I am having issues where NTFS permissions on group policy templates (in SYSVOL) are not replicating to DC02 in my two-dc setup. When I modify the security filtering on a GPO (for example add a user on the scope tab) on DC02 it will immediately
reflect the change on the GPT in sysvol on DC01, but not on the GPT in sysvol of itself. However, If I modify the security filtering on a GPO on DC01, it will reflect the change on the GPT in sysvol on both Servers.
i.e. any action start from DC01 will trigger no problem. From DC02, If I create a new GPO policy, the folder will be replicated to SYSVOL on both servers, but if I modify the security filtering on this GPO, you will see the change have been made on both server from the GUI,, but when you check through
the actual ntfs permission of the folder within SYSVOL, you will find the change has been replicated to DC01, the ntfs permissions of this GPO on DC02 remain unchanged.
Both domain controllers are 2016, in the same AD site and on the same subnet - using DFSR for sysvol. There is no routing or firewall between these two servers. The DFSR log on both sheds no light, there are a few periodic RPC errors relating to"too busy to process" or "endpoint mapper." The system log sheds no light either. I have confirmed that AD replication is working with no issue and the NTFS permissions are replicated on the GPC in AD. And likewise, creating new folders in sysvol replicate instantly, it's just the permissions on the folder on DC02 ( only happened hen making change from DC02) . This is impacting the creation and editing of GPOs from DC02 as there are constantly permissions mismatched.
i.e. any action start from DC01 will trigger no problem. From DC02, If I create a new GPO policy, the folder will be replicated to SYSVOL on both servers, but if I modify the security filtering on this GPO, you will see the change have been made on both server from the GUI,, but when you check through
the actual ntfs permission of the folder within SYSVOL, you will find the change has been replicated to DC01, the ntfs permissions of this GPO on DC02 remain unchanged.
Both domain controllers are 2016, in the same AD site and on the same subnet - using DFSR for sysvol. There is no routing or firewall between these two servers. The DFSR log on both sheds no light, there are a few periodic RPC errors relating to"too busy to process" or "endpoint mapper." The system log sheds no light either. I have confirmed that AD replication is working with no issue and the NTFS permissions are replicated on the GPC in AD. And likewise, creating new folders in sysvol replicate instantly, it's just the permissions on the folder on DC02 ( only happened hen making change from DC02) . This is impacting the creation and editing of GPOs from DC02 as there are constantly permissions mismatched.