none
Cant edit Gpo

    Question

  • Hi ,

            I have 2 Domain controller..both are configured gpo.If  i  create new policy in any one DC (primary) i cant edit that policy in other DC(secondary).I had log in administrator account in DC.i had try cross checking also (policy created in secondry DC )..help me this issue..

    Tuesday, February 28, 2017 10:04 AM

All replies

  • Hi,

    Compare the 2 SYSVOL folders on both the DC's to make sure that they are identical.  Usually that error is due to the SYSVOL folders not being the exactly the same, or permission problems on the SYSVOL folder on the DC that wont let you change the GP's. Typically one of the two above is the problem, Probably permissions on the SYSVOL folder on the DC that wont let you edit the GP's

    Check you replication if everything is good. 

     

    Open a command prompt as admin on both DC's and run 

    repadmin  /replsum *

    repadmin  /showrepl *
    Do you get any failures or unsuccessful replication?

    Check the repadmin /syncall as well?





    Tuesday, February 28, 2017 11:20 AM
  • Hi Nedim,

                 I had ran all the above command i didn't find the any error in both DC..i had check the both sysvol folder permission both are same but DC sysvol folder had two more folder ..

    dc-2 sysvol folder

    Tuesday, February 28, 2017 12:25 PM
  • Hi,

    There is the issue. Sysvol replication is broken. Can you try to run this command and check if it will force replication. This is one liner command

    ntfrsutl forcerepl <sourceservername> /r "domain system volume (sysvol share)" /p <destinationservername>

    sourceservername = primary dc

    destinationservername = problematic dc



    • Edited by Nedim Mehic Tuesday, February 28, 2017 12:56 PM
    Tuesday, February 28, 2017 12:53 PM
  • Hi

       here i had write the above query as per my server .. Is it right ??

    ntfrsutl forcerepl <DC1(primary)> /r "domain system volume (sysvol share)" /p <DC2(secondary)>

    DC2 = DC1

    DC2 = DC2

    Tuesday, February 28, 2017 1:37 PM
  • Hi nedim,

                 I tried to above query but i got "access denied" error. As per your reference i had screenshot.I logged in administrator account..


    • Edited by Murali Rajendran Wednesday, March 1, 2017 8:27 AM forgot add the describition
    Wednesday, March 1, 2017 8:11 AM
  • Hi,

    Regarding to fix the broken sysvol replication, please have a try following the article as below to see if it helps:

    Fixing Broken SYSVOL Replication

    http://windowsitpro.com/windows-server-2012/fixing-broken-sysvol-replication

    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    Best regards,

    Wendy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Friday, March 3, 2017 8:39 AM
    Moderator
  • Hi,

    Just checking in to see if the information provided was helpful. And if the replies as above are helpful, we would appreciate you to mark them as answers, please let us know if you would like further assistance.

    Best Regards,

    Wendy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, March 6, 2017 8:31 AM
    Moderator