Logon Script Issues |
Post Reply |
Author | |
huggy59
Newbie Joined: 11 Apr 2008 Status: Offline Points: 2 |
Post Options
Thanks(0)
Posted: 11 Apr 2008 at 10:48am |
I used the Profile Wizard to test migration of a user profile from a Samba (Linux) domain to an MS AD. The Samba domain logon scripts were using Kixtart, but the new AD is using GPO on OU's containg the user accounts. I previously imported (recreated) all user accounts from the Samba domain to the AD using another migration tool, and we've been running in parallel for a while. Email is on the AD, as are other LDAP-enabled apps.
After running the ProfWiz tool on an account to allow use of the original Samba user profile under the AD account, I'm not seeing the GPO'd logon script (a VBS script) run at all. I checked the AD user account settings and I see the old Kixtart logon script listed, and I've seen it run, but that has now been removed.
Maybe this isn't the place to ask, but I'm stumped - how can I /where do I reset the user account/profile so the GPO logon script assigned to the OU is run? Can this be done automatically by the Profwiz.exe program?
- huggy59
|
|
Support
Moderator Group Joined: 09 Nov 2006 Location: United Kingdom Status: Offline Points: 1844 |
Post Options
Thanks(0)
|
Hi,
It is unlikely that this problem is a result of running ProfWiz. Are there any errors recorded in the machine's event log? If a GPO can't be applied an error should be recorded. You might also want to run gpresult to see what policies are in place, and maybe gpupdate to try and force the GPO to be applied. Edited by Support - 11 Apr 2008 at 2:27pm |
|
huggy59
Newbie Joined: 11 Apr 2008 Status: Offline Points: 2 |
Post Options
Thanks(0)
|
Thanks, you are right - with some more digging since my initial post I managed to find that gpresult showed NO policies have been loaded on the machine since moving to the new AD a couple days ago (using ProfWiz). I also see that the group policies are not being applied because the machine cannot resolve or connect to the DC, yet it is working fine for DNS and user authentication/logon, so I'm not exactly sure what the problem is. Nslookup finds the DC DNS server name just fine.
I can run the logon script manually after logon without problems, so I know there is no permissions issue at that level, but something is preventing the group policies from installing on the machine. I looked into the network adapter/driver startup some people have posted about in other places, but that doesn't seem to be an issue, either. Firewall is opened on all relevant ports and everything else in AD works - even my LDAP apps. There must be something I'm missing between the remote site and the DC that's causing this - maybe a network issue - this machine is on a WAN link through my ISP - maybe they are filtering something I'm not aware of. Or perhaps something is caught up in the slow link speed interface? I have yet to try gpupdate, but I will try that when I get back to work next week.
If anyone has a series of utilities or steps using existing utilities to troubleshoot this policy issue, please point me in the right direction. Should we move this to another topic area?
|
|
Post Reply | |
Tweet
|
Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |