[Samba] Where am I connecting when using GPO editor?

[Norbert Hanke]

The Group Policy Management Editor might connect to a certain DC,
default is apparently the DC with the PDC role. But it is sometimes
misleading what it displays vs. what it really does.

When told to edit a script or .reg file or similar it opens e.g
\\your.domain.tld\sysvol\your.domain.tld\Policies\<policyUUID>\User\Scripts\Logon\whatever.cmd
which results in using a random DC.

If you save the file back to that or even a different random DC that is
not the one with the PDC role and your sysvol synchronization works only
in one direction you will have that script overwritten or erased with
the next synchronization run.
--> Be sure that you save that script to the DC that is the master of
your sysvol synchronization.

regards,
Norbert

On 13.12.2022 14:49, miguel medalha via samba wrote:
>>> In the Group policy Management applet, on the tree select your domain then go to "Action" menu and choose "Change Domain Controller".
>>> If you choose a particular DC, it will become the default DC until you change it.
>> Yes, you can change it, but every time you start the grouppolicymanager it will be the DC with the FSMO role PDC-Master. That's the reason why you rplicate sysvol from the DC with this role
> You can replicate sysvol using as a source any DC you choose, as long as you have the mechanism in place to do it. Using the DC with FSMO role is just convenient. That's what I do, but only out of convenience, it doesn't *have to be* so.
>
>
>