Why doesn't Windows 2000 apply Group Policy Objects (GPOs) that I set at the organizational unit (OU) level to members of that OU?

John Savill

February 3, 2002

1 Min Read
ITPro Today logo

A. Win2K might not apply GPO settings at the OU level even when everything appears OK at higher levels in the Active Directory (AD) structure. This problem commonly occurs if the client’s preferred DNS server address isn’t working. To determine whether you have that problem, perform the following actions:

  1. Log on as an Administrator to a client PC, and start the Microsoft Management Console (MMC) Computer Management snap-in (go to Start, Programs, Administrative Tools, Computer Management, or right-click My Computer and select Manage).

  2. Under System Tools, expand Event Viewer, then access the Application log.

  3. Check the log for the following entries:

    Event ID: 1000
    Event Source: Userenv
    Description: Windows cannot determine the user or computer name.
    Return value (1722).

If these entries exist, the client's preferred DNS server address is invalid or unreachable, which prevents access to the DNS information, and in turn to AD information and applicable GPOs.

To resolve this problem, correct the DNS address by performing the following steps:

  1. Right-click My Network Places, and click Properties.

  2. Right-click Local Area Connection, and click Properties.

  3. Click Internet Protocol (TCP/IP), and click Properties.

  4. Type the correct DNS address in the "Preferred DNS server" field.

Now, when you log on as a user of the OU in question, Win2K will apply the GPO settings. For additional information about the Application log error, see the Microsoft article "Event ID 1000 Is Logged in the Application Event Log."

About the Author(s)

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like