AD / SYSVOL Version Mismatch on Default Domain Policy Announcing the arrival of Valued...
Is 1 ppb equal to 1 μg/kg?
What would be the ideal power source for a cybernetic eye?
How much radiation do nuclear physics experiments expose researchers to nowadays?
Bonus calculation: Am I making a mountain out of a molehill?
Stars Make Stars
Storing hydrofluoric acid before the invention of plastics
How do I keep my slimes from escaping their pens?
Why was the term "discrete" used in discrete logarithm?
WAN encapsulation
What do you call a plan that's an alternative plan in case your initial plan fails?
Is there a way in Ruby to make just any one out of many keyword arguments required?
Did Kevin spill real chili?
What is the musical term for a note that continously plays through a melody?
When is phishing education going too far?
What does the "x" in "x86" represent?
Can Pao de Queijo, and similar foods, be kosher for Passover?
List *all* the tuples!
Is high blood pressure ever a symptom attributable solely to dehydration?
Does accepting a pardon have any bearing on trying that person for the same crime in a sovereign jurisdiction?
Should gear shift center itself while in neutral?
Is there a service that would inform me whenever a new direct route is scheduled from a given airport?
What is the longest distance a 13th-level monk can jump while attacking on the same turn?
What is a Meta algorithm?
Doubts about chords
AD / SYSVOL Version Mismatch on Default Domain Policy
Announcing the arrival of Valued Associate #679: Cesar Manara
Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern)
Come Celebrate our 10 Year Anniversary!Group policy settings not appliedActive Directory Group Policy Question (Password Policy)GPO Computer Settings not updating. Default Domain policy and all User Settings work fineGroup Policy GPO not 'seen' at clientIs it possible to have multiple domain policy for different servers?Group Policy Object not applied to client computerGroup Policy Objects stopped applying to most security groupsGroup Policy not applying on win8.1 machinesComputer GPOs not being applied - SYSVOL issueDomain group policy strangeness
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}
I've created two test VMs in VMWare, both Server 2012 R2 Standard. One was promoted to a DC, with the domain name being test2.local. I modified the DNS record on the other server, and joined it to the test domain. Then I did (from an administrative command prompt) gpupdate /force and the gpresult /H gpresult.html. I looked in the gpresult.html file and saw a warning on the Default Domain Policy. It says: A fast link was detected (not worrying about now) and "AD / SYSVOL Version Mismatch" on Default Domain Policy. Opening up the Default Domain Policy under Applied GPOs shows that the SYSVOL number is 65535.
From what I have been able to gather, this mismatch occurs when there is security filtering and/or WMI filtering in place. I don't think I'm using either one of those, unless they are applied by default.
At this point, I just want a clean base that applies the unchanged Default Domain Policy to a machine without any errors. Then I can keep testing the GPO I'm building without wondering where the errors/warnings are coming from.
active-directory domain domain-controller sysvol
asked Dec 16 '15 at 19:04
CarrotCarrot
18618
bumped to the homepage by Community♦ 7 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
|
show 1 more comment
I've created two test VMs in VMWare, both Server 2012 R2 Standard. One was promoted to a DC, with the domain name being test2.local. I modified the DNS record on the other server, and joined it to the test domain. Then I did (from an administrative command prompt) gpupdate /force and the gpresult /H gpresult.html. I looked in the gpresult.html file and saw a warning on the Default Domain Policy. It says: A fast link was detected (not worrying about now) and "AD / SYSVOL Version Mismatch" on Default Domain Policy. Opening up the Default Domain Policy under Applied GPOs shows that the SYSVOL number is 65535.
From what I have been able to gather, this mismatch occurs when there is security filtering and/or WMI filtering in place. I don't think I'm using either one of those, unless they are applied by default.
At this point, I just want a clean base that applies the unchanged Default Domain Policy to a machine without any errors. Then I can keep testing the GPO I'm building without wondering where the errors/warnings are coming from.
active-directory domain domain-controller sysvol
asked Dec 16 '15 at 19:04
CarrotCarrot
18618
bumped to the homepage by Community♦ 7 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
What does GPMC show for the user and computer versions (n/n)?
– Greg Askew
Dec 16 '15 at 19:13
65535 is always a sign that there was a failure to read the GPO. This could be caused by security filtering or WMI filtering, or read gpLink/gpOptions permissions missing, or replication delays, etc.
– Ryan Ries
Dec 16 '15 at 19:24
@GregAskew User version: 0/0 Computer version: 1/1
– Carrot
Dec 16 '15 at 19:48
@RyanRies That's what I was reading, but I can't seem to find a way to fix it. I didn't do anything other than join the computer to the domain. Is there something special I need to do in order to allow the machine to read the GPO?
– Carrot
Dec 16 '15 at 19:52
Does gpresult /h report the expected information when run on the domain controller?
– Greg Askew
Dec 16 '15 at 20:01
|
show 1 more comment
I've created two test VMs in VMWare, both Server 2012 R2 Standard. One was promoted to a DC, with the domain name being test2.local. I modified the DNS record on the other server, and joined it to the test domain. Then I did (from an administrative command prompt) gpupdate /force and the gpresult /H gpresult.html. I looked in the gpresult.html file and saw a warning on the Default Domain Policy. It says: A fast link was detected (not worrying about now) and "AD / SYSVOL Version Mismatch" on Default Domain Policy. Opening up the Default Domain Policy under Applied GPOs shows that the SYSVOL number is 65535.
From what I have been able to gather, this mismatch occurs when there is security filtering and/or WMI filtering in place. I don't think I'm using either one of those, unless they are applied by default.
At this point, I just want a clean base that applies the unchanged Default Domain Policy to a machine without any errors. Then I can keep testing the GPO I'm building without wondering where the errors/warnings are coming from.
active-directory domain domain-controller sysvol
asked Dec 16 '15 at 19:04
CarrotCarrot
18618
I've created two test VMs in VMWare, both Server 2012 R2 Standard. One was promoted to a DC, with the domain name being test2.local. I modified the DNS record on the other server, and joined it to the test domain. Then I did (from an administrative command prompt) gpupdate /force and the gpresult /H gpresult.html. I looked in the gpresult.html file and saw a warning on the Default Domain Policy. It says: A fast link was detected (not worrying about now) and "AD / SYSVOL Version Mismatch" on Default Domain Policy. Opening up the Default Domain Policy under Applied GPOs shows that the SYSVOL number is 65535.
From what I have been able to gather, this mismatch occurs when there is security filtering and/or WMI filtering in place. I don't think I'm using either one of those, unless they are applied by default.
At this point, I just want a clean base that applies the unchanged Default Domain Policy to a machine without any errors. Then I can keep testing the GPO I'm building without wondering where the errors/warnings are coming from.
active-directory domain domain-controller sysvol
active-directory domain domain-controller sysvol
asked Dec 16 '15 at 19:04
CarrotCarrot
18618
asked Dec 16 '15 at 19:04
CarrotCarrot
18618
asked Dec 16 '15 at 19:04
CarrotCarrot
18618
asked Dec 16 '15 at 19:04
CarrotCarrot
18618
asked Dec 16 '15 at 19:04
CarrotCarrot
18618
18618
bumped to the homepage by Community♦ 7 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
bumped to the homepage by Community♦ 7 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
What does GPMC show for the user and computer versions (n/n)?
– Greg Askew
Dec 16 '15 at 19:13
65535 is always a sign that there was a failure to read the GPO. This could be caused by security filtering or WMI filtering, or read gpLink/gpOptions permissions missing, or replication delays, etc.
– Ryan Ries
Dec 16 '15 at 19:24
@GregAskew User version: 0/0 Computer version: 1/1
– Carrot
Dec 16 '15 at 19:48
@RyanRies That's what I was reading, but I can't seem to find a way to fix it. I didn't do anything other than join the computer to the domain. Is there something special I need to do in order to allow the machine to read the GPO?
