When anyone logs on to a member computer, the site, domain and Organizational Unit group policies are NOT applied. When a domain administrator logs on to the console of a domain controller, the policies are applied. You may have the following event in the Application event log:
Event Type: Warning
Event Source: NETLOGON
Event Category: None
Event ID: 5773
Description: The DNS server for this DC does not support dynamic DNS. Add the DNS records from the file '%SystemRoot%\System32\Config\netlogon.dns' to the DNS server serving the domain referenced in that file.
If your domain controller uses a DNS server that does NOT support dynamic updates, you will experience this behavior.
To resolve this problem, your domain controller must use a DNS server that supports dynamic updates or SRV records.