So my DC at one of my sites has given me all these problems with not propagating group policy. It drives me mad when my users at the site call and complain that their ‘favorites dont work’ ‘where are my printers’ ‘i cant connect to X:’ etc.
Looks like I have a corrupted SYSVOL/NETLOGON. MS has a method for resetting the domain SYSVOL on certain DC’s
http://support.microsoft.com/kb/315457/
Basically, the short of this, is that you set the AUTHORITATIVE DC (seeder) with the D4 registry setting, and you set the D2 registry setting on the SLAVE DC. This all must be done while the FRS service is stopped. You restart the service, and it replicates the SYSVOL and NETLOGON folders from the authoritative DC to the slave.
Then you have to open gpmc.mmc and click on each of the GPO’s and it will ask you if you want to reset the permissions on the GPO.. and you say YES!
How did I know this was my problem? On the effected DC (not spitting out GPO’s) the sysvol and netlogon folders were not shared after i DCPROMO’d.