Print Page | Close Window

Logon Script Issues

Printed From: ForensiT
Category: ForensiT Support
Forum Name: Domain Migration
Forum Discription: User Profile Wizard questions, suggestions, comments and bug reports
Printed Date: 04 Aug 2020 at 3:48am

Topic: Logon Script Issues
Posted By: huggy59
Subject: Logon Script Issues
Date Posted: 11 Apr 2008 at 10:48am
I used the Profile Wizard to test migration of a user profile from a Samba (Linux) domain to an MS AD.  The Samba domain logon scripts were using Kixtart, but the new AD is using GPO on OU's containg the user accounts.  I previously imported (recreated) all user accounts from the Samba domain to the AD using another migration tool, and we've been running in parallel for a while.   Email is on the AD, as are other LDAP-enabled apps.
After running the ProfWiz tool on an account to allow use of the original Samba user profile under the AD account, I'm not seeing the GPO'd logon script (a VBS script) run at all.  I checked the AD user account settings and I see the old Kixtart logon script listed, and I've seen it run, but that has now been removed. 
Maybe this isn't the place to ask, but I'm stumped - how can I /where do I reset the user account/profile so the GPO logon script assigned to the OU is run?  Can this be done automatically by the Profwiz.exe program?
- huggy59

Posted By: Support
Date Posted: 11 Apr 2008 at 2:27pm

It is unlikely that this problem is a result of running ProfWiz. Are there any errors recorded in the machine's event log? If a GPO can't be applied an error should be recorded. You might also want to run gpresult to see what policies are in place, and maybe gpupdate to try and force the GPO to be applied.

Posted By: huggy59
Date Posted: 11 Apr 2008 at 10:32pm
Thanks, you are right - with some more digging since my initial post I managed to find that gpresult showed NO policies have been loaded on the machine since moving to the new AD a couple days ago (using ProfWiz).  I also see that the group policies are not being applied because the machine cannot resolve or connect to the DC, yet it is working fine for DNS and user authentication/logon, so I'm not exactly sure what the problem is.  Nslookup finds the DC DNS server name just fine.
I can run the logon script manually after logon without problems, so I know there is no permissions issue at that level, but something is preventing the group policies from installing on the machine.  I looked into the network adapter/driver startup some people have posted about in other places, but that doesn't seem to be an issue, either.  Firewall is opened on all relevant ports and everything else in AD works - even my LDAP apps.  There must be something I'm missing between the remote site and the DC that's causing this - maybe a network issue - this machine is on a WAN link through my ISP - maybe they are filtering something I'm not aware of.  Or perhaps something is caught up in the slow link speed interface?  I have yet to try gpupdate, but I will try that when I get back to work next week.
If anyone has a series of utilities or steps using existing utilities to troubleshoot this policy issue, please point me in the right direction.  Should we move this to another topic area?

Print Page | Close Window