none
"Get-Gpo -all" lists different numbers of GPo on DC01 and DC02

    Question

  • Got two DCs - DC01 and DC02

    When I run "Get-GPo -all" on DC01, it lists a total of 16 GPOs
    When I run "Get-GPo -all" on DC02, it lists a total of 26 GPOs

    In the policy folder under SYSVOL, I have 29 folders with a GUID name.

    First I had the idea that SYSVOL replication was not working, but my logfiles only complain about Replication service restarted (which I have done manually)

    When running Group Policy Management on DC01, it tells me that DC01 is the baseline domain controller the this domain. It tells me that DC02 has replication in progress and SysVol is listed as inaccessible. Certain GPos with replication in progress complains about SysVol ACLs. Another about SysVol inaccessible. Every single Gpo tells me that DC01 is the baseline domain controller for the domain. I can count a total of 26 Gpo's on DC01

    When running Group Policy Management on DC02, it tells me that DC01 is the baseline domain controller the this domain.  It tells me that DC02 has replication in progress and SysVol is listed as inaccessible. Certain GPos with replication in progress complains about SysVol ACLs. None about SysVol inaccessible. Every single Gpo tells me that DC02 is the baseline domain controller for the domain. I can count a total of 26 Gpo's on DC02

    This is driving me insane. Can someone help me to explain what is going on?

    Thanks !  (-;

    Regards, Lars.


    • Edited by lbonne Saturday, September 10, 2016 11:57 AM Correction
    Saturday, September 10, 2016 11:56 AM

Answers

  • I did what rafaljanaszkiewicz described here:

    https://community.spiceworks.com/topic/930546-replication-group-policy-manager-says-sysvol-inaccessible-but-it-works

    And Group Policy Manager does not complain any longer and get-gpo shows correct number of gpos.

    Got some orphaned folders in the SYSVOL folder though. Can they just be deleted?

    Regards, Lars.

    • Marked as answer by lbonne Saturday, September 10, 2016 8:52 PM
    Saturday, September 10, 2016 8:52 PM
  • Am 10.09.2016 um 22:52 schrieb lbonne:
    > Got some orphaned folders in the SYSVOL folder though. Can they just
    > be deleted?
     
    Yes.
    It is just "file" (GPT). There is no corresponding GP object (GPC) in
    AD/Database. Thats, why it is called orphaned.
     
    Mark
    --
    Mark Heitbrink - MVP Group Policy - Cloud and Datacenter Management
     
    Homepage:  http://www.gruppenrichtlinien.de - deutsch
     
    Sunday, September 11, 2016 8:33 AM

All replies

  • I did what rafaljanaszkiewicz described here:

    https://community.spiceworks.com/topic/930546-replication-group-policy-manager-says-sysvol-inaccessible-but-it-works

    And Group Policy Manager does not complain any longer and get-gpo shows correct number of gpos.

    Got some orphaned folders in the SYSVOL folder though. Can they just be deleted?

    Regards, Lars.

    • Marked as answer by lbonne Saturday, September 10, 2016 8:52 PM
    Saturday, September 10, 2016 8:52 PM
  • Am 10.09.2016 um 22:52 schrieb lbonne:
    > Got some orphaned folders in the SYSVOL folder though. Can they just
    > be deleted?
     
    Yes.
    It is just "file" (GPT). There is no corresponding GP object (GPC) in
    AD/Database. Thats, why it is called orphaned.
     
    Mark
    --
    Mark Heitbrink - MVP Group Policy - Cloud and Datacenter Management
     
    Homepage:  http://www.gruppenrichtlinien.de - deutsch
     
    Sunday, September 11, 2016 8:33 AM