Avatar of matedwards
Flag for United Kingdom of Great Britain and Northern Ireland asked on

New user gpo not applying after user moved to new OU

We have folder redirection for users Desktop and Documents folders - working well.

When I move a user to a new OU they should get a new folder redirection gpo. However it is not working.

When we run gpresult /r on the workstation they're still getting the old gpo. Even after a gpupdate /force and a log off/on.

What am we missing.?
Windows Server 2012Active Directory

Avatar of undefined
Last Comment

8/22/2022 - Mon
Michael Ortega

You check the event logs on the client? Is the new policy set for all authenticated users and linked to the new GPO or is it scoped to a security group?


Try removing the client machine from the Domain and adding back again.

View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.

Apologies I hadn't seen your comments before posting our work around.

The error log just gave the usual message the folder redirection gpo will be applied on next log-on - but it never happened!

I had removed the machine and then rejoined it to the domain and that hadn't helped.

reducing the 'refresh interval' down seemed to force the client to accept the new gpo.??!!
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
Michael Ortega

Is this a single domain/forest and single domain controller environment? If not, what logon server is the client authenticating to? Did that AD server already show the objects in the new OU when you attempted? Perhaps AD replication delay? Maybe none of that's applicable, but thought I would throw it out there.


Thanks mgortega.. it appears our earlier fix does not work for another user on the same workstation..!!

It is 1 domain.. There is 1 DC on the site. There is another DC on another site.

On the workstation.. in a cmd window echo %logonserver% shows the local DC as it's logon server. The user was in the OU and then the GPO was linked. Everything looks fine in GPMC and ADU&C. But still not user gpo will apply.?

thanks for your suggestions.
Michael Ortega

Couple quick things:

1. If you have 2 sites/2 AD Servers you need to make sure the 2 sites are defined as separate sites in AD Sites & Services. Once you put AD Server A in Site A and AD Server B in Site B you then need to define subnet A and subnet B. From the properties of the subnets you create make sure you have the appropriate site defined.

2. Link the GPO to the OU in question

3. Move your user objects to the OU in question (actually it doesn't matter if you do steps 2 & 3 in reverse)

4. gpudate /force the client

5. Log off and log back in

6. gpresult /R on the client to see if the GPO is being applied, if not...

7. Restart the client and run another gpresult /R

Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.

Yep I checked in ADsites&services and there are 2 sites each, with an associated subnet.

In 'site links', there is a default 'site link' between the subnets and their associated sites. Will that mean for AD traffic each way..?
I don't have to make a site link for each direction..??
Michael Ortega

You may want to check the site link to make sure it's set to replicate at an optimal interval, e.g. 15 minutes. You should see a link for each server to the other server. The best way to do unidirectional replication is to create a read-only AD server where appropriate.


Although not explaining why 'gpupdate /force' didn't work, it did refresh our user gpo.
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.