D
Dman
I'm having an issue with Group Policies and I hope someone can lend some
insight...
Here's the Situation: We have Domain Controllers in various WAN-connected
locations around the world. For this example I'll use DC1 and DC2 as the
names of the Domain Controllers in question.
DC1 is at my location and holds all major FSMO roles (except Infrastructure
Master, which is on another DC outside of this example).
DC2 is in a remote, WAN-connected location. When processing scripts through
GPOs we are seeing a large delay from users in the remote location, but not
my location.
In looking into the Group Policy, we found something unusual. I RDP into
DC2, then goto AD Users and computers. From there I goto the properties on
the local user container and choose the "Group Policy" tab. Now I have a
list of the GPOs which are applied to that OU. If I click (highlight) one of
these GPOs and then hit the "Properties" button there at the bottom, I get
the properties screen. The default tab is "General". At the top of the box
it shows the GPO name in this form:
mypolicyname [dc1.mydomain.com]
Notice that DC1 is there in the brackets, even though I am viewing this on
DC2. AD Users and Computers itself is indeed connected to DC2 as it should
be. So, this is perplexing us and may be a clue as to why scripts are taking
so long - everything seems to be going across the wire to DC1 instead of
using the local DC. Site settings and subnets all seem to be correct. Anyone
know what could cause this?
As a side note, if installed, the GP Management Console doesn't even show
this info at all.
insight...
Here's the Situation: We have Domain Controllers in various WAN-connected
locations around the world. For this example I'll use DC1 and DC2 as the
names of the Domain Controllers in question.
DC1 is at my location and holds all major FSMO roles (except Infrastructure
Master, which is on another DC outside of this example).
DC2 is in a remote, WAN-connected location. When processing scripts through
GPOs we are seeing a large delay from users in the remote location, but not
my location.
In looking into the Group Policy, we found something unusual. I RDP into
DC2, then goto AD Users and computers. From there I goto the properties on
the local user container and choose the "Group Policy" tab. Now I have a
list of the GPOs which are applied to that OU. If I click (highlight) one of
these GPOs and then hit the "Properties" button there at the bottom, I get
the properties screen. The default tab is "General". At the top of the box
it shows the GPO name in this form:
mypolicyname [dc1.mydomain.com]
Notice that DC1 is there in the brackets, even though I am viewing this on
DC2. AD Users and Computers itself is indeed connected to DC2 as it should
be. So, this is perplexing us and may be a clue as to why scripts are taking
so long - everything seems to be going across the wire to DC1 instead of
using the local DC. Site settings and subnets all seem to be correct. Anyone
know what could cause this?
As a side note, if installed, the GP Management Console doesn't even show
this info at all.