– Carrot
Dec 16 '15 at 19:52
Does gpresult /h report the expected information when run on the domain controller?
– Greg Askew
Dec 16 '15 at 20:01
|
show 1 more comment
What does GPMC show for the user and computer versions (n/n)?
– Greg Askew
Dec 16 '15 at 19:13
65535 is always a sign that there was a failure to read the GPO. This could be caused by security filtering or WMI filtering, or read gpLink/gpOptions permissions missing, or replication delays, etc.
– Ryan Ries
Dec 16 '15 at 19:24
@GregAskew User version: 0/0 Computer version: 1/1
– Carrot
Dec 16 '15 at 19:48
@RyanRies That's what I was reading, but I can't seem to find a way to fix it. I didn't do anything other than join the computer to the domain. Is there something special I need to do in order to allow the machine to read the GPO?
– Carrot
Dec 16 '15 at 19:52
Does gpresult /h report the expected information when run on the domain controller?
– Greg Askew
Dec 16 '15 at 20:01
What does GPMC show for the user and computer versions (n/n)?
– Greg Askew
Dec 16 '15 at 19:13
What does GPMC show for the user and computer versions (n/n)?
– Greg Askew
Dec 16 '15 at 19:13
65535 is always a sign that there was a failure to read the GPO. This could be caused by security filtering or WMI filtering, or read gpLink/gpOptions permissions missing, or replication delays, etc.
– Ryan Ries
Dec 16 '15 at 19:24
65535 is always a sign that there was a failure to read the GPO. This could be caused by security filtering or WMI filtering, or read gpLink/gpOptions permissions missing, or replication delays, etc.
– Ryan Ries
Dec 16 '15 at 19:24
@GregAskew User version: 0/0 Computer version: 1/1
– Carrot
Dec 16 '15 at 19:48
@GregAskew User version: 0/0 Computer version: 1/1
– Carrot
Dec 16 '15 at 19:48
@RyanRies That's what I was reading, but I can't seem to find a way to fix it. I didn't do anything other than join the computer to the domain. Is there something special I need to do in order to allow the machine to read the GPO?
– Carrot
Dec 16 '15 at 19:52
@RyanRies That's what I was reading, but I can't seem to find a way to fix it. I didn't do anything other than join the computer to the domain. Is there something special I need to do in order to allow the machine to read the GPO?
– Carrot
Dec 16 '15 at 19:52
Does gpresult /h report the expected information when run on the domain controller?
– Greg Askew
Dec 16 '15 at 20:01
Does gpresult /h report the expected information when run on the domain controller?
– Greg Askew
Dec 16 '15 at 20:01
|
show 1 more comment
1 Answer
1
active
oldest
votes
If you're ok with reverting to the default, you can try running the following on the domain controller:
dcgpofix /ignoreschema /target:Domain
https://technet.microsoft.com/en-us/library/hh875588.aspx
answered Dec 16 '15 at 22:33
Greg AskewGreg Askew
29.1k33768
Still nothing... I'm seeing the version numbers increment in GPMC, but when I run gpresult on the domain controller, it still shows the SYSVOL version as 65535.
– Carrot
Dec 16 '15 at 23:49
Try enabling group policy environment debug logging to see if that reveals anything: social.technet.microsoft.com/wiki/contents/articles/…
– Greg Askew
Dec 17 '15 at 18:24
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "2"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f743518%2fad-sysvol-version-mismatch-on-default-domain-policy%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
If you're ok with reverting to the default, you can try running the following on the domain controller:
dcgpofix /ignoreschema /target:Domain
https://technet.microsoft.com/en-us/library/hh875588.aspx
answered Dec 16 '15 at 22:33
Greg AskewGreg Askew
29.1k33768
Still nothing... I'm seeing the version numbers increment in GPMC, but when I run gpresult on the domain controller, it still shows the SYSVOL version as 65535.
