asked on New user gpo not applying after user moved to new OU
We have folder redirection for users Desktop and Documents folders - working well.
When I move a user to a new OU they should get a new folder redirection gpo. However it is not working.
When we run gpresult /r on the workstation they're still getting the old gpo. Even after a gpupdate /force and a log off/on.
What am we missing.?
When I move a user to a new OU they should get a new folder redirection gpo. However it is not working.
When we run gpresult /r on the workstation they're still getting the old gpo. Even after a gpupdate /force and a log off/on.
What am we missing.?
Windows Server 2012Active Directory
Last Comment
matedwards
Try removing the client machine from the Domain and adding back again.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Apologies I hadn't seen your comments before posting our work around.
The error log just gave the usual message the folder redirection gpo will be applied on next log-on - but it never happened!
I had removed the machine and then rejoined it to the domain and that hadn't helped.
reducing the 'refresh interval' down seemed to force the client to accept the new gpo.??!!
The error log just gave the usual message the folder redirection gpo will be applied on next log-on - but it never happened!
I had removed the machine and then rejoined it to the domain and that hadn't helped.
reducing the 'refresh interval' down seemed to force the client to accept the new gpo.??!!
Is this a single domain/forest and single domain controller environment? If not, what logon server is the client authenticating to? Did that AD server already show the objects in the new OU when you attempted? Perhaps AD replication delay? Maybe none of that's applicable, but thought I would throw it out there.
MO
MO
ASKER
Thanks mgortega.. it appears our earlier fix does not work for another user on the same workstation..!!
It is 1 domain.. There is 1 DC on the site. There is another DC on another site.
On the workstation.. in a cmd window echo %logonserver% shows the local DC as it's logon server. The user was in the OU and then the GPO was linked. Everything looks fine in GPMC and ADU&C. But still not user gpo will apply.?
thanks for your suggestions.
It is 1 domain.. There is 1 DC on the site. There is another DC on another site.
On the workstation.. in a cmd window echo %logonserver% shows the local DC as it's logon server. The user was in the OU and then the GPO was linked. Everything looks fine in GPMC and ADU&C. But still not user gpo will apply.?
thanks for your suggestions.
Couple quick things:
1. If you have 2 sites/2 AD Servers you need to make sure the 2 sites are defined as separate sites in AD Sites & Services. Once you put AD Server A in Site A and AD Server B in Site B you then need to define subnet A and subnet B. From the properties of the subnets you create make sure you have the appropriate site defined.
2. Link the GPO to the OU in question
3. Move your user objects to the OU in question (actually it doesn't matter if you do steps 2 & 3 in reverse)
4. gpudate /force the client
5. Log off and log back in
6. gpresult /R on the client to see if the GPO is being applied, if not...
7. Restart the client and run another gpresult /R
MO
1. If you have 2 sites/2 AD Servers you need to make sure the 2 sites are defined as separate sites in AD Sites & Services. Once you put AD Server A in Site A and AD Server B in Site B you then need to define subnet A and subnet B. From the properties of the subnets you create make sure you have the appropriate site defined.
2. Link the GPO to the OU in question
3. Move your user objects to the OU in question (actually it doesn't matter if you do steps 2 & 3 in reverse)
4. gpudate /force the client
5. Log off and log back in
6. gpresult /R on the client to see if the GPO is being applied, if not...
7. Restart the client and run another gpresult /R
MO
ASKER
Yep I checked in ADsites&services and there are 2 sites each, with an associated subnet.
In 'site links', there is a default 'site link' between the subnets and their associated sites. Will that mean for AD traffic each way..?
I don't have to make a site link for each direction..??
In 'site links', there is a default 'site link' between the subnets and their associated sites. Will that mean for AD traffic each way..?
I don't have to make a site link for each direction..??
You may want to check the site link to make sure it's set to replicate at an optimal interval, e.g. 15 minutes. You should see a link for each server to the other server. The best way to do unidirectional replication is to create a read-only AD server where appropriate.
MO
MO
ASKER
Although not explaining why 'gpupdate /force' didn't work, it did refresh our user gpo.
MO