How to sync the version for the GPOs on the Domain Controller

Question

I am experiencing an issue where the Group Policy Objects (GPOs) are not synchronizing with the domain controller. "The version number for one or more GPOs on this domain controller are not in sync with the versions for the GPOs on the Baseline domain controller"

This is message from de SysVol GPO Version

What can I do to resolve this?

Answer 1

Hello,

Here are some steps you can take to resolve this:

Check Replication Status:

Use the repadmin /showrepl command to check the replication status between your domain controllers. This will help identify any replication issues.

Force Replication:

You can force replication using the repadmin /syncall command. This ensures that all domain controllers are synchronized.

Verify SYSVOL and Netlogon Shares:

Ensure that the SYSVOL and Netlogon shares are available and properly replicated. You can use the dfsrdiag command to check the status of DFS Replication.

Check GPO Version Numbers:

Open the Group Policy Management Console (GPMC) and check the version numbers of the GPOs. If there is a mismatch, you may need to manually update the GPOs.

Use ADSI Edit:

If the issue persists, you can use ADSI Edit to manually update the msDFSR-Enabled and msDFSR-Options attributes. This involves stopping the DFSR service, making the necessary changes, and then restarting the service.

Run GPUpdate:

On the affected machines, run gpupdate /force to force a Group Policy update.

Check Event Logs:

Look at the Event Viewer logs on your domain controllers for any errors related to Group Policy or DFS Replication. This can provide more insight into what might be causing the issue.