The sysvol permissions for one or more GPOs on this domain controller are not in sync with the permissions for the GPOs on the baseline domain

active-directory windows-server-2008-r2 group-policy windows-server-2012-r2 file-replication-services

Update: I managed to fix this by manually applying the sysvol ACL's for the policies at both servers... for some reason I had to add the domain\administrators group as full control for each policy under sysvol\policies and then it synced fine.... everythings working now and I'll look at migrating to DFRS later when we can upgrade the DFL, Cheers

Anyone else seeing this problem - if you only have one or two policies it might be quicker to back up the settings, delete them all out and then add them back in again which would have the same effect.


This occurs when a GPO has changed on the local computer but a replication event has not completed to the other participating Domain Controllers. You can force replication to the other DCs in the Forest "Get-ADDomainController -Filter * | %{repadmin /syncall /edjQSA $_.hostname}" or simply wait for 15-20 minutes and refresh the GPMC. This is by design and will typically resolve itself on the next replication cycle.

Related

Powershell - inconsistent output from the same code
freeradius, rlm_rest : Failed to Authenticate user
Is it possible to determine the mailserver software (MTA) used based on a domain?
How to configure iptables to use apt-get in a server? [closed]
How to manage URL rewrites with a GCP load balancer?
Dell NX3330 installing Windows Server OS? [closed]
A personal project that one improves constantly
Word for "sewing clothing" that isn't gender-specific
Term for Negative Promotion
What's the word for "changing the discussion level/style"?
What do you call someone who is affected by an action, whether positively or negatively?
What is the term for, "Don't make it a thing if it isn't a thing"