Windows 2003 GPO issue 1

[markcsand]

I am creating a new domain and adding 3 active directory servers. 2 servers are in one office and the other one is in a different office. I created an OU with a GPO and added a user to this OU. When I log in as this user in one office the GPO kicks in but when I log in as the same user in the other office the GPO does not kick in. It also authenticates to the server in the other office. Any ideas about what is happening?

 

[De1l]

Is there a bandwidth difference between the 2 sites? Could it be that slow link detection is preventing the GPO being applied?

 

[Roadki11]

Did you configure Sites and Services and subnets in AD?

 

[markcsand]

What needs to be configured in AD sites and services?

 

[Roadki11]

Well since you have 2 sites you should create a 2nd site and put the server for that site in that site container. Then you should setup subnets for the 2 sites that associate the local subnet for that site to that sites server. This will make the local clients authenticate to the local server and since all AD servers have copies of GP's that would rule out slow links like Del! suggested.

RoadKi11

 

[markcsand]

Roadki11, thanks for the info. After creating the site it began authenticating to the correct server and the GPO applied correctly. If you have any other tips for creating a 2003 domain I would appreciate it.

 

[Roadki11]

Only thing i might add at the moment is you should make the AD at the 2nd site an additional Global Catalog Server for your domain. I would also setup a second dns server on one of the other AD servers also. This will provide redundency in the event the primary AD server goes down for what ever reason, your users will still be able to logon to the domain.

RoadKi11

 

[markcsand]

Thanks for the advice. I have added another dns server as well as made the servers in both sites the global catelog server. I really appreciate the help.