I've solved the problem, at least temporarily, by changing the domain name back to what it originally was. I found some information at Microsoft that leads me to believe there are some conflicts that come up between the AD and the GP when you make a name change. They have some tools to deal with it, but it looks like they are only usable if your in a 2003-only environment. I'm going to do some more research and see what I can find. I guess the best part about something like this is that it is certainly a learning experience.
Thanks for all the help, I've added a couple of troubleshooting tools to my repertoire at least.
Could be. As per Doug's note, does the path shown in the userenv.log file look right? < \\cmhwm.org\SysVol\cmhwm.org\Policies\{BE30A467-35C2-43BF-84EF-0EE7DA67F51C}\gpt.ini >
What did you rename? The domain or the DC?
------------------------------ *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] *On Behalf Of *Gray Troutman *Sent:* Thursday, August 24, 2006 1:11 PM
*To:* gptalk@xxxxxxxxxxxxx *Subject:* [gptalk] Re: GP not applied
I only have the one DC, could the error be caused by the rename?
On 8/24/06, Darren Mar-Elia <darren@xxxxxxxxxx > wrote: > > Ok. One thing I see in the userenv log is a lot of inconsistency in > GPOs between AD & SYSVOL. Version number mismatches and inability to read > the sysvol portion of a GPO. I am guessing that whatever DCs your user's are > hitting are not replicating correctly. How many DCs do you have? I would run > gpotool.exe (from SUpport Tools ) against your domain's GPOs and see > what errors show up. > > Darren > > ------------------------------ > *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] > *On Behalf Of *Gray Troutman > *Sent:* Thursday, August 24, 2006 12:50 PM > > *To: *gptalk@xxxxxxxxxxxxx > *Subject:* [gptalk] Re: GP not applied > > Okay, here are userenv.log and gpedit.log. I'm looking at them as > well, but please let me know what you see. As I've said before, I'm new to > all this GPO stuff. I was really happy when it was working over here, I'd > just like to know why it's not working now that I've moved the server. > > > > On 8/24/06, Darren Mar-Elia <darren@xxxxxxxxxx> wrote: > > > > You might try enabling verbose userenv logging on one of those > > problem users, and then post the results here. > > > > > > > > ------------------------------ > > *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] > > *On Behalf Of *Gray Troutman > > *Sent:* Thursday, August 24, 2006 12:17 PM > > *To:* gptalk@xxxxxxxxxxxxx > > *Subject:* [gptalk] Re: GP not applied > > > > I had other test users (1-5) and they worked in the lab and are not > > now. Here's a strange one, if I log in as someone who is just a domain > > admin, the GPOs apply correctly. If I log in as a newly created user, > > nothing works. If I make that user a domain admin, nothing works. > > > > On 8/24/06, Darren Mar-Elia <darren@xxxxxxxxxx> wrote: > > > > > > So, are you saying that you had a DC on an isolated subnet and now > > > its on your production network, and a client on that network that is part of > > > that DC's domain is not getting user policy as expected? If so, then make > > > sure that the GPOs you're trying to deliver are linked in such a way that > > > the user test6 will process them. The fact that a domain admin account gets > > > the policies tells me that the policies may not be linked to a place in your > > > AD tree that test6 will get them. > > > > > > Darren > > > > > > ------------------------------ > > > *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] > > > *On Behalf Of *Gray Troutman > > > *Sent:* Thursday, August 24, 2006 11:41 AM > > > *To:* gptalk@xxxxxxxxxxxxx > > > *Subject: *[gptalk] GP not applied > > > > > > > > > Hey folks, > > > Well, I just moved the DC from the lab to the network and it no > > > longer applies the GPOs. I can join the domain and log in with no problem, > > > but the policies are not applied. If I run gpresult, I get "INFO: The user > > > "CMHWM\test6" does not have RSOP data." > > > > > > Two things: One, I changed the domain server name. Two, I get the > > > policies if I log in as a domain admin, but not as a user. > > > > > > Any ideas what I screwed up here? > > > > > > Thanks, > > > Gray > > > > > > > > > > >