Creating / Editing GPO ... not from the expected DC ?!?

G

Guest

Hi, this is my first post :)

I'm having weird issue with my 2000 AD domain.

here is the topo :

domain adroot with two DCs.
dcroot1 in site1
dcroot2 in site4 (gc .. global catalog server)

domain dom.intra with four DCs
dc1 in site1
dc2 in site2 (gc)
dc3 in site3 (gc)
dc4 in site4 (gc)

I just add dc2 in site4 and everything is fine except for one thing
(that I am aware off :)) )

Here's my problem :

When I connect to the AD Users and Computers Snap-in (I've
double-check that I am really connect to the good DC) to create or
edit a Group Policy (gpo) ... It does not create / edit the GPO
locally in its own SYSVOL folder. Instead it does create it in the
SYSVOL folder of the dc1 in site1. Then it replicates it to other
SYSVOL folder (including the one at dc4).

I've tested that situation with my other DCs with no problem at all.
GPO creating locally then replicating to others, not creating remotely
then replicating.

The weirder thing is that if I connect to remotely to this dc4 with Ad
Users and computers from antoher dc, and create GPO, it still creates
it in the SYSVOL folder of the dc1............

I'm not sure if I am clear. If you need any more informations, please
advice.

I want to thank you all in advance since this is driving me nuts...

David J.
 
M

Mike Aubert

Hi David,

This is normal behavior. In order to reduce the chance that multiple changes
will conflict with one another the Group Policy Editor connects to the PDC
Emulator for the domain by default. The Group Policy tab of Active Directory
Users and Computers also attempts to connect to the domain's PDC Emulator by
default. If a domain controller is unable to connect to the PDC emulator
when attempting to work with GPOs you should receive an error message. The
message asks you to select another DC to use for working with GPOs.

On the Group Policy tab you can see which domain controller you are
connected to under the list of GPOs (just above the New/Add/Edit buttons).
In the Group Policy Editor if you look at the root object in the left tree
you will see the name of the domain controller you are connected to (GPO
Name [DC name} Policy).

You can change the domain controller that is used for working with GPOs by
selecting DC Options on the View Menu of the Group Policy Object Editor (You
will need to close out of the Editor and any Active Directory Users and
Computer Domain/OU property pages for the change to take effect).However,
keep in mind making changes to GPOs on multiple domain controllers can lead
to conflicts.

Mike
 
G

Guest

Thank you very much for your time

I appreciated i
Davi


----- Mike Aubert wrote: ----

Hi David

This is normal behavior. In order to reduce the chance that multiple change
will conflict with one another the Group Policy Editor connects to the PD
Emulator for the domain by default. The Group Policy tab of Active Director
Users and Computers also attempts to connect to the domain's PDC Emulator b
default. If a domain controller is unable to connect to the PDC emulato
when attempting to work with GPOs you should receive an error message. Th
message asks you to select another DC to use for working with GPOs

On the Group Policy tab you can see which domain controller you ar
connected to under the list of GPOs (just above the New/Add/Edit buttons)
In the Group Policy Editor if you look at the root object in the left tre
you will see the name of the domain controller you are connected to (GP
Name [DC name} Policy)

You can change the domain controller that is used for working with GPOs b
selecting DC Options on the View Menu of the Group Policy Object Editor (Yo
will need to close out of the Editor and any Active Directory Users an
Computer Domain/OU property pages for the change to take effect).However
keep in mind making changes to GPOs on multiple domain controllers can lea
to conflicts

Mik
 
M

Mike Aubert

You're welcome! :)



------------------------------------------------------------------
Mike Aubert
MCSE, MCSD, MCDBA
(e-mail address removed)

Note the "news2" in my email address is temporary and may be changed in the
future, remove it to email me at my Permanente address.
This posting is provided "AS IS" with no warranties, and confers no rights.

David J. said:
Thank you very much for your time.

I appreciated it
David


----- Mike Aubert wrote: -----

Hi David,

This is normal behavior. In order to reduce the chance that multiple changes
will conflict with one another the Group Policy Editor connects to the PDC
Emulator for the domain by default. The Group Policy tab of Active Directory
Users and Computers also attempts to connect to the domain's PDC Emulator by
default. If a domain controller is unable to connect to the PDC emulator
when attempting to work with GPOs you should receive an error message. The
message asks you to select another DC to use for working with GPOs.

On the Group Policy tab you can see which domain controller you are
connected to under the list of GPOs (just above the New/Add/Edit buttons).
In the Group Policy Editor if you look at the root object in the left tree
you will see the name of the domain controller you are connected to (GPO
Name [DC name} Policy).

You can change the domain controller that is used for working with GPOs by
selecting DC Options on the View Menu of the Group Policy Object Editor (You
will need to close out of the Editor and any Active Directory Users and
Computer Domain/OU property pages for the change to take effect).However,
keep in mind making changes to GPOs on multiple domain controllers can lead
to conflicts.

Mike




David J. said:
Hi, this is my first post :)
dcroot1 in site1
dcroot2 in site4 (gc .. global catalog server)
dc1 in site1
dc2 in site2 (gc)
dc3 in site3 (gc)
dc4 in site4 (gc) thing
(that I am aware off :)) )
double-check that I am really connect to the good DC) to create or
edit a Group Policy (gpo) ... It does not create / edit the GPO
locally in its own SYSVOL folder. Instead it does create it in the
SYSVOL folder of the dc1 in site1. Then it replicates it to other
SYSVOL folder (including the one at dc4). all.
GPO creating locally then replicating to others, not creating remotely
then replicating. with Ad
Users and computers from antoher dc, and create GPO, it still creates
it in the SYSVOL folder of the dc1............ please
advice.
Click to expand...
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Creating / Editing GPO ... not from the expected DC ?!? 1
What DNS-Records have to be there? 6
Sysvol the DC is getting rebooted, 4
Connection Objects Get Disappearing or Does Not Generate Automatic 2
AD Replication Problem 2
sysvol not replicating to dc in another site 5
AD replication problem - Global Catalog not available 1
creating second DC in new win2k3 AD 1

Top