IP and I can ping from one server to the other. I'm thinking it's related to the IP address change but not sure how to fix it.
0
[Live Webinar] The Cloud Skills Gap

As Cloud technologies come of age, business leaders grapple with the impact it has on their team's skills and the gap associated with the use of a cloud platform.

Join experts from 451 Research and Concerto Cloud Services on July 27th where we will examine fact and fiction.

 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40534666
You will need to start by running the below commands to gather info...
repadmin /replsum
repadmin /showrepls
dcdiag /v

If all else fails you may need to perform an authoritative restore from the PDC FSMO holder. Then ensure that Sysvol is replicating properly.

Also see the below link for rebuilding Sysvol and Netlogon Shares
Rebuilding Sysvol and Netlogon Shares

Will.
0
 
LVL 79

Expert Comment

by:arnold
ID: 40534700
If you look within gpmc, highlite the GPO in question, the detail tab (second tab in the right pane where it says wher it displays the type of policy I.e. There is a computer GPO ad sysvol version and a user ad sysvol versions reflected by a count.

In your situation, the clients should only be accessing local site Dc, but it looks they are also reaching out to the remote.
0
 
LVL 1

Author Comment

by:fkoyer
ID: 40534784
I got it working finally. The workstations were picking up the sysvol folder from the remote site for some reason. Possibly because when I changed the IP addresses I forgot to change the subnets in AD Sites & Services. Who knows. And secondly, when I changed the DNS server address on the remote server, I typo'ed the address so it broke replication. So I got that fixed and now it's replicating and the machines are able to see all the policies when I browse to \\domain.local.

Thanks for your help!
0

Featured Post

Get HTML5 Certified

Want to be a web developer? You'll need to know HTML. Prepare for HTML5 certification by enrolling in July's Course of the Month! It's free for Premium Members, Team Accounts, and Qualified Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question