4 logon scripts filtered to AD groups. Users picking the wrong script.

Question

As the title says, I have 4 login scripts. Based on your AD group you should get the correct script. This has worked fine for 6 months.

Suddenly people who were working fine are pulling the wrong script. Their AD group is correct. Their computers are working fine. Usually having them re-log fixes it. The number of users getting the wrong script seems to be increasing. I see no issue with underlying stuff like AD replication.

These issues seem to happen at peak login time, and we have a TON of intrusive security tools (like FireEye) that may be interfering. I'm not sure where to start, or if this method (4 gpos) has any inherent issues. I asked my scripting guy to start consolidating the scripts so there is only 1 GPO, as that seem an obvious improvement. I'm just not sure what's going on.

Any idea what would cause this or where to look for a clue?

Answer 1

Hello Thank you for your question and reaching out. I can understand you are having query\issues related to Logon scripts.

1. On the effect User please rung gpresult /h C:\test\gpresult.html to see if the GPO is properly applied and which logon script should be applied for this user.
2. Please check if there is any Loopback processing is enabled in GPO.
3. Please try to put some logging to trace the script behavior
4. Please check if AD health is Good and all DCs are synced. --If the reply is helpful, please Upvote and Accept as answer--