Managing Active Directory does not always have to be complicated. If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why
Course Of The Month
3 days, 9 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
GPs are reading as inaccessible
Posted on 2016-08-19
Environment is two 2012 DCs at 2008 R2 Forest and domain functional level.
All of my group policies are showing inaccessible. Even new ones I create and scoped to OUs and users.
The two DCs replicate fine. Permissions on the sysvol have not changed. I checked permissions and they are as they should be.
The network has been static for some time now. No new software, new hardware, nothing.
I'm checking even logs now but was hoping for some ideas on where to look.
Thanks
Cliff
PS: name of the policy is showing as GUID, not policy name. I have found numerous posts around the net but none of those fixes worked.
All of my group policies are showing inaccessible. Even new ones I create and scoped to OUs and users.
The two DCs replicate fine. Permissions on the sysvol have not changed. I checked permissions and they are as they should be.
The network has been static for some time now. No new software, new hardware, nothing.
I'm checking even logs now but was hoping for some ideas on where to look.
Thanks
Cliff
PS: name of the policy is showing as GUID, not policy name. I have found numerous posts around the net but none of those fixes worked.
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
2-
2
- +2
7 Comments
What, if any, errors do you receive when you perform a gpupdate /force from a workstation or server?
Active 2 days ago
It reports a successful update.
I am seeing in the log, two things. One is that the network path is inaccessible
and I see network sharing is not turned on and when I turn it on, it goes right back off.
I am seeing in the log, two things. One is that the network path is inaccessible
and I see network sharing is not turned on and when I turn it on, it goes right back off.
Sounds like you have a Journal wrap error.
Check the File Replication Service log on your domain controller(s) and you may need to follow the steps below to restore replication for your group policy objects which are stored on the netlogon volume:
https://support.microsoft.com/en-nz/kb/290762
Check the File Replication Service log on your domain controller(s) and you may need to follow the steps below to restore replication for your group policy objects which are stored on the netlogon volume:
https://support.microsoft.com/en-nz/kb/290762
Please check on GP user might be having read deny permission due to user not able to read GPO name correctly.
Also check on client system policy working fine or not.
Also check on client system policy working fine or not.
It's been how many days you have restarted your domain controllers.
Kindly check for error events in event-viewer- File replication services.
Also run Dcdiag /test:dns & let us know the result.
Kindly check for error events in event-viewer- File replication services.
Also run Dcdiag /test:dns & let us know the result.
Active 2 days ago
That was it. Somehow, the authenticated users group no longer had read permissions on the GPs.
Check the Status of the SYSVOL and Netlogon Shares
1. On the Start menu, point to Administrative Tools, and then click Services.
2. Verify that the DFS Replication service and the Netlogon service have a status of Started. If a service is stopped, click Restart.
3. Open a Command Prompt as an administrator: On the Start menu, right-click Command Prompt, and then click Run as administrator. If the User Account Control dialog box appears, provide Domain Admins credentials, if required, and then click Continue.
4.To verify that the SYSVOL tree includes the sysvol and scripts shared folders, at the command prompt, type the following command, and then press ENTER:
net share
5. Check the list to be sure that it includes %systemroot%\SYSVOL\sysvol
Note:
If neither %systemroot%\SYSVOL\sysvol
6. Verify that the proper permissions are set for SYSVOL replication. At the command prompt, type the following command, and then press ENTER:
dcdiag /test:netlogons
1. On the Start menu, point to Administrative Tools, and then click Services.
2. Verify that the DFS Replication service and the Netlogon service have a status of Started. If a service is stopped, click Restart.
3. Open a Command Prompt as an administrator: On the Start menu, right-click Command Prompt, and then click Run as administrator. If the User Account Control dialog box appears, provide Domain Admins credentials, if required, and then click Continue.
4.To verify that the SYSVOL tree includes the sysvol and scripts shared folders, at the command prompt, type the following command, and then press ENTER:
net share
5. Check the list to be sure that it includes %systemroot%\SYSVOL\sysvol
Note:
If neither %systemroot%\SYSVOL\sysvol
6. Verify that the proper permissions are set for SYSVOL replication. At the command prompt, type the following command, and then press ENTER:
dcdiag /test:netlogons
Featured Post
Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies. Only from Platform Scholar.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Suggested Solutions
| Title | # Comments | Views | Activity |
|---|---|---|---|
| How to apply a registry entry for all Citrix users | 30 | 69 | |
| Restricted Domain Group Policy | 4 | 41 | |
| Receiving error when installing Service Pack 3 on Microsoft Exchange 2010 | 3 | 54 | |
| IF statement on a PowerShell Script | 2 | 32 |
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
In-place Upgrading Dirsync to Azure AD Connect
This Micro Tutorial hows how you can integrate Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease.
The following video show how to bind OSX Mavericks to …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses
Course of the Month3 days, 9 hours left to enroll
751 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.