Hey Darren, I have looked at some of the source for GPO processing and while I don't recall any client side caching, I wouldn't be surprised to hear it had it. Certainly there is nothing on the AD side that I have seen that could ever make me think a specially formed query for GPOs was responded to in a special way and the code I did see didn't build a special query, it just sent a simple query. I would validate by using wireshark or some other sniffer type tool or Insight for AD to watch the actual LDAP queries generated. I expect you will see that when it is not updating, the client isn't even querying AD. joe -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm
_____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darren Mar-Elia Sent: Monday, November 13, 2006 4:23 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Timeout period on object moves? I moved a computer account from OU A to OU B, then fired up gpupdate on that computer. Sure enough, it found the new OU and calculated GP accordingly. Then I moved it back to OU A. On this final move, after issuing both a gpupdate and gpupdate /force, the workstation failed to find its new OU. I could see in userenv.log that it was still referring to its DN at the OU B location. Strangely, sometime after that, on a background refresh of GP, the new OU (A) was seen. _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto, Jorge de Sent: Monday, November 13, 2006 12:27 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Timeout period on object moves? Can you explain the steps you've taken? Met vriendelijke groeten / Kind regards, Ing. Jorge de Almeida Pinto Senior Infrastructure Consultant MVP Windows Server - Directory Services LogicaCMG Nederland B.V. (BU RTINC Eindhoven) ( Tel : +31-(0)40-29.57.777 ( Mobile : +31-(0)6-26.26.62.80 * E-mail : <see sender address> _____ From: [EMAIL PROTECTED] on behalf of Darren Mar-Elia Sent: Mon 2006-11-13 18:23 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Timeout period on object moves? All- I'm trying to track down some interesting behavior in GP processing. I am wondering how AD deals with object moves. Specifically, I am moving a computer object around between OUs and it appears that the computer itself is not picking up every move during GP processing as I would expect. I don't see where the behavior could be coming from on the client side (I even deleted the value in the registry where GP stores the DN of the object) and so I'm wondering if AD is doing something here when it returns the results of the LDAP query that the client does during GP processing to determine its location in AD. Its almost as if AD is caching the previous location of the object to dampen excessive object moves. Sounds weird but I'm wondering if anyone has an explanation to this? Darren Darren Mar-Elia For comprehensive Windows Group Policy Information, check out www.gpoguy.com <http://www.gpoguy.com/> -- the best source for GPO FAQs, video training, tools and whitepapers. Also check out the Windows <http://www.amazon.com/gp/product/0735622175/qid=1122367169/sr=8-1/ref=pd_bb s_1/104-1133146-9411929?v=glance&n=283155> Group Policy Guide, the definitive resource for Group Policy information. This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
<<attachment: winmail.dat>>
