Hi, Our Domain controller environment is working for over 6 years without a break. It started with Samba Version 4.6.5 and today running 4.18.5. We have only Windows 10 clients across our organisation. Off late, we have observed that GPOs are not getting updated when we change some GPOs and link them to some specific OUs. For example, previously, we had not allowed one specific network path to one particular OU and we controlled it through GPO due to organisation decisions, we had to allow the network path to this OU as well and hence the GPO was modified. Despite running gpupdate / force several times, it is observed that the changed GPO is not getting applied and the network path is still being blocked. We even checked by delinking all GPO for this particular OU and the same old GPOs are getting reapplied. Initially, we thought, there could be a problem in gpupdate /force may not be working properly and did checks using commands like "sfc /scannow" and the result is everything was fine on the PCs. But gpupdate /force continues to apply old policies. We even checked sysvol with samba-tool and everything seems to be fine there as well. We are now unable to figure out where the problem could be. Samba side or Windows client side? Or is it a GPO linking problem? PS: We are using Windows Server 2019 for RSAT and to Edit GPO. -- Thanks & Regards, Anantha Raghava H A DISCLAIMER: This e-mail communication and any attachments may be privileged and confidential to Exzatech Consulting And Services Pvt. Ltd., Bangalore, and are intended only for the use of the recipients named above If you are not the addressee you may not copy, forward, disclose or use any part of it. If you have received this message in error, please delete it and all copies from your system and notify the sender immediately by return e-mail. Internet communications cannot be guaranteed to be timely, secure, error or virus-free. The sender does not accept liability for any errors or omissions. Do not print this e-mail unless required. Save Paper & trees.
What do the logs say? On the client, go to Event Viewer -> Application and Service Logs -> Microsoft -> Windows -> GroupPolicy -> Operational. Also, what about running a Group Policy Report (in CMD, run "gpresult /h report.html") and checking through there to see if the linking is correct, or if there is an error somewhere in the processing? On Thu, Aug 10, 2023 at 8:05?PM Anantha Raghava H A via samba < samba at lists.samba.org> wrote:> Hi, > > Our Domain controller environment is working for over 6 years without a > break. It started with Samba Version 4.6.5 and today running 4.18.5. We > have only Windows 10 clients across our organisation. > > Off late, we have observed that GPOs are not getting updated when we > change some GPOs and link them to some specific OUs. For example, > previously, we had not allowed one specific network path to one > particular OU and we controlled it through GPO due to organisation > decisions, we had to allow the network path to this OU as well and hence > the GPO was modified. > > Despite running gpupdate / force several times, it is observed that the > changed GPO is not getting applied and the network path is still being > blocked. We even checked by delinking all GPO for this particular OU and > the same old GPOs are getting reapplied. > > Initially, we thought, there could be a problem in gpupdate /force may > not be working properly and did checks using commands like "sfc > /scannow" and the result is everything was fine on the PCs. But gpupdate > /force continues to apply old policies. > > We even checked sysvol with samba-tool and everything seems to be fine > there as well. > > We are now unable to figure out where the problem could be. Samba side > or Windows client side? Or is it a GPO linking problem? > > PS: We are using Windows Server 2019 for RSAT and to Edit GPO. > -- > > Thanks & Regards, > > Anantha Raghava H A > > > DISCLAIMER: > This e-mail communication and any attachments may be privileged and > confidential to Exzatech Consulting And Services Pvt. Ltd., Bangalore, > and are intended only for the use of the recipients named above If you > are not the addressee you may not copy, forward, disclose or use any > part of it. If you have received this message in error, please delete it > and all copies from your system and notify the sender immediately by > return e-mail. Internet communications cannot be guaranteed to be > timely, secure, error or virus-free. The sender does not accept > liability for any errors or omissions. > > Do not print this e-mail unless required. Save Paper & trees. > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
On 8/10/23 8:48 PM, Anantha Raghava H A via samba wrote:> Hi, > > Our Domain controller environment is working for over 6 years without > a break. It started with Samba Version 4.6.5 and today running 4.18.5. > We have only Windows 10 clients across our organisation. > > Off late, we have observed that GPOs are not getting updated when we > change some GPOs and link them to some specific OUs. For example, > previously, we had not allowed one specific network path to one > particular OU and we controlled it through GPO due to organisation > decisions, we had to allow the network path to this OU as well and > hence the GPO was modified. > > Despite running gpupdate / force several times, it is observed that > the changed GPO is not getting applied and the network path is still > being blocked. We even checked by delinking all GPO for this > particular OU and the same old GPOs are getting reapplied. > > Initially, we thought, there could be a problem in gpupdate /force may > not be working properly and did checks using commands like "sfc > /scannow" and the result is everything was fine on the PCs. But > gpupdate /force continues to apply old policies. > > We even checked sysvol with samba-tool and everything seems to be fine > there as well. > > We are now unable to figure out where the problem could be. Samba side > or Windows client side? Or is it a GPO linking problem? > > PS: We are using Windows Server 2019 for RSAT and to Edit GPO.I wonder if perhaps you have a DC which isn't replicating the SYSVOL properly? Also, make sure the Version number is getting updated on the GPO on the SYSVOL in the GPT.INI file when you modify a policy. -- David Mulder Labs Software Engineer, Samba SUSE 1221 S Valley Grove Way, Suite 500 Pleasant Grove, UT 84062 (P)+1 385.208.2989 dmulder at suse.com http://www.suse.com