0

Environment overview: AWS

DC1 = Win2k12 instance in region1 - AZ1

DC2 = Win2k12 instance in region1 - AZ2

~ 60 Member servers = all within region1

Replication set up between the two DCs for GPO, DNS, etc and is working properly. Changes can be made on either DC and will reflect on the other within a few minutes.

This may have been going on for a while, but we're now noticing that all member servers are pulling Group Policy from only DC2.

Not really sure where to go on this. We expect our Member servers to pull from either DC on any Group Policy Update, scheduled or not.

The only post I could find on the internet mentions setting up Subnets within Sites & Services, but I don't believe that applies here. We do not have any Subnets defined in the Sites & Services section.

Any help is appreciated.

celeryauthor
  • 1
  • Are clients authenticating with DC1 and pulling GPO's from DC2? That would be unusual (clients should have an affinity but that isn't hard). Enable group policy environment debug logging for a client and see if it shows anything. Also run `nltest /dsgetdc:domain.com /server:DC1` and compare it with DC2. You may want to check permissions browsing SYSVOL using a regular user account. – Greg Askew Dec 23 '22 at 19:03
  • Out of curiosity, would you please run `netdom /query fsmo` and add the output to your question? – user5870571 Jan 01 '23 at 21:16

0 Answers0