Full GPO replication

Networking/Security Forums -> Exchange 2000 // 2003 // 2007 & Active Directory

Author: evlLocation: Best PostPosted: Mon Apr 26, 2010 11:21 am    Post subject: Full GPO replication
    ----
I get a lot of errors like the following:

Policy {811CF975-2319-4D2C-86E1-FB8DC9FF120E}
Friendly name: Office 2003 Users
Error: Cannot access \\dc01.svz.loc\sysvol\svz.loc\policies\{811CF975-2319-4D2C-86E1-FB8DC9FF120E}, error 53

Policy {74EC90FD-0C1D-479E-9D57-1EF5FD33FA49}
Friendly name: Terminal Server Users
Error: Cannot access \\dc03.svz.loc\sysvol\svz.loc\policies\{74EC90FD-0C1D-479E-9D57-1EF5FD33FA49}, error 53

Policy {1EFFF79A-1643-4F80-BC16-4B7560B8C90B}
Friendly name: SUS Updates Servers
Error: dc01.SVZ.LOC - dc02.svz.loc sysvol mismatch
Error: dc01.svz.loc - dc03.svz.loc sysvol mismatch

I am looking for a command to push GPO replication.
From one domain controller to another domain controller.
Not only the GPO's that changed in the last couple of minutes.
I want a full replication.

I expect a full replication will solve many error messages.

Author: JRBTech PostPosted: Mon Apr 26, 2010 3:55 pm    Post subject:
    ----
What AD are you running? 2000,2003,2008?

You can try REPADMIN /SYNCALL depending on the version you are running. Google the command if you need more details on how it works.

Hope this helps.

Author: evlLocation: Best PostPosted: Mon Apr 26, 2010 4:43 pm    Post subject: Full GPO replication
    ----
We are running a Windows 2003 AD.

I have used repadmin /syncall a number of times.
I normally add /e to the command to sync to all servers in the domain and /P to push updates to other domain controllers.
It solved many AD synchronization problems.

I do not think that repadmin /syncall is also replicating GPO's.
Repadmin /syncall is only synchronizing Active Directory data.

Maybe it is better to change one of the settings, and undo the change, in every GPO that needs to replicate.

Author: JRBTech PostPosted: Mon Apr 26, 2010 5:15 pm    Post subject:
    ----
That might work...

The only other command I can think of that might help is replmon. This would bring up the Replication Monitor so you should be able to see when the GPO is being replicated. It will not force replication, but would allow you to see if replication is occuring at all.

Author: nonsence PostPosted: Thu May 06, 2010 8:51 pm    Post subject: gpo troubleshooting
    ----
repadmin is NOT used to check group policy replication since those files are not part of active directory but rather a folder called sysvol which uses frs for replication, or dfs-r on windows 2008.

use gpupdate and gpotool to troubleshoot the application and versions of gpo objects on the domain.
using gpotool you can see the gui name of the gpo and find that in active directory to make sure the reference for the files are there.

http://support.microsoft.com/kb/315457
here's a kb that shows how to recreate the sysvol share on a windows 2003 box which uses frs. this wouldnt apply if u r using server 2008 with dfsr.

if you are using dfsr then the tool to use is the dfs management console which can give you html reports of replication status or dfsradmin.exe

don't confuse active directory replication with group policy replication, they are 2 different things. activedir just keeps a reference of the group policy objects it does not hold the actual files or templates and scripts in the database. those are stored as normal files in a shared folder called sysvol which gets replicated using a different service and protocol seperate from activedir database.

Author: mickdonald37 PostPosted: Sat May 14, 2011 9:29 am    Post subject:
    ----
It will not force replication, but would appropriate you to see if replication is occuring at all. This would bring up the Replication Monitor so you should be able to see when the GPO is being replicated.



Networking/Security Forums -> Exchange 2000 // 2003 // 2007 & Active Directory


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group