Guest Sandeep K Posted August 1, 2007 Posted August 1, 2007 History of issue:- All users belonged to the Single(e.g:- S) OU in the Active Directory. This OU(i.e S) had Group Policies assigned against it and a number of Logon scripts were run. All users were located in one location with no problems. A project was raised to separate the users in two different OU ( E.g:- U1 and U2) because of businesses requirment and the in new building was prepared. As a joint exercise, the U1 users and U2 users were separated into 2 newly created OU's (e.g:- S1 and S2). These new OU's ran the same GPO's (with some slight differences, mainly branding) and the same Logon scripts. The U2 staff were moved to new building. At this time, U2 users started experiencing problems inheriting GPO policy changes made at OU level, and as a consequence of a separate Internet problem we identified a problem where as if the users roaming profile was reset on the Server and local workstation, the users was no longer able to process some parts of the GPO's and login scripts. There is no issue with U1 users OU. We have done some testing and have now identified Domain Group memberships that provide data NTFS permissions as the cause of this problem. We have investigated these groups to see if other users experiencing this problem are also members, but it appears not.. The Groups however belong to addition Domain groups which now need investigating. We are able to turn the problem on and off by adding the user to problmatic groups either independently or separately. The problem for the user will only occur when we add the user to the problematic groups and reset the profile on the machine and server, otherwise the cached working settings will remain until some error occurs which forces the profile resets. Please suggest how we can fix the issue.
Recommended Posts