Recently a question came up in the newsgroups about what the difference is between the set of partitions on a domain controller and the set of partitions on a global catalog server.  I wanted to take the opportunity to include the answer here and expand upon it slightly. The question specifically was, “In a multi-domain environment, what is the main difference between the partitions on a domain controller that is also a global catalog server, versus other domain controllers that are ... [More]

Well, we’ve made it through the debug logs for normal mode and merge mode and now it is on to replace mode and time to answer our original question, “In replace mode, when does the user configuration portion of policies which apply to the computer object get applied.  Is it applied when the computer starts up?  Or is it applied when a user logs on?” This post is part 3 of a 3 part series where we are examining the debug output for each policy processing mode: Loopback Policy Proce... [More]

This post is part 2 of a 3 part series where we are examining the debug output for each policy processing mode: Loopback Policy Processing Debug Series – Normal Mode Loopback Policy Processing Debug Series – Merge Mode Loopback Policy Processing Debug Series – Replace Mode In our last post, we reviewed the UserEnv log to see how policy is applied to workstations and users under normal circumstances.  In normal mode, processing of workstation group policy restricts itself to t... [More]

When it rains it pours I suppose.  Just after I dropped the last loopback policy processing post, I got an email from another friend at Microsoft asking about how replace mode actually works.  What he wanted to know exactly was when does the user configuration portion of policies which apply to the computer object get applied.  Is it applied when the computer starts up?  Or is it applied when a user logs on? It’s a fair question.  The loopback policy setting is ... [More]

Hello all, Eric here again. Today, I wanted to expand a bit on a relatively recent posting that AskDS posted - http://tinyurl.com/askds-post. I'm sure the escalation engineers have seen that issue a number of times, one of which was with a customer of mine when that customer hit the CritSit button.  Obligingly, I escalated after I spent an hour or so stumped as to what happened since I was told that no changes were made. They chose to escalate with good reason though, as their environment ... [More]

Greetings all, it's Eric here again, wait nope...this is the first time posting to CB5! I'm a guest blogger on the Crandall brothers' site today and I wanted to talk about an interesting case that I had regarding the ADWS service not starting on most of the DC's at one of my customers' hub site. I want to cover what kind of impact that can have, so I'll talk about what ADWS does, requirements of ADWS, how to troubleshoot the issue, and some workarounds to fix the issue. First of all, I'll give ... [More]

  I wanted to follow-up on a previous post and respond to a newsgroup post with this loopback policy processing model. I am taking the inspiration for this from the newsgroup post though there is some deviation for the sake of the illustration.  Okay, let’s go. In our globally-applied Default Domain Policy, a screen saver timeout is set to 30 minutes. Right now, this is the only screen saver timeout policy in the domain. This policy setting exists in the User Configuration portion of... [More]