Groups policies are not working for new PCs.

August 5, 2011 at 01:49:14
Specs: Windows XP
Hi,
I am new to active directory, and newly joined the organisation, here I found windows 2003 server with active directory.

I've heard of AD and also created a new user in OU.
Also here are some PCs affected with virus, so I've formatted them, but now, I am not able to connect them to Group Policies configured at the domain.
I have configured formatted PCs to login to domain, "SYSTEM PROPERTIES ---> COMPUTER NAME ---> CHANGE ---> selecting MEMBER OF - DOMAIN ---> entered the domain name.
If I try to login new user created by me in old PCs it works fine, but when i tried to login new user to fresh machine formatted by me doesnot work, means the group policy set on the domain is not accepted by this client machine.

Anyone can help me?

Highly appreciated, Thanks in advance.

Regards

Sujeet Kumar


See More: Groups policies are not working for new PCs.

Report •

#1
August 5, 2011 at 08:56:55
You have to go into AD and remove the computers. Then add the newly formatted computers to the domain. Then move them to the OU and the policies will work.

Answers are only as good as the information you provide.
How to properly post a question:
Sorry no tech support via PM's


Report •

#2
August 7, 2011 at 23:43:20
Dear Wanderer,

Thanks for your suggestion, i've tried exactly u said, removed computer from AD, then right click --> new --> computer... provided the computer name, clicked next.. then on the second page i ticked "this is a managed computer" and provided the GUID (obtained by going to a website) or UUID (obtained from CMOS), then finished, still both GUID / UUID didnot worked.

One things i noticed that there are already some computers add, which are working fine, i compared there configuration with newly added computer, there was a difference of "DNS Name" the name of computer which shows in the computer name of client machine after configuring for ad.

There is not DNS name showing under newly added computer. Can you help regarding this?

Thanks in advance.


Report •

#3
August 8, 2011 at 08:20:00
You add a workstation by going to that workstation, logon as administrator and then change from workgroup to domain.

If you don't have your dhcp server updating dns then you need to make static host and prt records in dns for the workstation. Highly recommend you configure dhcp to update dns.

Answers are only as good as the information you provide.
How to properly post a question:
Sorry no tech support via PM's


Report •

Related Solutions

#4
August 9, 2011 at 01:17:26
I add from both ways, at the workstation as well as at AD, now the DNS name is showing there at computer properties in AD, but still no success, only new computers are not joining the AD to acquire the full Group Policies. I dont know where to go.

Report •

#5
August 9, 2011 at 10:21:54
did you move the computers to under the OU containing the policy?

same location as those that work?

Answers are only as good as the information you provide.
How to properly post a question:
Sorry no tech support via PM's


Report •

#6
August 10, 2011 at 02:07:32
Yes, did exactly that, but still no success.

Report •

#7
August 10, 2011 at 22:05:29
Is there any problem if the client machine is windows xp sp2 and the server is windows 2003 without servicepack??

If anything's not going to work, I will just clone the old computers to the new ones, will change their computer names. would be working like this.

Thanks wanderer for your precious help.

Warm Regards

Sujeet Kumar


Report •

#8
August 12, 2011 at 14:17:03
start from the beginning reove the pc from the domain by joining it to a workgroup, then remove network cable, do ipconfig /flushdns, type netsh int ip reset c:\resetlog.txt at cmd prompt, reboot pc,
remove any trace from server, dns, dhcp, and computer account.
when the computer is rebooted connect the network cable, get dhcp ip, join computer to domain, after joining to domain the computer reboots, once this is done go to ADUC and go to computers OU, any new computers to domain go in there, move computer account to your specified OU, if you hav set the Group Policy up correctly this should work, if you have done all the above steps, then its a group policy problem, more likely to be a permission issue.
let me know if you get this far and we can then sort out the permissions

Report •

#9
August 16, 2011 at 03:50:53
There cannot be a permission problem, because when I login the new user account to old configured computers they work fine, also the old user accounts are not working in the newly configured system.

I think, as I am new to this domain level, I must be doing something wrong when I join the computer to the domain, can u please help me step by step configuration, if you can.

Thanks in advance.


Report •

#10
August 16, 2011 at 03:55:27
And also I installed a new windows server 2003 R2 with service pack 2 on a different PC and try to connect with that domain, also no use. got the same problem.

Please help me.

Thanks


Report •

#11
August 16, 2011 at 15:36:20
review this

http://support.microsoft.com/kb/295017

Answers are only as good as the information you provide.
How to properly post a question:
Sorry no tech support via PM's


Report •

#12
August 25, 2011 at 03:01:56
After a lot of research, may be not sufficient for my issue, I noticed that the new computer was a fully working computer and suddenly broken down due to a virus attack, I got it in a crashed state, now i formatted the computer and not able to join to my domain.

May be the possible cause that I do not have complete knowledge of AD, so I am not able to make the freshly formatted machine work as it was working earlier and also there must be old entries of this machine, which should be washed first then i should try to join it to the domain, may be I am wrong here, but I do not know the previous entries like computer name, DNS entries, SID, etc.

Please help me removing its old data trace from the AD.

Thanks


Report •

#13
August 25, 2011 at 03:18:00
I cannot remove/reinstall this domain, I have to make it work with newly formatted machines.

Ohh God!! I never been in these types of issues for so long, nothings helping me.

I have installed windows 2003 server R2 on a PC and tried to make things work. It took second chance to get success but I did it on new domain, but it was just for testing purposes, I cannot format this server just for testing whole user group will be going to kill me.

One more difference I noticed that, when I joined the new computer to newly created domain, the steps as follows:
On AD (testing.com) :-- Created an OU (testou) and a user "Test" under it. policies applied not to show any desktop item to this OU.
On Win XP SP3 :--
System Properties
-> Computer Name
-> Network ID
-> Next three times
-> provided a user name "Test", "Password" & Domain "testing"
-> Next
-> computer name "user1" domain "testing" ->
Next ->
again provided a user name "Test", "Password" & Domain "testing"
-> restarted the machine and login with domain user "Test" and seen the magic, there was no icon on the desktop. After this I also tested to remove all drives from my computer successfully by applying from GP in AD.

But, when I try to connect with above steps, I gets error "access denied" on the last step of Network ID configuration wizard.

Please tell me step by step to join the computer to domain, or if my steps are right above then what is going on with this server, or if I have to rejoin the machine to the domain, how to do that because I don't know the machine's previous entries.

for God sake, Please help me getting this out.

Hearty Thanks


Report •

Ask Question