I've created two test VMs in VMWare, both Server 2012 R2 Standard. One was promoted to a DC, with the domain name being test2.local. I modified the DNS record on the other server, and joined it to the test domain. Then I did (from an administrative command prompt) gpupdate /force
and the gpresult /H gpresult.html
. I looked in the gpresult.html file and saw a warning on the Default Domain Policy. It says: A fast link was detected (not worrying about now) and "AD / SYSVOL Version Mismatch" on Default Domain Policy. Opening up the Default Domain Policy under Applied GPOs shows that the SYSVOL number is 65535.
From what I have been able to gather, this mismatch occurs when there is security filtering and/or WMI filtering in place. I don't think I'm using either one of those, unless they are applied by default.
At this point, I just want a clean base that applies the unchanged Default Domain Policy to a machine without any errors. Then I can keep testing the GPO I'm building without wondering where the errors/warnings are coming from.