User from an external Forest not getting policies

HM 26 Reputation points
2020-11-23T19:01:57.523+00:00

We have a 2 way (non transitive trust) with an external Forest. User from Forest A is logging on to a machine in Forest B. We have a loopback (replace mode) GPO applied on machine. GPO is applied to machine & Forest A(user) , this GPO contains some 'User configuration' settings. When user logon to machine, he is not receiving user specific policies. Im not sure what are we missing here.

When a user from Forest B log on to machine in Forest B they have no issues in receiving user GPOs

Gpupdate /force result:-
Computer policy update has completed successfully
User policy could not be updated successfully. The following errors were encountered.

The processing of the group policy failed. Windows could not authenticate to the active directry services on a domain controller. (LDAP bind function call failed). look in the detail tab for error code and description.

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,549 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Fan Fan 15,336 Reputation points Microsoft Vendor
    2020-11-24T01:53:41.323+00:00

    Hi,
    Based on my experience, User from Forest A is logging on to a machine in Forest B, the computer policy from Forest B will be applied , and user policy from Forest A will not be applied by default.

    If you want the users Group Policies from forest A to work in forest B, then please enable the below setting in the default Doman Policy (Forest B)

    Computer Configuration/Administrative Templates/System/Group Policy/Allow Cross- forest user policy

    Check the below link

    http://support.microsoft.com/kb/823862

    Best Regards,

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.