Quick help on GPO not applying.

yauser

I have set up a test lab with VMware with win2k3 enterpriase and winxp.

I placed the winxp pro in a OU along with a user, and created a GPO policy on the OU. All good and so, can change things and appkly settings to winxp machine no problems.

Now, I was playing with roaming profiles, and must have changed something in the Default Domain Policy (changed the "add the administratrs secuirty group to roaming user profile" to enabled under default domian policy>computer configuration>admin temp>system>user profiles).

Now when I try to log into any user accounts in the OU, the GPO on the OU isnt being applied at all. I have ticked "block policy inheritance" in the OU, and still wont apply, even tried gpupdate on the client mahcine to no avail.

anyone help?

getting grips to the 70-290 exam and just want to get to know he AD more.


cheers in advance.

phil

agustinchernitsky

Hello,

Run gpresult.exe from the wrk station... tell me what it says. How did you configure roaming profiles??

Also when you run gpupdate.exe /force on the wrk station, check event viewer for errors (app log)... tell me if it says something!

yauser

here you go:


C:\WINDOWS\system32>gpupdate.exe /force
Refreshing Policy...

User Policy Refresh has completed.
Computer Policy Refresh has completed.


C:\WINDOWS\system32>gpresult.exe
INFO: The policy object does not exist.

and from event viewer apps:


Windows cannot determine the user or computer name. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.


Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.





hmmm...telling me it doesn't exists.

heres how I created roaming profiles:

1,create a test a/c and make the profile.
2, log on as admin and copy to **domain**\sysvol\scripts\Default User (using cbt nuggests) so that new users will get the new default profile based on the test account profile.
3, on each users in AD, went on profile and pointed it to a shared dir ie. //""domain**/profiles/%username%

4, change the settings in the default domain policy as indicatedin first post.

5, logged onto client and no GPO policy on the client.




phil

yauser

sorted it I think, had to flushdns on each user account, as the computer couldnt fund the dns.

phil

agustinchernitsky

Hello,

Well, the problem is that you have a connectivity problem with your DC or you are not part of the domain... or something that is preventing your wrk station to connect to the DC.

Things to try:

1.- is your wrk station joined to the domain?
2.- can you resolve your domain (ie contoso.com or test.com) form the workstation?
3.- is the machine account for your workstation enabled in your AD?

Do some network troubleshooting... try pinging the server DC... also check that you have a valid IP assigned.

The profile path should be \\server.where.proflie.is\share\%username%

Danman32

DNS configuration is not usually based on user, but rather machine, so it should only have to be done on the machine logged in as a user with sufficient permissions to execute flushdns (which most will).

Be sure your TCP properties on your XP interface has only the IP address of the server running DNS for active directory and no other DNS IP. The DNS server should be forwarding internet name resolution requests on behalf of the workstation if needed. The W2K3 should be pointing to itself exclusively (assuming again it is the DNS server for AD), and not any addresses for internet DNS servers.

After that is fixed, it is a good idea to run Netdiag -fix on the server to be sure the DNS zone for your AD domain is properly populated with the required service records.