Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Frustrated with Group Policy

Status
Not open for further replies.

cranebill

IS-IT--Management
Jan 4, 2002
1,113
US
I am the domain admin although i am new to this but have been trying to get group policies to work... i had them working locally when the workstaitions werent connected to the domain. Now we are implementing domain and i cant get group policy to work for the life of me. I made an OU and put in a user. when i use mmc and try and make a group policy from my workstation ( i am logged into the domain ) i can access the ou etc but it asked me to add objects. I added object which was the user name and it did not apply settings when i attempted this. I run mmc from the server and try to add the group policy add in... i hit browse instead of local computer and i get the following error:

The Domain Controller for Group Policy is not available. You may cancel this operation for this session or retry using one of the following options.

The one with the operations master token for the PDC Emulator.

(This option is grayed out) The one used by the Active Directory Snap-Ins

Use any Available Domain Controller

None of these options work either.

I am running Windows 2000 Advanced Server as a domain controller and XP PROworkstations.....

Can someone please help?

Bill
 
Cranebill,


"when i use mmc and try and make a group policy from my workstation.."

To implement a Domain level GPO, you need to be logged into a Domain Controller, or you can 'connect to the DC' via the Computer Management console of the workstaion.


Patty [ponytails2]
 

Sorry, I must still be asleep!

"or you can 'connect to the DC' via the Computer Management console of the workstaion".

What I meant to say is that you can connect to a DC within the domain for which you are trying to implement a GPO by using Active Directory Users and Computers from another DC, (which could be in another domain in the forest) or from a machine that has has the AD administrative tools added to it.

Patty

 
I see.... i think. I think i may have set this up wrong or something though.

This is a new domain in a new forest. I am logged into the server when i generate the error i explained above though not the workstation. when i log in from the workstation i see the available OU's but cant put Group Policy on it if that makes sense. I can just open it.

Bill
 
cranebill,

"I am logged into the server when i generate the error i explained...

Is the server you are logged into a Domain Controller for your domain or is it simply a Memeber Server (which is a machine running the Server OS that has not been promoted to a Domain Controller)?

If it is not a Domain Controller, you need to install the AdminPak so that Active Directory Users and Computers will be available on the Member Server. From there you can administer domain level GPO's, (if you have the appropriate permissions, of course).


Keepin mind that when you sit at the Member Server and run MMC and then try to add the Group Policy snap in you are adding the LOCAL GROUP POLICY snap in. If you are implementing a Domain Level GPO, you must access the pre-built MMC called Active Directory Users and Computers.

ps The AdminPak can be found on the Windows 2000 installation CD in the i386 folder. Simply double-click the icon to begin the installation.


Hope this helps,

Patty [ponytails2]
 
No its a domain controller... i ran DCPROMO and then double checked to see if this machine was listed as the PDC... which it is.. I have made OU'S and right click on the OU which i want to set GP to .. click properties... set managed by to the Domain Admin(me) and am logged in as myself. I click the group Policy tab and it hesitates and still states it cannot find the Domain Controller for "MyDomain.Com" Frustrating i tell ya lol.. now im bald lol

Bill
 
Check the following path

C:\Winnt\SYSVOL\domain\policies
or
C:\Winnt\SYSVOL\sysvol\'the name of your domain'\polices

Are there policies listed there?


Patty
 
Yes.. there are 3 what i think are group policies in each path you supplied... there are 3 folders listed as a whole bunch of letters numbers enclosed with {}. Is this what is supposed to be there?

oh the second sysvol in your second path is shared.

Bill
 
That is the problem, I had the exact same problem with a clients PDC, months of trying to figure out what was wrong and in the end it was the share, or not shared in this case!

John

 
Actually the solution to this problem was the NIC cards were bound in the wrong order.

Bill
 
Well the explanation is this... and i dont understand it much myself... but the Domain could not find itself ( so to speak) so eventually after 2 days of working on it the last thing we tried was the order in which the NIC's were bound. The Public NIC was first in order... so i switched them and then the DC found itself allowing me to change Group Policies.... sounds weird i know but it worked.

Bill
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top