none
Group Policy not replicating

    Question

  • I can’t find any event entries that indicate why the policies don’t synchronize so how do I find the problem?

    History: I have a standalone 2003 domain installed by a vendor for their system. I discovered it had a primary DC that had been dead and gone for several years. There are two other 2003 DCs. I followed the instructions I found online for seizing the FSMO roles onto another DC and cleaning up data for the old server. This appeared to work fine. I successfully added two new 2012 DCs to the domain. I added an OU and put a server in the OU to test a group policy. The group policy worked fine. Then I transferred all the FSMO roles to one of the new 2012 DCs. Now when I use Group Policy Management, I can see the policy I created but the settings are gone. If I connect to the 2003 DC I can see the settings. I looked around and I found Windows\SYSVOL\domain-name\policies is not being replicated to any other DCs. Only the DC that seized the roles has current policy information in SYSVOL. I also tested by modifying the two default policies. They also are not replicating. The other old 2003 DC has the policies subdirectory with the two default policies last updated in 2010. The two new 2012 DCs don’t have the policies subdirectory at all. I transferred the FSMO roles back to the 2003 DC but that didn’t fix it.
    Also, I was getting MSDTC event 53258 MS DTC could not correctly process a DC Promotion/Demotion event on the other 2003 server. I found the resolution to that problem and got a successful DC promotion/demotion event on that server but that also didn’t fix the policy problem.

    Tuesday, July 14, 2015 3:38 PM

Answers

  • Hi,

    Based on the description, we can try to do a non-authoritative restore (D2) on the two new server 2012 DCs to see if it helps.

    Regarding how to do non-authoritative restore for FRS replicated Sysvol, the following article can be referred to as guidance.

    Using the BurFlags registry key to reinitialize File Replication Service replica sets

    https://support.microsoft.com/en-us/kb/290762

    Best regards,

    Frank Shen


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by WAAWM Wednesday, July 15, 2015 7:37 PM
    Wednesday, July 15, 2015 5:41 AM
    Moderator

All replies

  • Hi,

    Based on the description, we can try to do a non-authoritative restore (D2) on the two new server 2012 DCs to see if it helps.

    Regarding how to do non-authoritative restore for FRS replicated Sysvol, the following article can be referred to as guidance.

    Using the BurFlags registry key to reinitialize File Replication Service replica sets

    https://support.microsoft.com/en-us/kb/290762

    Best regards,

    Frank Shen


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by WAAWM Wednesday, July 15, 2015 7:37 PM
    Wednesday, July 15, 2015 5:41 AM
    Moderator
  • This pointed me in the right direction to finding several other errors and events. The final resolution was an authoritative restore on the machine that contained the correct information and a non-authoritative restore on the others. Now they all synchronize.

    Thank you.

    Wednesday, July 15, 2015 7:40 PM