I have set up roaming pofiles for 350 students in my school district. Some of the original users had problems with their accounts so they were recreated and when that happen group policy will not apply to these accounts. I used gpresult and the account is using local policies and it says the account is not a member of group. But just setting up a new account should make it a user account I would think. Any help to make these account apply group policy would be great.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Group Policy is applied to some put not all users
- Thread starter mrveeball
- Start date
GlenJohnson
MIS
Did you delete the old account first? Glen A. Johnson
Microsoft Certified Professional
gjohn76351@msn.com
"We will either find a way, or make one".
Hannibal (247-183 B.C.); Carthaginian general.
Microsoft Certified Professional
gjohn76351@msn.com
"We will either find a way, or make one".
Hannibal (247-183 B.C.); Carthaginian general.
- Thread starter
- #3
GlenJohnson
MIS
Try a search in Active Directory and search the entire directory. I've found multiple accounts hiding. Delete the problem childs, and re-create the account. If they are all a member of a group, you can open a dos prompt, and type net group groupname and it will list all the members of the group. (Groups, not group policy's) Glen A. Johnson
Microsoft Certified Professional
gjohn76351@msn.com
"We will either find a way, or make one".
Hannibal (247-183 B.C.); Carthaginian general.
Microsoft Certified Professional
gjohn76351@msn.com
"We will either find a way, or make one".
Hannibal (247-183 B.C.); Carthaginian general.
- Thread starter
- #5
Did a search and only one account is listed for these "problem children" in active directory.
It just does not apply the group policy even thou it is in the proper group (not group policy).
All the students (all 350) have the same group policy so 90% are OK but these newly created ones are the problem. Would the registry save the old accounts and not let the policy apply to the new accounts?
It just does not apply the group policy even thou it is in the proper group (not group policy).
All the students (all 350) have the same group policy so 90% are OK but these newly created ones are the problem. Would the registry save the old accounts and not let the policy apply to the new accounts?
Techojunkie
Technical User
mrveeball
when you delete an account it usually takes the IID (Security Identifier with it). When you create a new account even calling it by the same name as the previous account, won't give it the same SID. In theory there shouldn't be anything obtained in the Regisstry, a Registry hack probably wouldn't hurt though.
Cheers,
Techojunkie (MCP)
when you delete an account it usually takes the IID (Security Identifier with it). When you create a new account even calling it by the same name as the previous account, won't give it the same SID. In theory there shouldn't be anything obtained in the Regisstry, a Registry hack probably wouldn't hurt though.
Cheers,
Techojunkie (MCP)
- Thread starter
- #7
tlcscousin
Technical User
Add the users to the group that has the GPO applied against it.If all the users are part of an OU add the recreated users to that OU. As stated by Techojunkie when you delete a users account and create a new one using the same name, it is not the same account, the new ones get a new SID.You need to add the recreated users to the OU that has the GPO applied against it.
ErikButler
MIS
Make sure the group does not have block policy inheritance. You can also make the policy a no overide policy to force on the unsuspecting souls 
Thanks
Erik Butler
2000 MCSE
erikbutler@centurytel.net
Thanks
Erik Butler
2000 MCSE
erikbutler@centurytel.net
- Thread starter
- #10
I have recreated the account. I have put them in the OU with the GPO applied against it. The group does not have a block policy inheritance. Most of the accounts in the group work but a select few will not inherit the Group policy. This just does not happen in one group but in 4 different groups using the same GPO because the students are listed in groups by year of graduation. All these students with the accounts which do not inherit the group policy are new accounts which were created at a different date then the original 350.
ErikButler
MIS
just a curious question check and see if the same server is authenicating the groups that everything works on and the computers that it does not work on.
you can do this by going the cmd prompt and typing SET
this will show you a list of variables.
Ignore this however if you only have one dc but i am sure that this is not the case. Thanks
Erik Butler
2000 MCSE
erikbutler@centurytel.net
you can do this by going the cmd prompt and typing SET
this will show you a list of variables.
Ignore this however if you only have one dc but i am sure that this is not the case. Thanks
Erik Butler
2000 MCSE
erikbutler@centurytel.net
- Thread starter
- #12
- Status
Similar threads
- Locked
- Question
- Locked
- Question