Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
24,553 questions
Entra Domain Services domain controller has stopped GPO syncing
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(240, 26%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDM%3C/text%3E%3C/svg%3E)
Dave Mortensen
1
Reputation point
We are using EntraIDDomainServices for our domain controller. We've been doing so for years. This week we saw that Group Policies were no longer being applied to users.
When we run a GPUPDATE /FORCE we get the following
========= Computer policy could not be updated successfully. The following errors were encountered: The processing of Group Policy failed. Windows attempted to read the file \\<domain>\SysVol\<forest>\Policies\<policy ID>\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
=============
When I browse \\<domain>\SysVol\<forest>\Policies\ I see all the policies I expect, but there is no gpt.ini in any of them.
When I look through the Group Policy Management Console, I see all of my policies, but none of them display the registry keys or shortcuts we've configured them to deploy.
Help? This is a massive concern. It's been working for years but just stopped this week...
Microsoft Entra ID
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(35.2, 30%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGP%3C/text%3E%3C/svg%3E)
Goutam Pratti 4,985 Reputation points Microsoft External Staff Moderator2025-05-14T22:31:07.2666667+00:00 Hello @Dave Mortensen ,
I Understand that your Entra Domain Services domain controller has stopped GPO syncing so to proceed further can you please share the screen shots of error while you are trying to sync the GPO?
Also Share me the TenantId and Microsoft Entra Domain services Name in the Private message.
let us know if you have any additional queries. Happy to assist you further.
Sign in to comment
Sign in to answer