Policys will not apply

[Chris Coates]

I had 2 servers that were in an OU called Lab. They were receiving policies
correctly.
I moved them to an OU called production. There are different computer
policies in this OU.
I waited 15 minutes and rebooted and the policies had not applied.
I then went to a DC, (everything is in the same Win 2000 AD domain and same
site) and ran "secedit /refreshpolicy machine_policy /enforce", waited a few
minutes and tried again and the policies are still not applying.
I confirmed that all DNS settings are correct.
I then went to each of the 2 effected servers and ran gpresult. I found that
now even after several reboots and forcing a policy refresh those 2 servers
are still getting the lab policy and not the production policy.
Next I connected to each DC individually and checked and confirmed that the
replication had occurred and those 2 servers are listed in the production
OU, which they were.

What am I missing?
Thanks

ccoates

 

[Benoit Boudeville [Exchange MVP]]

did you check both SYSVOL replication and AD replication status ?

 

[John]

From the GPresult's output does the DN of the computer show the correct path
of the computer object.
Should look something like this:

COMPUTER SETTINGS

 

[Chris Coates]

John

The DN shows the correct path to the right OU, but below that where it shows
where policies are applied from it shows the policies are coming from the
old OU.
Also I looked in the event log again and there are repeating userenv errors
(Error 1000) that say " Windows cannot determine the user or computer name.
Return value (1317)"
Any ideas?

Thanks
Chris

 

[Chris Coates]

I checked on each DC to make sure that they were all showing the proper
computer in the correct OU.
Is there a better way to check?

 

[John]

This error 1317 = The specified user does not exist.

Try reseting the secure channel using netdom.exe, nltest.exe or simply
dropping it to a workgroup and adding back to the domain.