Site 2: I have a small branch with 1 DC and 4 clients.
Site 1: Meanwhile my main branch has 2 DCs and lots of clients.
I made some GP changes on DC-site2, and I was wondering why they weren't applying to the clients at site2.
Well I did a gpresult /r and it showed that both Computer Settings and User Settings were coming from DC-site1.DOMAIN.COM. WHY?
I did echo %logonserver%. Result: DC-site2. Good so far.
I did set log (kind of redundant). Result: DC-site2. Still looking good.
nltest /dsgetsite. Result: site2. Ok, so the client knows it is in the right site.
nltest /dsgetdc:domain.com /Account:client-pc1$. Result: DC: \\DC-site2.DOMAIN.COM. Still good!
What the hell?
I checked Active Directory Sites and Services, and ONLY the DC-site2 server is showed listed in site2.
I checked DNS settings, and in Forward Lookup Zones -> _msdcs.domain.com -> dc -> _sites -> site2 I ONLY see entries for the DC-site2 server.
And yet, gpresult /r on this client still shows it is applying GP from the DC-site1 server. WHY?
This was last night. This morning I checked again and the same machine is getting Computer Settings from DC-site2 but User Settings from DC-site1. WHY?
0 Answers