I am having sparatic problems with Active Directory, in particular the Group Policies. I have a couple of policies (folder redirection, drive mapping) that just will not get to the users/computers in question. If I do a Group Policy Modeling it says the computer applied the policies in question, but when I do a GPRESULT /R its not listed, not even in Denied section. I have other policies that map folders and drives and they are working no problem. Here is what I did to diagnose so far:
Checked security ACL on the affected users home folder locations, all good (tested manual mapping the folder and accessing it with the user credentials not issues)
Reapplied Permissions to the affected users in questions, no effect
Deleted and Recreated the Group Policies in question, no change
Checked Group Policy OU for security delegation issues, none found
Checked Event Log on Server/Workstations found these event:
The Group Policy Client Side Extension Folder Redirection was unable to apply one or more settings because the changes must be processed before system startup or user logon. The system will wait for Group Policy processing to finish completely before the next startup or logon for this user, and this may result in slow startup and boot performance.
On some computer accounts -----> The session setup from the computer HS-RM146-34 failed to authenticate. The name(s) of the account(s) referenced in the security database is HS-RM146-34$. The following error occurred:
Access is denied.
I did find this on the the DCs :
]This is the replication status for the following directory partition on this directory server.
This directory server has not received replication information from a number of directory servers within the configured latency interval.
Latency Interval (Hours):
Number of directory servers in all sites:
Number of directory servers in this site:
The latency interval can be modified with the following registry key.
HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Replicator latency error interval (hours)
To identify the directory servers by name, use the dcdiag.exe tool.
You can also use the support tool repadmin.exe to display the replication latencies of the directory servers. The command is "repadmin /showvector /latency <partition-dn>".
During the previous 24 hour period, some clients attempted to perform LDAP binds that were either:
(1) A SASL (Negotiate, Kerberos, NTLM, or Digest) LDAP bind that did not request signing (integrity validation), or
(2) A LDAP simple bind that was performed on a cleartext (non-SSL/TLS-encrypted) connection
This directory server is not currently configured to reject such binds. The security of this directory server can be significantly enhanced by configuring the server to reject such binds. For more details and information on how to make this configuration change to the server, please see http://go.microsoft.com/fwlink/?LinkID=87923.
Summary information on the number of these binds received within the past 24 hours is below.
You can enable additional logging to log an event each time a client makes such a bind, including information on which client made the bind. To do so, please raise the setting for the "LDAP Interface Events" event logging category to level 2 or higher.
Number of simple binds performed without SSL/TLS: 0
Number of Negotiate/Kerberos/NTLM/Digest binds performed without signing: 3902
Following is the summary of warnings and errors encountered by File Replication Service while polling the Domain Controller PR-DC01.prsdnj.org for FRS replica set configuration information.
The nTDSConnection object cn=986cb6b1-98dd-4e0f-a8f3-fcc735f37d7b,cn=ntds settings,cn=pr-dc01,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=prsdnj,dc=org is conflicting with cn=9a21485c-2617-48bc-9edc-627e9b92d57b,cn=ntds settings,cn=pr-dc01,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=prsdnj,dc=org. Using cn=986cb6b1-98dd-4e0f-a8f3-fcc735f37d7b,cn=ntds settings,cn=pr-dc01,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=prsdnj,dc=org
Any help would be greatly appreciated!