|
Posted by Roger Abell [MVP] on May 28, 2007, 11:49 pm
Please log in for more thread options
>I made a mistake and messed up a group policy on our domain. Having
> changed the policy "Impersonate a client after authenication", its
> screwed up the domain controller (i missed off service). It was
> changed very quickly after going through the process of changing the
> RPC service identity, resetting the policy and several reboots. The
> active directory looks rights, but sometimes clients pick up the old
> policy and can't shake it. I just added a new machine to the domain
> and on its second reboot it picked up the rogue policy. I have no idea
> where is can still be picking it up from. its frustrating to say the
> least. I thought it had something to do with cached credentials, but
> it happened on a new machine.
>
> gpupdate /force was run, but on the next reboot it was back. its
> driving me a little crazy :)
>
> We have a single domain with three AD servers.
>
Have you yet verified that replication is happening as expected?
replmon is one tool to use to check this
You probably should also run netdiag and dcdiag at each domain
controller to establish a baseline of AD health before going too
far down the road of researching/resolving this specific issue.
| 
XML Sitemap