Mark Minasi's Tech Forum
Register Calendar Latest Topics Chat
 
 
 


Reply
  Author   Comment  
WayneO

Still Checking the Forum Out
Registered:
Posts: 2
Reply with quote  #1 
One of my clients is using SBS 2011 (soon will be upgrading, but for now...).  SBS is at primary site, second site has a 2008R2 DC. I have been utilizing a 2012 server for GPO's.  A couple of months ago, I added a member 2016R2 server at second site.  After joining it to the domain, I moved it from the SBS default "Client OU" to "Servers OU" as I have done with servers in the past.  SBS has the default GPO's for updates; a "Client computer update" GPO which assigns a 4 for updates, and a "Server Computer update" GPO which assigns a 3.  Normally a new machine shows up in the proper Security Filter of the respective GPO...I assume based on the OU.  Now the problem... This latest server addition, even though it is in the correct OU for servers, gets automatically placed in the Security Filter of the GPO for Clients.  If I remove it, it comes back within the hour.  I remove it and add it to the Server GPO, but it comes back.  I took it off the domain and deleted it from AD, made certain it was gone from GPO, then re-joined the domain.  I immediately moved it to the Server OU, BUT it put itself in the Security Filter for Clients, not Servers.  (I have also changed the registry from 4 to 3, but GP puts it back to a 4).  Any ideas?   
0
wkasdo

Avatar / Picture

Administrator
Registered:
Posts: 179
Reply with quote  #2 
Guessing: the SBS servers looks at the operatingSystem attribute of the computer account to check the OS. If it is a known server OS, it moves it to that OU. All other accounts get moved to the client OU. Server 2016 is too new, and therefore unknown.

A quick search based on this assumption revealed that the file supportedOS.xml might we what you need.

__________________
[MSFT]; Blog: https://blogs.technet.microsoft.com/389thoughts/
0
WayneO

Still Checking the Forum Out
Registered:
Posts: 2
Reply with quote  #3 
THANK YOU FOR THE SUGGESTION.  I did mistype...the server that attaches to the wrong GPO is a 2012R2 (not 2016).  I looked up your reference and updated the supportedOS.xml file with Windows 10.  So far, it has not helped.  As I review the chronology, I had successfully added 2012R2 member servers to the domain at the location of the SBS box.  This 2012R2 was joined to the domain at the remote site.  Thus first contacted the 2008R2 DC at that site.  That is one variable in scenario. 
0
Previous Topic | Next Topic
Print
Reply

Quick Navigation: