ForensiT Homepage
Forum Home Forum Home > ForensiT Support > Domain Migration
  Active Topics Active Topics
  FAQ FAQ  Forum Search   Calendar   Register Register  Login Login

Logon Script Issues

 Post Reply Post Reply
Author
Message
  Topic Search Topic Search  Topic Options Topic Options
huggy59 View Drop Down
Newbie
Newbie


Joined: 11 Apr 2008
Online Status: Offline
Posts: 2
  Quote huggy59 Quote  Post ReplyReply Direct Link To This Post Topic: Logon Script Issues
    Posted: 11 Apr 2008 at 10:48am
I used the Profile Wizard to test migration of a user profile from a Samba (Linux) domain to an MS AD.  The Samba domain logon scripts were using Kixtart, but the new AD is using GPO on OU's containg the user accounts.  I previously imported (recreated) all user accounts from the Samba domain to the AD using another migration tool, and we've been running in parallel for a while.   Email is on the AD, as are other LDAP-enabled apps.
 
After running the ProfWiz tool on an account to allow use of the original Samba user profile under the AD account, I'm not seeing the GPO'd logon script (a VBS script) run at all.  I checked the AD user account settings and I see the old Kixtart logon script listed, and I've seen it run, but that has now been removed. 
 
Maybe this isn't the place to ask, but I'm stumped - how can I /where do I reset the user account/profile so the GPO logon script assigned to the OU is run?  Can this be done automatically by the Profwiz.exe program?
 
- huggy59
 
Back to Top
Support View Drop Down
Moderator Group
Moderator Group


Joined: 09 Nov 2006
Location: United Kingdom
Online Status: Offline
Posts: 1376
  Quote Support Quote  Post ReplyReply Direct Link To This Post Posted: 11 Apr 2008 at 2:27pm
Hi,

It is unlikely that this problem is a result of running ProfWiz. Are there any errors recorded in the machine's event log? If a GPO can't be applied an error should be recorded. You might also want to run gpresult to see what policies are in place, and maybe gpupdate to try and force the GPO to be applied.


Edited by Support - 11 Apr 2008 at 2:27pm
Back to Top
huggy59 View Drop Down
Newbie
Newbie


Joined: 11 Apr 2008
Online Status: Offline
Posts: 2
  Quote huggy59 Quote  Post ReplyReply Direct Link To This Post Posted: 11 Apr 2008 at 10:32pm
Thanks, you are right - with some more digging since my initial post I managed to find that gpresult showed NO policies have been loaded on the machine since moving to the new AD a couple days ago (using ProfWiz).  I also see that the group policies are not being applied because the machine cannot resolve or connect to the DC, yet it is working fine for DNS and user authentication/logon, so I'm not exactly sure what the problem is.  Nslookup finds the DC DNS server name just fine.
 
I can run the logon script manually after logon without problems, so I know there is no permissions issue at that level, but something is preventing the group policies from installing on the machine.  I looked into the network adapter/driver startup some people have posted about in other places, but that doesn't seem to be an issue, either.  Firewall is opened on all relevant ports and everything else in AD works - even my LDAP apps.  There must be something I'm missing between the remote site and the DC that's causing this - maybe a network issue - this machine is on a WAN link through my ISP - maybe they are filtering something I'm not aware of.  Or perhaps something is caught up in the slow link speed interface?  I have yet to try gpupdate, but I will try that when I get back to work next week.
 
If anyone has a series of utilities or steps using existing utilities to troubleshoot this policy issue, please point me in the right direction.  Should we move this to another topic area?
 
 
Back to Top
 Post Reply Post Reply

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.092 seconds.