I'm having a bizarre problem in a Windows 2000 server environment, and I'm looking for someone to help me bounce some ideas around. Anyone out there know much about Active Directory and GPOs?

whats the problem?

Alright,

The problem, in short, is client machines not refreshing GPOs.

Here's what I know:

Domain authentication is working
GPO refresh settings are synchronous on logon and startup
DNS is working
As far as I know, Active Directory Integrated Zone in DNS is working.
No error messages are being generated.
Group membership is working.

Any thoughts?

Uziel wrote:Alright,

The problem, in short, is client machines not refreshing GPOs.

Here's what I know:

Domain authentication is working
GPO refresh settings are synchronous on logon and startup
DNS is working
As far as I know, Active Directory Integrated Zone in DNS is working.
No error messages are being generated.
Group membership is working.

Any thoughts?

that is wierd.

so it is authenticating fine,
they become a part of the domain,

but to become part of the domain the clients have to be receiving the GPO. (the DNS name is the top level of the forest)

What kind of domain model? if you have more than one domain to they all trust each other?

What sort of auth. protocol are you using? Kerebros?

you also might want to check to make sure that there are not any LGPOs on the clients that might conflict with the GPO.

Clients don't have to recieve the GPO to authenticate, only a copy of the SAM.

I just did fresh installations, so there are no LGPOs.

Kerebos is the auth. protocol.

The domain is ridiculously small, no trust issues.

I'll verify the GPOs when I get into work tomorrow. If nothing else, I'll reboot and kick the Domain Controller.

I fixed the problem. Just as a FYI, the client machines were only pulling local GPOs, and only authenticating through Netbios. The problem resided in DNS.

Thus, I had to ensure that I had an Active Directory Integrated Zone, set for dynamic updates, with an associated SRV record pointing to a domian controller.