AD & Group Policy ?

[shawnfv]

I have a main office with about 25 computers and a domain setup. All computers are members of the domain and group policy is applied to the computers. I have 3 small offices that have about 5 computers each. All of the offices are connected thru VPN tunnels on Symantec Firewall/VPN appliances over T1 lines. Each office has it own subnet as listed below.

Main office 192.168.0.0
sub offices 192.168.1.0
192.168.2.0
192.168.3.0

Only the main office has 2 servers which are DC's. I was able to join the computers from the sub offices to the domain, without a problem, and they can be they are seen in My Network Places. I have the firewalls set up to do DHCP for the sub offices and the DNS server is set as the DC DNS server address also. From the suboffice computers I can ping the x.x.local name of the server. However group policy is not effective on the computers in the sub offices. Is it possible for this to be done without DC's in the suboffices, or am I just SOL. Thanks for any help.

Shawn

 

[GrnEyedLdy]

Just curious, but what container did you set the Group Policy on?

Patty

 

[noeleon]

Check for effective policy settings

 

[shawnfv]

GrnEyedLdy,

I am new at this AD thing, so please excuse me if I don't explain myself clearly. I am using the default domain policy, that I have edited. I have edited and applied it by going into the Active Directory Users and Computers, right-clicking on my domain name x.local, and then going to the group policy tab. All of the options that I've set affext the local users however not the users on the other side of the vpn connection. However there is one other thing. I think there is a DNS problem. When I do nslookup I get the following:

C:\>nslookup
*** Can't find server name for address 192.168.0.3: Non-existent domain
*** Default servers are not available
Default Server: UnKnown
Address: 192.168.0.3

All of the computers point to 192.168.0.3, which is the address of the DNS server, whether assigned by DHCP or set manually. In my DNS settings the server points to itself and in the DNS mmc is the only place that the external DNS servers are listed to resolve external addresses. I can also ping any computer in any office just using the computer name. Thanks for any input, and in if more info is needed just let me know.

Shawn

 

[GrnEyedLdy]

"I have a main office with about 25 computers and a domain setup".

"I have 3 small offices that have about 5 computers each".

Are the computers in the 3 small offices members of the domain?

Just want to make sure I am understanding the initail post

Patty

 

[noeleon]

Check for DNS Server on

Administrative Tools->DNS if the DNS Server 192.168.0.3

 

[shawnfv]

GrnEyedLdy,

Yes the computers in the suboffices are members of the domain. I was able to join the computers to the domain over the vpn tunnels. I even removed one of them from the doamin and then rejoined the domain, just to make sure I wasn't crazy.

noeleon,

Did that and IP address is correct.

Thanks,

Shawn

 

[GrnEyedLdy]

Hmmm....not sure! Better call in the DNS experts! Help!

Patty