4 logon scripts filtered to AD groups. Users picking the wrong script.

n4 41 Reputation points

As the title says, I have 4 login scripts. Based on your AD group you should get the correct script. This has worked fine for 6 months.

Suddenly people who were working fine are pulling the wrong script. Their AD group is correct. Their computers are working fine. Usually having them re-log fixes it. The number of users getting the wrong script seems to be increasing. I see no issue with underlying stuff like AD replication.

These issues seem to happen at peak login time, and we have a TON of intrusive security tools (like FireEye) that may be interfering. I'm not sure where to start, or if this method (4 gpos) has any inherent issues. I asked my scripting guy to start consolidating the scripts so there is only 1 GPO, as that seem an obvious improvement. I'm just not sure what's going on.

Any idea what would cause this or where to look for a clue?

Windows 10
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
10,796 questions
A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
4,837 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Limitless Technology 43,996 Reputation points

    Hello Thank you for your question and reaching out. I can understand you are having query\issues related to Logon scripts.

    1. On the effect User please rung gpresult /h C:\test\gpresult.html to see if the GPO is properly applied and which logon script should be applied for this user.
    2. Please check if there is any Loopback processing is enabled in GPO.
    3. Please try to put some logging to trace the script behavior
    4. Please check if AD health is Good and all DCs are synced. --If the reply is helpful, please Upvote and Accept as answer--
    0 comments No comments