none
Missing orphaned group policy (GPO) object

    Question

  • Hi,

    Running windows 2003 r2 sp2.

    Group policy modeling is showing as having a denied GPO, listed only by GUID with a link locaton of domain.local/Configuration/Sites/domain which comes up as inaccessaible if link is enabled - I am trying to delete this!

    ASDI Edit is not showing this GUID, nor is it listed under %systemroot%\sysvol\sysvol\domain.local\Policys.

    It is listed in the registy under HKLM\SOFTWARE\Microsoft\Windows\CurentVersion\Group Policy\State\Machine\GPLink-List\1

    with DsPath CN={GUID},CN=Policies,CN=Sytem,DC=domain,DC=local & and SOM CN=Domain,CN=Sites,CN=Configuration,DC=domain,DC=local

    as well as HKLM\SOFTWARE\Microsoft\Windows\CurentVersion\Group Policy\State\S-1-5-21-xxxxxxxxx-xxxxxxxxx-xxxxx

    Have not had the chance to reboot this machine since this erronous item was added / particaplly removed - will reboot in a few days, but not currently possible as production machine.

    Any guidance appreciated!

    Tuesday, May 07, 2013 4:00 PM

Answers

  • First, I wouldn't really rely on GP Modeling for diagnostics purposes... And I would - for sure - check again after rebooting before we dig in deeper.

    If the problem persists, you can use ADSIEdit, connect to the configuration partition, navigate to CM=Domain,CN=Sites,CN=Configuration and clear the gPLink attribute.

    BTW: Is your site really called "domain"? ;-)


    NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
    Wenn meine Antwort hilfreich war, freue ich mich über eine Bewertung! If my answer was helpful, I'm glad about a rating!

    • Marked as answer by Jumphog Thursday, May 09, 2013 7:18 AM
    Tuesday, May 07, 2013 4:57 PM

All replies

  • First, I wouldn't really rely on GP Modeling for diagnostics purposes... And I would - for sure - check again after rebooting before we dig in deeper.

    If the problem persists, you can use ADSIEdit, connect to the configuration partition, navigate to CM=Domain,CN=Sites,CN=Configuration and clear the gPLink attribute.

    BTW: Is your site really called "domain"? ;-)


    NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
    Wenn meine Antwort hilfreich war, freue ich mich über eine Bewertung! If my answer was helpful, I'm glad about a rating!

    • Marked as answer by Jumphog Thursday, May 09, 2013 7:18 AM
    Tuesday, May 07, 2013 4:57 PM
  • Thanks Martin, will do and will post back results; and no, it's not really called domain! :)

    Tuesday, May 07, 2013 11:12 PM
  • Well, after a reboot it's was still showing under GP modelling, and a 'not found' group policy object is listed under Sites / Domain / in group policy management with a matching unique id.

    Went back to ADSIEdit, configration / CN=Configuration,DC=domain,DC=local then CN=Sites, edited CN=domin and cleared gplink.

    - BOOM, problem rectified; many thanks for your help!

    Thursday, May 09, 2013 7:18 AM