Group Policy not applying

[crnaik]

Friends,

Our network was already running with one domain. Now we have create
another domain within the same LAN and have configured some PCs int
this new domain.

Now the problem is whichever policy we are applying for this new domai
is not getting into affect.

Please show me a way to get it done.

Thanxs a lot

crnai

 

[Mike Aubert]

How do you have DNS configured? If DNS is not properly setup Group
Policy/Active Directory will not work correctly. Also, just so I know, is
the new domain in the same forest as the existing domain?

------------------------------------------------------------------
Mike Aubert
MCSE, MCSD, MCDBA
(e-mail address removed)

Note the "news2" in my email address is temporary and may be changed in the
future, remove it to email me at my Permanente address.
This posting is provided "AS IS" with no warranties, and confers no rights.

 

[crnaik]

Actually DNS is running on the same PC on which first DOMAIN is set. Ca
it create problem ????

Waiting for your reply.

Thanxs a lot.

How do you have DNS configured? If DNS is not properly setu
Group
Policy/Active Directory will not work correctly. Also, just so
know, is
the new domain in the same forest as the existing domain?

crnai

 

[Mike Aubert]

That's fine - you just need to make sure that the domain controller for the
new domain and the clients in the new domain are pointing at the DNS server.
Again, is your new domain in the same forest as your first domain? Or is the
new domain in a new forest?

Open the DNS console on the domain controller for the first domain. Under
forward lookup zones do you see the name of your domain (you may need to go
a few levels down if it's a subdomain). If you can't find a zone that
contains the name of the domain then you will need to create a new zone.

If you have to create a new zone or if there is already an existing zone,
ensure the Allow dynamic updates option is set correctly (right-click the
zone and select properties). Here are the two possibilities:
- If the two domains are in the same forest (or you have a trust
configured), choose the Only secure updates option.
- If the domains are not in the same forest (and there is no trust
configured), choose the Yes option (although note that this option is a
possible security risk - anyone can modify the zone records).


One utility that you can use to troubleshoot DNS records is DNSLint:

http://support.microsoft.com/default.aspx?scid=kb;en-us;321045

The basic command is: dnslint: /ad DC_IP /s DNS_IP
where DC_IP is the IP address of one of the forest's domain controllers
(which in your case will be the domain controller for the new domain) and
DNS_IP is the IP address for the DNS server that is authoritative for the
forest root's _msdcs zone (which in your case will be the DNS server on the
first domain's domain controller)

------------------------------------------------------------------
Mike Aubert
MCSE, MCSD, MCDBA
(e-mail address removed)

Note the "news2" in my email address is temporary and may be changed in the
future, remove it to email me at my Permanente address.
This posting is provided "AS IS" with no warranties, and confers no rights.

Actually DNS is running on the same PC on which first DOMAIN is set. Can
it create problem ????

Waiting for your reply.

Thanxs a lot.

How do you have DNS configured? If DNS is not properly setup
Group
Policy/Active Directory will not work correctly. Also, just so I
know, is
the new domain in the same forest as the existing domain?

crnaik

 

[dgabbard]

Check the client's DNS setting to be sure it is pointing at the new
Domain Controller and that it's IP address is for the subnet that
includes the new network.