General discussion


Domain policy is not reflected on the Domain Controller.

By Rob1150 ·
I have a network with one domain controller and about 45 computers. I have enabled audit logging for account logon failures. When I test the logging on any of the other computers in the tree it works great. When it login in wrong on the domain controller incorrectly the check to make sure that it would be logged, nothing shows up in the security event log. The domain policy works as it should on all the other computers except the DC. Any ideas why?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by timwalsh In reply to Domain policy is not refl ...

In AD, all domain controllers actually exist in a separate OU (called surprisingly "Domain Controllers"). GPOs applied against an OU are applied after, and will take precedence over, GPOs applied against the domain. This OU is specifically excluded from the stadard Domain Security Policy.

The Domain Controllers OU actually has its own security policy called the "Domain Controller Security Policy." You must use this policy to apply GPOs to an DCs.

Collapse -

by Rob1150 In reply to Domain policy is not refl ...

This question was closed by the author

Related Discussions

Related Forums