Re: [Samba] Group Policy Issues
- Date: Mon, 11 Dec 2017 08:13:27 -0500
- From: lingpanda101 via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] Group Policy Issues
On 12/8/2017 9:39 PM, Anantha Raghava via samba wrote:
Hello James,
Thanks for your suggestion.
When we had two servers in the pool, we were pushing GPO using rsync
from PDC at every 30 minutes. However when we added the two more
domain controllers, our rsync script turned to be a pull from PDC
every 30 minutes. Would this have made those policy objects inconsistent?
We have set up sysvol replication using rsync unidirectional that is a
push from pdc.*******.com to dc1.*******.com every 30 minutes. However
on the dc2.*******.com and dc3.********.com the cronjob executes on
dc2.*******.com and dc3.*********.com every 30 minutes and pulls the
contents of sysvol. cron job is working properly on all servers.
Surprising part is, in a specific network the client PCs fail to read
and apply GPO. Whereas in other network, we find it is working
properly. Command "gpresult /r" on client shows Group Policy applied
from "pdc.******.com" whereas the logon sever remains either dc1 or
dc2 or dc3 or pdc. The same pdc.********.com throws error in a
specific network. This makes us think whether it is a network issue.
One more important observation is if we stop samba-ad-dc on either dc2
or dc3 (two more domain controllers) even the specific network segment
that is giving problem also works properly. This gives makes us to
suspect the "GPO Pull" is making GPO inconsistent with PDC. Probably
we have to push the GPO to all additional domain controllers from
pdc.*********.com using rsync?
In fact, we have even tested, "software push" to clients using GPO,
startup scripts etc., and every thing was working properly till
inclusion of dc2 and dc3.
Your suggestions are welcome.
Anatha,
You shouldn't be pushing the sysvol replication but rather pulling
them from for your DC you have chosen to make all GPO changes. from. Did
you follow the wiki here?
https://wiki.samba.org/index.php/Rsync_based_SysVol_replication_workaround
I would also reduce your replication time to 5 minutes as per the wiki.
You are also using terms such as PDC and DC it appears interchangeably.
I'm assuming you have a pure DC environment and not a PDC.
--
--
James
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba