What's new
By:
Filters
ClioSport.net

Register a free account today to become a member!
Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

  • When you purchase through links on our site, we may earn an affiliate commission. Read more here.

Experts Exchange - Group Policy Setup



RSi Dave

RSi Dave

Anyone a member?

If so can they post the solutions to this question?

http://www.experts-exchange.com/Networking/Misc/Q_21741305.html

Alternatively if anyone can help with my issue...

Basically i have set up a new domain controller, DNS and DHCP. Everything seems fine, i have run the DCDIAG and NETDIAG and everything passes.

I try to set some group policy stuff up and it works fine on the domain however on a client machine it doesnt. The client machine i think is on the domain as it is listed in the Active Directory etc...

Problem is non of the policies are applied, i have run gpresult /v on both client and domain and the differences are:

client user is apparently not a member of any security groups even the admin user
client user doesnt have any CN / DC / OU information (see above link)

I really dont understand why :dapprove:
 
M

McBunny

It is listing your user account in Distinguished Name format (LDAP).

It just says that Randy Given is a user account in an OU named EDD_test accounts, under another OU named EDD, in the corp.SomeCompany.com domain.


Accepted Solution



02.17.2006 at 12:06PM PST, ID: 15984025
GivenRandy:
My question is: what if that line is missing entirely? (I meant to say "However, ONE of my....").
 
David

David

  BMW e46 320 Ci Sport
gpupdate /force ??

so are you saying you join it to the domain and yet the policies aren't getting applied? are you using group polocy mangement console or are you doing it via AD? also is it server 08 /03?
 
RSi Dave

RSi Dave

Thanks for the experts exchange reply.

Regarding the LDAP, listing it where?

Unable to gpudpate /force however secedit /policyrefresh doesnt work. Domain is on a Server 2000 and client is Windows 2000.

I am setting the group policy via the AD.

I only have 1 OU and as i said i am logging in as the Domain Administrator and still no policy being applied.

Checked the event viewer, nothing on the Domain however on the client i get the following at login time:

Source: userenv
EventID: 1000
Description: Windows cannot determin the user or computer name. Return Value (1722).

Just going to check eventid.net now regarding this, might be to do with the DNS even though DCDIAG and NETDIAG show as passed on everything. Also when promoting to the DC i didnt get any errors regarding DNS.
 
RSi Dave

RSi Dave

Produce a log as above and refreshed policy. Log shows the same error (1722) as the event viewer and claims the policy has been set but it also says it cannot get username.

Also ran nslookup from client and it couldnt resolve the default server so i am assuming there might be a DNS issue on the reverse lookup zone?
 
RSi Dave

RSi Dave

Just done that and still nothing... i added the DNS to the TCP/IP properties and nslookup found the correct server. GPResult /v showed the correct CN / DC / OU information however it still doesnt apply the domain policy.
 
cava83

cava83

  Rav4
Dave please post intructions for the proposed solution just incase someone has the same issue.

Search tool in this website is well handy.
 
M

McBunny

oh i agree but posting a solution is hard without going through setting up a dhcp server properly

what i mean is the guide would have to cover all the steps in setting up a dhcp server
 
matt|H

matt|H

  133, 182, Kangoo 182
FYI, Due to Google policy Experts Exchange have been forced to show all content (against their policy to show info for search engines then hide it for everyone else).

Scroll down to the bottom of the page (under the big section of links) and voila, you have the answers without having to pay and log in. :)
 
Mike_182

Mike_182

  Better than yours. C*nt.
If you don't set up DNS you can't resolve the Sysvol share to the nearest DC so you won't get policy, however you may still be able to log in due to cached credentials, or if the ldap pointers are correct...
 
cava83

cava83

  Rav4
I always use cached mode on them.

matt|H said:
FYI, Due to Google policy Experts Exchange have been forced to show all content (against their policy to show info for search engines then hide it for everyone else).

Scroll down to the bottom of the page (under the big section of links) and voila, you have the answers without having to pay and log in. :)
Click to expand...
 
RSi Dave

RSi Dave

McBunny said:
RSi Dave said:
I think i have it, i didnt have a DNS server setup record in the DHCP server
Click to expand...

bit of a beginners mistake lol :rasp:
Click to expand...

Well yeah, tbh its the first time i have created a domain. Already had to reformat a few times as i wasnt entering the dns suffix in the computer name so after running dcpromo it wouldnt boot.

Still you live and learn.

Thanks for everyones help :star:
 
You must log in or register to reply here.

Similar threads

Jack!
Sysadmin/AD/GPO experts, a question...
Replies
3
Views
655
rctempire
rctempire
BIFCAIDS
Cadwell Park 27th August
Replies
12
Views
2K
Greeny.
Greeny.
DeeKay86
My Comprehensive Notes from todays Apple WWDC Keynote!
Replies
25
Views
3K
Ay Ay Ron
Ay Ay Ron
JackT2000
Clio 172 Flame Red Phase 2
2 3
Replies
81
Views
11K
gudger12345
gudger12345
S
Fuel Injector stuck on Trophy
Replies
18
Views
2K
S Marsh
S


Top