Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

When you use the Group Policy Object Editor on a Windows Server 2003 or Windows XP computer to change GPOs on a remote domain controller, changes are not applied immediately


View products that this article applies to.

Symptoms

Consider the following scenario:
  • You are using a computer that is running Microsoft Windows Server 2003 or Microsoft Windows XP.
  • You use the Group Policy Object Editor to change Group Policy objects (GPOs) on a remote domain controller.
In this scenario, the changes are not applied for a long time.

↑ Back to the top


Cause

This behavior occurs when the specified domain controller is not included in the Partition Knowledge Table (PKT) cache. The PKT cache stores only 35 target domain controllers per domain in the Distributed File System (DFS) list. If the target remote controller is not in the DFS list, the GPOs do not change immediately. The GPOs change only after the File Replication service (FRS) replicates the changes to the SYSVOL shared folders of the specified domain controller.

↑ Back to the top


Workaround

This issue may occur when the dfsutil /pktinfo command does not show the target domain controller in the DFS list. To work around this issue, use one of the following methods:
  • Log on to the target domain controller, and then change the GPOs locally by using terminal server.
  • Use the ntfrsutl forcerepl command to force replication regardless of the predefined replication schedule. This method applies only to the SYSVOL shared folders of the domain controller replica. To force the FRS service to start a replication cycle, type the following command at a command prompt:
    ntfrsutl forcerepl ComputerName /r "SetName" /p DnsName
    The quotation marks in this example are required when you use the /r option. If the quotation marks are not present, the command does not work.

    Note
    • ComputerName is the name of the computer that is running the FRS service.
    • SetName is the name of the replica set.
    • DnsName is the name of the domain from which you force replication.
    For example, type:
    ntfrsutl forcerepl ComputerName /r "Domain system volume (SYSVOL share)" /p Source domain controller.domain.com

↑ Back to the top


More information

To use the Group Policy Object Editor to modify a GPO on a remote domain controller, follow these steps:
  1. Click Start, click Run, type dsa.msc, and then click OK.
  2. Click Active Directory Users and Computers DomainName, and then click Connect to Domain Controller on the Active menu.
  3. Type the target domain name in the Enter the name of another domain controller box, and then click OK.
  4. Click Start, click Run, type gpedit.msc, and then click OK.
  5. On the View menu, click DC Option.
  6. Click The one used by the Active Directory Snap-Ins, and then click OK.

↑ Back to the top


Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

↑ Back to the top


Keywords: KB896669, kbtshoot, kbbug

↑ Back to the top

Article Info
Article ID : 896669
Revision : 2
Created on : 9/9/2013
Published on : 9/9/2013
Exists online : False
Views : 270