Sysvol Permission Issue on single Domain controller

I am having an issue on one of my domain controllers. When I access the Group Policy Management Console to modify any of my login scripts I am getting an error message that I don't have permission to access the file location in the sysvol directory. The account that I am using has domain admin rights. I have attached the error message. We have three domain controllers and this one in question is a brand new DC. Some recent domain changes in recent weeks have been the removal of my last 2003 DC and the raising of the functional level of the domain and forest.
Screen Capture of the error message
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

I've seen a similar problem before where the Sysvol folder either doesn't exist or the permissions are wrong.  The fact that this is not a single Domain Controller makes it much easier to fix.

Does the Sysvol folder exist?  If so, it should be very similar to that folder on the other Domain Controllers.

You could look at the differences and repair them manually.  This link will show you how to recreate it from one of the working DCs:
ISSoFHAAuthor Commented:
Here are a couple more details that I neglected to mention.

1. This happened to a different 2008 DC about two days after I removed the last 2003 server. I removed that DC as well which is why I have added this new DC now the new is experiencing the same issue after working for about a week flawlessly.
Will SzymkowskiSenior Solution ArchitectCommented:
Is your replication work as expected? Try running the following replication commands.

repadmin /replsum
repadmin /showrepl
repadmin /bridgeheads
DCDiag /v


netdom query fsmo

If you have completely removed the DC and re-added this DC you should not have any issues with permissions on Sysvol. There seems to be a more systemic issue.

The 7 Worst Nightmares of a Sysadmin

Fear not! To defend your business’ IT systems we’re going to shine a light on the seven most sinister terrors that haunt sysadmins. That way you can be sure there’s nothing in your stack waiting to go bump in the night.

ISSoFHAAuthor Commented:
Will, I have run the commands and the fail I received was the NCSecDesc test and I know that one is ok if you don't plan on using RODCs in your domain.

Although a side note to whomever reads this make sure you run from an elevated command prompt of you will see a bunch of failures.
Have you run dcdiag /v /e >c:\dcdiag.txt

Any error in the event logs on the DC's?
ISSoFHAAuthor Commented:
I ended up having to call microsoft on the issue.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ISSoFHAAuthor Commented:
Microsoft support ended up assisting me with the issue.
Will SzymkowskiSenior Solution ArchitectCommented:
Cna you please provide what the fix was?

ISSoFHAAuthor Commented:
From what I can tell he set the permissions on the top level of the policy folder and then forced the folder inheritance.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.