I spent a couple of hours on this silly problem so I figured I’d share my findings here.
I created a small domain on a windows 2003 server called test, and installed the DNS service.
Joined the domain from an XP machine.
I created a domain user called joe.
I created an OU called Clerks and moved Joe there.
I created and edited a Group Policy for the Clerks OU.
Now here is where the problem hit me. I logon as Joe on the XP machine. The machine takes forever to log me in and when I’m finally logged in none of the policy settings are applied. I looked around the net to avail.
Out of curiosity I started Wireshark and sniffed the packet flow back and forth and noticed a lot of samba packets that said something like SAM Active Directory Response – user unknown.
Looking over the net again I found some discussion boards mentioning that this could be a problem with DNS. I looked at the packet trace again and noticed the XP machine issuing a lot of DNS requests to an IP, therein lay the problem. It was sending its DNS requests to the wrong machine, I had misconfigured the XP machine’s Primary DNS IP.
I modified the IP and wham, the XP machine was logging on in a tenth of the time it used to take with all the policies in tact.
Hope this helps some poor soul out there who’s been egging away at this.
Cheers!