Clay Foody
asked on
GPO's not appearing in RSOP if they're attached to an OU
Hello, I have a Windows 2008 server that is a domain controller with terminal services. I'm having issues with Group Policy Objects which I know for a fact are working and are in effect, but not appearing in the RSOP report. Here's how it's configured:
I have an OU named Terminal Service Users. Certain users on the domain are in this OU.
If I attach Group Policies to this OU, they go into effect but they don't appear in RSOP if I run the report, even though I'm running it as one of the OU members. For auditing reasons, these GPOs absolutely MUST appear in the RSOP report. When running the report I choose "This Computer" and then "Another User" and choose one of the users in the Terminal Services OU.
If I attach any of these GPO's to the root of the domain, so it applies to the entire domain, the RSOP report then includes the GPOs.
DNS is installed and running properly on the server. Aside from this issue with RSOP I haven't had any other issues with Active Directory on this server.
I have an OU named Terminal Service Users. Certain users on the domain are in this OU.
If I attach Group Policies to this OU, they go into effect but they don't appear in RSOP if I run the report, even though I'm running it as one of the OU members. For auditing reasons, these GPOs absolutely MUST appear in the RSOP report. When running the report I choose "This Computer" and then "Another User" and choose one of the users in the Terminal Services OU.
If I attach any of these GPO's to the root of the domain, so it applies to the entire domain, the RSOP report then includes the GPOs.
DNS is installed and running properly on the server. Aside from this issue with RSOP I haven't had any other issues with Active Directory on this server.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
What happens if you run the RSOP.msc againts the user/computer within Active Directory Users and Computers? This report should produce the correct info.
Another thing maybe these policies are being applied from another parent policy which is why it looks like they are applying but not from the GPO that you are referring to.
Will.
Another thing maybe these policies are being applied from another parent policy which is why it looks like they are applying but not from the GPO that you are referring to.
Will.
ASKER
We figured out what was going on and I can see now what you were trying to do. Settings in the "Computer" section of the group policy will not enforce unless the computer is in the OU, just like the users section if a user is in the OU. Since this all occurs from the domain controller running terminal services, I don't see anyway to get his done other than to enable the "loopback processing" and the delegation settings to avoid issues that would arrive from dragging the server itself into the OU.
ASKER
The problem is when I run RSOP under the same user the GPO and the settings in the GPO don't appear in the RSOP report. I have a 2012 server that's doing the same exact thing, so it's obviously something that I'm doing wrong, I just don't know what it is.