GPO not working 3

[fitfixer]

Hi,
I work for an education organisation and I recently installed a new Dell Poweredge 1800 server [DC] in one of our Adult Education centres, I did the install here at base before taking it out to the site, I created a lockdown GPO for the classroom OU, but this did not work.
I used the GPresult utility to see what was happening and found that the workstations were looking to our server here at base for their default GPO!!, there is no connection between the 2 sites, how do I get them to look to their local DC server?
Thanks in advance for any suggestions

FrankF
A+,Network+,MCSA

 

[markdmac]

Sounds like you have things set up a little strange there.

OK, so you have 2 sites. No connectivity between them? How about Internet or VPN?

Are they two seperate AD forests then?

How would your client computers even know of the other server if their is no connectivity? were the machines connected to the right domain?

If this is supposed to be one domain/forest then how do you expect replication to take place if there is no connectivity between sites to facilitate that?

Does the local server have DNS running? Are the clients configured to use it for DNS? Are you certain it is configured as a DC?

Run NETDOM on a client computer (available from the Win2K Resource kit tools as a free download from Microsoft) and run this command: NETDOM QUERY DC

That will tell you what DC's your workstations are aware of. Run the same command from your server and compare.

I hope you find this post helpful.

Regards,

Mark

 

[fitfixer]

Hi Mark,
thank you for the reply, the site is just a small building with
about 40 PC's in classrooms plus a few admin machines, they used a P2P LAN before I installed this server, there is no connectivity with our main admin LAN because we dont need it, my brief was to lockdown the machines with a GPO & install a firewall and content filtering solution
when I prepped this server here at the IT base, I put it on the same subnet as the LAN to run Windows update, I also ran DCPromo and created a new Domain to configure AD and DNS with a new forest, this may have interacted with our admin domain here
and caused the problem, I will not be back on the site until next week, I will run NETDOM then
Regards
Frank

FrankF
A+,Network+,MCSA

 

[markdmac]

Sounds good. If it IS a member of the same domain as your main office you may want to rerun DCPROMO using the /forceremoval switch. Then recreate the domain and join the computers to it.

if you decide to go that route let em knwo, I have a script that can automate the joining of the new domain so you don't have to visit all 40 machines.

I hope you find this post helpful.

Regards,

Mark

 

[fitfixer]

the script idea sounds good if I have to recreate the domain, can you send it to me?
regards
Frank

FrankF
A+,Network+,MCSA

 

[markdmac]

Here it is. You need a list of machien names called wslist.txt in the same directory as the vbscript.

'==========================================================================
'
' NAME: NetDomJoinWorkstations
'
' AUTHOR: Mark D. MacLachlan , The Spider's Parlor
' URL: [URL unfurl="true"]http://www.thespidersparlor.com[/URL]
' DATE  : 6/24/2003
'
' COMMENT: Joins computers to a new domain.  Edit domain name, 
' user ID and passwords below.  Uses a workstation list wslist.txt. 
' Modification 7/28/2003 to include Remove command.  Suggest synchronizing old and new server passwords 
'
'==========================================================================

On Error Resume Next

'open the file system object
Set oFSO = CreateObject("Scripting.FileSystemObject")
set WSHShell = wscript.createObject("wscript.shell")
'open the data file
Set oTextStream = oFSO.OpenTextFile("wslist.txt")
'make an array from the data file
RemotePC = Split(oTextStream.ReadAll, vbNewLine)
'close the data file
oTextStream.Close

For Each strWorkstation In RemotePC
'Do something useful with strWorkstation
Call WSHShell.Run("cmd.exe /c NETDOM REMOVE " & strWorkstation &"/Domain:<domain> /UserD:<user> /PasswordD:<password> UserO:<user> /PasswordO:<password> /REBoot:30000")
Wscript.sleep 15000
Call WSHShell.Run("cmd.exe /c NETDOM JOIN " & strWorkstation &"/Domain:<domain> /UserD:<user> /PasswordD:<password> UserO:<user> /PasswordO:<password> /REBoot:0")

Next

I hope you find this post helpful.

Regards,

Mark

 

[tfg13]

Mark,
You are always willing to give out your scripts, so I am always willing to give you a star!!!!

 

[bofhrevenge2]

Absolutely tfg13 and some top notch FAQ's as well.

"Horsey to king bish three

 

[markdmac]

Thanks guys.

I hope you find this post helpful.

Regards,

Mark

 

[fitfixer]

Outstanding!
Thanks for the help

FrankF
A+,Network+,MCSA

 

[markdmac]

One other thing guys, if you want an easy way to make that wslist file, refer to my FAQ faq329-4871. I have a script in there that will generate it for you on the fly.

I hope you find this post helpful.

Regards,

Mark