GPO's applied from wrong server?

R

RH

When I run gpresult on a workstation I have my GPO
applying from a server we have planned to remove from the
domain. I thought I had moved all of the FSMO's to the new
DC. What am I missing?

RH
 
S

Steven L Umbach

Assuming everything is configured correctly in the domain - particularly dns, your
computers will receive Group Policy from another domain controller after that dc is
removed from the domain. To test it out you could temporarily shut down that dc, make
a Group Policy change on another domain dc, run secedit /refreshpolicy machine_policy
/enforce [or user_policy if appropriate], and then reboot that workstation and run
gpresult on it to see if new policy applies. Running netdiag [part of the free
support tools] on that workstation while logged on as a domain administrator should
show all the domain controllers in the domain in the dclist test. -- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;321708
 
D

Darren Mar-Elia

GPOs get applied from whatever DC the workstation has found through the
normal DC locator process. That may or may not be a FSMO role-holder. Its
only GP editing that relies on looking for the PDC role-holder first. So if
you remove that DC, the workstation should find another one just fine.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Server no longer applies GPO's? 3
Clients failing to apply Group Policy from 1 Particular DC 2
GPO settings are not applied 2
GPO's are not affecting Users in the OU. 2
HELP! No GPO in effect, but restrictions still apply 4
Site Linked GP not applied 1
gPO won't take effect 2
No user configuration settings applied 5

Top