New user gpo not applying after user moved to new OU

We have folder redirection for users Desktop and Documents folders - working well.

When I move a user to a new OU they should get a new folder redirection gpo. However it is not working.

When we run gpresult /r on the workstation they're still getting the old gpo. Even after a gpupdate /force and a log off/on.

What am we missing.?
matedwardsAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Michael OrtegaSales & Systems EngineerCommented:
You check the event logs on the client? Is the new policy set for all authenticated users and linked to the new GPO or is it scoped to a security group?

MO
T BCommented:
Try removing the client machine from the Domain and adding back again.
matedwardsAuthor Commented:
The only solution we found was to edit the 'Group Policy refresh interval for users' down to a few minutes within

Users Configuration\Administrative Templates\System\Group Policy

Strange that gpupdate /force doesn't work.??

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Your Guide to Achieving IT Business Success

The IT Service Excellence Tool Kit has best practices to keep your clients happy and business booming. Inside, you’ll find everything you need to increase client satisfaction and retention, become more competitive, and increase your overall success.

matedwardsAuthor Commented:
Apologies I hadn't seen your comments before posting our work around.

The error log just gave the usual message the folder redirection gpo will be applied on next log-on - but it never happened!

I had removed the machine and then rejoined it to the domain and that hadn't helped.

reducing the 'refresh interval' down seemed to force the client to accept the new gpo.??!!
Michael OrtegaSales & Systems EngineerCommented:
Is this a single domain/forest and single domain controller environment? If not, what logon server is the client authenticating to? Did that AD server already show the objects in the new OU when you attempted? Perhaps AD replication delay? Maybe none of that's applicable, but thought I would throw it out there.

MO
matedwardsAuthor Commented:
Thanks mgortega.. it appears our earlier fix does not work for another user on the same workstation..!!

It is 1 domain.. There is 1 DC on the site. There is another DC on another site.

On the workstation.. in a cmd window echo %logonserver% shows the local DC as it's logon server. The user was in the OU and then the GPO was linked. Everything looks fine in GPMC and ADU&C. But still not user gpo will apply.?

thanks for your suggestions.
Michael OrtegaSales & Systems EngineerCommented:
Couple quick things:

1. If you have 2 sites/2 AD Servers you need to make sure the 2 sites are defined as separate sites in AD Sites & Services. Once you put AD Server A in Site A and AD Server B in Site B you then need to define subnet A and subnet B. From the properties of the subnets you create make sure you have the appropriate site defined.

2. Link the GPO to the OU in question

3. Move your user objects to the OU in question (actually it doesn't matter if you do steps 2 & 3 in reverse)

4. gpudate /force the client

5. Log off and log back in

6. gpresult /R on the client to see if the GPO is being applied, if not...

7. Restart the client and run another gpresult /R

MO
matedwardsAuthor Commented:
Yep I checked in ADsites&services and there are 2 sites each, with an associated subnet.

In 'site links', there is a default 'site link' between the subnets and their associated sites. Will that mean for AD traffic each way..?
I don't have to make a site link for each direction..??
Michael OrtegaSales & Systems EngineerCommented:
You may want to check the site link to make sure it's set to replicate at an optimal interval, e.g. 15 minutes. You should see a link for each server to the other server. The best way to do unidirectional replication is to create a read-only AD server where appropriate.

MO
matedwardsAuthor Commented:
Although not explaining why 'gpupdate /force' didn't work, it did refresh our user gpo.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.