Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

OU Policy Not Propagating for User

Status
Not open for further replies.
TechMerlin

TechMerlin

MIS
Mar 8, 2004
89
CA
Good Day all,

Having some issues when users from a trusted 2000 domain are logging into a TS in a 2003 domain and their OU policies are not being applied. The users are part of an OU on the 2003 domain which should apply such items as a locked down start menu and desktop, but when they log in they are not getting this applied.

The settings are being applied to users of the local 2003 domain fine, just users from the 2000 domain that are not getting the settings.

thoughts?

Mark Morton, MCSA, MCP, SNA, CCA, CCE
 
Sort by date Sort by votes
I'm slightly confused ... you have 2 domains - say WIN2000.local and WIN2003.local. Users from WIN2000.local RDP to a 2003 server which is part of the WIN2003.local domain, but their accounts only exist in the WIN2000.local domain?

>> Having some issues when users from a trusted 2000 domain are logging into a TS in a 2003 domain and their OU policies are not being applied. The users are part of an OU on the 2003 domain

If they are in the 2000 domain, how are their accounts in an OU in the 2003 domain?!?!?!

As far as I know, group policies do not cross domains - but I could be wrong on that. Try logging onto the server as one of the users and run gpresult in verbose mode (/v) or super verbose mode (/z). You might want to re-direct the output to a file so you can search it as there may be quiet alot. This will tell you what policies are being applied etc.

Irish Poetry - Karen O'Connor
Get your Irish Poetry Published
Garten und Landschaftsbau
 
Upvote 0 Downvote
I think Martin's about nailed it on the head. Normal domain policies on DomB wont apply to DomA users, unless specific terminal services policies are applied, or the users are logging on remotely with DomB accounts.

Hope this Helps.

Neil J Cotton
njc Information Systems
Systems Consultant
 
Upvote 0 Downvote
Thanks all,

The problem here turned out to be the Loopback policy setting. the setup works fine once you setup the loopback on the local domain to replace/merge correctly according to what policies you wish to take precedence

Thanks


Mark Morton, MCSA, MCP, SNA, CCA, CCE
 
Upvote 0 Downvote
Correct,

if you create a container for the server and apply the policies to that, then you can restrict the certain groups from allowing the policy to apply to them.

Mark Morton, MCSA, MCP, SNA, CCA, CCE
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Abdullah Al Maruf
  • Locked
  • Question
Telnet help for
Replies
2
Views
768
gbaughma
gbaughma
microsGuy16
  • Locked
  • Question
Can not copy files to Mapped drive
Replies
0
Views
678
microsGuy16
microsGuy16
DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
778
DrB0b
DrB0b
penguinroundup
  • Locked
  • Question
programmatically delete all saved passwords for IE for any user
Replies
0
Views
307
penguinroundup
penguinroundup
dpellegrini
  • Locked
  • Question
Website will load using hostname but not IP address
Replies
3
Views
1K
mangentle
mangentle

Part and Inventory Search

Sponsor

Back
Top