I've recently been making some changes to an AD OU structure, in attempt to make the structure look cleaner for other admins & allow us to get more granular with Group Policies.
By changes I mean restructuring AD without moving users out of their existing computer / User OU's (Ie. all GPO's have remained in tact as before).. I would like to start moving users and more computers eventually but for the time being I've been making sensible small steps.
So.. I seem to be facing a somewhat big issue with Roaming profiles / documents redirects.
Users sit under the 'Staff' OU which has the below GPO's applied.
For everyone who sits under the above 'Staff' OU, they get their documents redirected to a network drive, that has always worked.
Recently I created a new OU just outside of 'Staff' Called 'Special Staff' and linked all the existin Group policy objects which would have applied under 'Staff' to that OU.
I moved a user from 'Staff' into 'Special Staff' and logged onto a machine.. When I logged onto the machine with the user in question I found that I could no longer see the document redirects working.
I attempted a GPUPDATE /force and logged the user off and back on again.
When I logged the user back on, I could still see that the documents redirection was not working so I tried a GPRESULT /H (Path).. Everything was applying however under 'Redirects' I could see the below:
Folder Redirection did not complete policy processing because the user needs to log on again for the settings to be applied. Group Policy will attempt to apply the settings at the user's next logon. Additional information may have been logged. Review the Policy Events tab in the console or the application event log for events between 04/10/2015 21:41:35 and 04/10/2015 21:41:35.
I've tried logging off and logging back on multiple times.. Still no luck.
I am confused to say the least.
Can anyone help me out?
FYI : Updates
Update 22:45PM:'ve just checked Event Viewer on the affected machine and see the below entry: "Folder redirection policy application has been delayed until the next logon because the group policy logon optimization is in effect."
Update 23:00PM: GPRESULT when executed on a machine for the user in question takes around 8 minutes to complete. Longest Process is: Getting the SID information
Update 23:02PM: The end result of the GPRESULT indicates that the GPO's for the folder direction have been applied to the user.
Update 23:07PM: If a GPUPDATE /FORCE is done on user accounts who still reside in the 'Staff' OU, the folder redirect continues to work fine. When a user is moved from the 'Staff' OU to the 'Special Staff' OU the folder redirection stops working. To ensure it's not a case of the GPO's playing up I have tried moving a user back into staff and doing a GPUPDATE /force however that does not resolve the issue. This suggests that from simply moving a user into a new user OU , the redirect is breaking.
Update 23:10PM: For anyone who would like to know how different the GPO's are in the 'Special staff' OU in comparison to the 'Staff' OU.. They are exactly the same, the policies which reside in the working 'OU' are simply linked to 'Special staff' (There is an extra policy in 'Special Staff' for machine lockout)
Research Outcome:
I'm never able to see any errors reported with folder redirection.. All I see is:
Event Viewer:
Folder redirection policy application has been delayed until the next logon because the group policy logon optimization is in effect.
GPRESULT:
Which sits on GETTING THE SID INFORMATION for over 8 minutes ^^ That.. I have never seen before.. And this alone worries me somewhat. Update: It only takes this long on the User(s) affected.
