AD FSMO and remote DC GPO creation

-

just question ad fsmo , gpo. have 2 dc's fsmo roles in main office. remote offices have dc's gc on them. if have wan problem, able create gpo remote office users ? gpo work remote users if link gpo ou ? or each time create gpo need have connection dc's fsmo roles ? windows 2008r2

if edit group policy in domain changes stored in ad , sysvol , replicated out other dcs in domain.

editing or creation of group policy objects (gpo) done gpo copy found in pdc emulator's sysvol share, unless configured not administrator 

so pdc emultaor plays important role.  can display current server gpmc working against through view - options - general, check middle check box

computers/users in physical site in use subnets have configured in sites , services dclocator , authenticate against local domain controller local them.  assuming domain controller has copy of gpo , replication has occurred shouldn't have problem applying gpo.

the article below 2003 still read. i've pasted of below , linked article well.

group policy replication

in domain contains more 1 domain controller, group policy information takes time propagate, or replicate, 1 domain controller another. low bandwidth network connections between domain controllers slow replication. group policy infrastructure has mechanisms manage these issues.

each gpo stored partly in sysvol on domain controller , partly in active directory. gpmc , group policy object editor present , manage gpo single unit. example, when set permissions on gpo in gpmc, gpmc setting permissions on objects in both active directory , sysvol. not recommended manipulate these separate objects independently outside of gpmc , group policy object editor. shown in following figure, important understand these 2 separate components of gpo rely on different replication mechanisms. file system portion replicated through frs, independently of replication handled active directory. sysvol subfolder (%systemroot%\sysvol\sysvol) shared , replicated. sysvol designed allow multiple domain’s sysvols replicated in same tree — each domain’s sysvol contained under subfolder of sysvol share. current domain, copy of domain’s sysvol subtree stored directly under %systemroot%\sysvol\domain folder.


if answered question, remember “mark answer”.

if found post helpful, please “vote helpful”.

postings provided “as is” no warranties, , confers no rights.



Windows Server  >  Directory Services



Comments

Post a Comment

Popular posts from this blog

WIMMount (HSM) causing cluster storage to go redirected (2012r2 DC)

-
looking options resolve error , prevent in future. thanks help. hardware: 2 node dell hv cluster running2012r2 dc 8 nic/ea in multiplex mode 4x hyper-v 4x hosts storage: 2x synology nas, accessed through iscsi hosts , cluster relevant logs: log name:      microsoft-windows-failoverclustering/diagnostic source:        microsoft-windows-failoverclustering date:          event id:      2050 task category: none level:         warning keywords:       user:          system computer:      l description: [dcm] filter wimmount found @ unsafe altitude 180700 log name:      system source:        microsoft-windows-failoverclustering date:         event id:      5125 task category: cluster shared volume level:         warning keywords:       user:          system computer: description: cluster shared volume 'volume1' ('cluster disk 1') has identified 1 or more active filter drivers on device stack interfere csv operatio
Read more

Failed to delete the test record dcdiag-test-record in zone test.com

-
ps c:\users\administrator.test> dcdiag /test:dns directory server diagnosis performing initial setup:    trying find home server...    home server = dc02    * identified ad forest.    done gathering initial info. doing initial required tests    testing server: default-first-site-name\dc02       starting test: connectivity          ......................... dc02 passed test connectivity doing primary tests    testing server: default-first-site-name\dc02       starting test: dns          dns tests running , not hung. please wait few minutes...          ......................... dc02 passed test dns    running partition tests on : forestdnszones    running partition tests on : domaindnszones    running partition tests on : schema    running partition tests on : configuration    running partition tests on : test    running enterprise tests on : test.com       starting test: dns          test results domain
Read more

Azure MFA with Azure AD and RDS

-
i have setup following lab in azure , need help. a server (domain controller) , remote desktop services. and server multi factor authentication server. i have setup following one http://www.rdsgurus.com/uncategorized/step-by-step-using-windows-server-2012-r2-rd-gateway-with-azure-multifactor-authentication/ and when im connecting got following error. the user "domain\username", on client computer "xxx.xxx.xxx.xxx", did not meet connection authorization policy requirements , therefore not authorized access rd gateway server. authentication method used was: "ntlm" , connection protocol used: "rpc-http". following error occurred: "23003". also on security log i've got following authentication details: connection request policy name: ts gateway authorization policy network policy name: - authentication provider: radius proxy authentication server: test.test.local authentication type: - eap t
Read more