To check the status of each GPO on each domain controller, use the Group Policy Verification Tool as explained earlier in this paper.
If the Group Policy container is not synchronized, use Active Directory Replication Monitor (as explained earlier) to force synchronization.
If the Group Policy template is not synchronized, troubleshoot file replication by placing a file in SYSVOL.
If an SDOU is linked to a GPO in another domain, access to the GPO is via a trust.
If the trust fails, access to the GPO fails, and so does Group Policy processing in its entirety. Prevent this scenario by having multiple domain controllers per domain, or by creating explicit trusts.
|