– Carrot
Dec 16 '15 at 23:49
Try enabling group policy environment debug logging to see if that reveals anything: social.technet.microsoft.com/wiki/contents/articles/…
– Greg Askew
Dec 17 '15 at 18:24
add a comment |
If you're ok with reverting to the default, you can try running the following on the domain controller:
dcgpofix /ignoreschema /target:Domain
https://technet.microsoft.com/en-us/library/hh875588.aspx
answered Dec 16 '15 at 22:33
Greg AskewGreg Askew
29.1k33768
Still nothing... I'm seeing the version numbers increment in GPMC, but when I run gpresult on the domain controller, it still shows the SYSVOL version as 65535.
– Carrot
Dec 16 '15 at 23:49
Try enabling group policy environment debug logging to see if that reveals anything: social.technet.microsoft.com/wiki/contents/articles/…
– Greg Askew
Dec 17 '15 at 18:24
add a comment |
If you're ok with reverting to the default, you can try running the following on the domain controller:
dcgpofix /ignoreschema /target:Domain
https://technet.microsoft.com/en-us/library/hh875588.aspx
answered Dec 16 '15 at 22:33
Greg AskewGreg Askew
29.1k33768
If you're ok with reverting to the default, you can try running the following on the domain controller:
dcgpofix /ignoreschema /target:Domain
https://technet.microsoft.com/en-us/library/hh875588.aspx
answered Dec 16 '15 at 22:33
Greg AskewGreg Askew
29.1k33768
answered Dec 16 '15 at 22:33
Greg AskewGreg Askew
29.1k33768
answered Dec 16 '15 at 22:33
Greg AskewGreg Askew
29.1k33768
answered Dec 16 '15 at 22:33
Greg AskewGreg Askew
29.1k33768
29.1k33768
Still nothing... I'm seeing the version numbers increment in GPMC, but when I run gpresult on the domain controller, it still shows the SYSVOL version as 65535.
– Carrot
Dec 16 '15 at 23:49
Try enabling group policy environment debug logging to see if that reveals anything: social.technet.microsoft.com/wiki/contents/articles/…
– Greg Askew
Dec 17 '15 at 18:24
add a comment |
Still nothing... I'm seeing the version numbers increment in GPMC, but when I run gpresult on the domain controller, it still shows the SYSVOL version as 65535.
– Carrot
Dec 16 '15 at 23:49
Try enabling group policy environment debug logging to see if that reveals anything: social.technet.microsoft.com/wiki/contents/articles/…
– Greg Askew
Dec 17 '15 at 18:24
Still nothing... I'm seeing the version numbers increment in GPMC, but when I run gpresult on the domain controller, it still shows the SYSVOL version as 65535.
– Carrot
Dec 16 '15 at 23:49
Still nothing... I'm seeing the version numbers increment in GPMC, but when I run gpresult on the domain controller, it still shows the SYSVOL version as 65535.
– Carrot
Dec 16 '15 at 23:49
Try enabling group policy environment debug logging to see if that reveals anything: social.technet.microsoft.com/wiki/contents/articles/…
– Greg Askew
Dec 17 '15 at 18:24
Try enabling group policy environment debug logging to see if that reveals anything: social.technet.microsoft.com/wiki/contents/articles/…
– Greg Askew
Dec 17 '15 at 18:24
add a comment |
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f743518%2fad-sysvol-version-mismatch-on-default-domain-policy%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
What does GPMC show for the user and computer versions (n/n)?
– Greg Askew
Dec 16 '15 at 19:13
65535 is always a sign that there was a failure to read the GPO. This could be caused by security filtering or WMI filtering, or read gpLink/gpOptions permissions missing, or replication delays, etc.
– Ryan Ries
Dec 16 '15 at 19:24
@GregAskew User version: 0/0 Computer version: 1/1
– Carrot
Dec 16 '15 at 19:48
@RyanRies That's what I was reading, but I can't seem to find a way to fix it. I didn't do anything other than join the computer to the domain. Is there something special I need to do in order to allow the machine to read the GPO?
– Carrot
Dec 16 '15 at 19:52
Does gpresult /h report the expected information when run on the domain controller?
– Greg Askew
Dec 16 '15 at 20:01