Problems in using IGroupPolicyObject interface.

From: V Ravikiran (ravikiran.v_at_siemens.com.net)
Date: 05/19/03


Date: Mon, 19 May 2003 17:05:58 +0530


Hello,
    We are facing a problem in using IGroupPolicyObject interface for
    creating group policies.

Description:
    The problems happens when 2 sites (Site1 and Site 2) in 2 different LAN
segments
    have 2 Domain controllers (DC1 and DC2).

    DC1 is in Site 1 and is the Schema Master.
    DC2 is in Site 2 and is promoted to a DC second.

    The program which is using IGroupPolicyObject is running on a machine
(not DC2)
    in Site 2.

    The code looks something like this.

    CoCreateInstance(.., IID_IGroupPolicyObject, ..., &pGPO);
    pGPO->New(<Bindpath binding to DC1>, <GP Name>, GPO_OPEN_READ_ONLY );
// GPO_OPEN_READ_ONLY is passed becuase New fails with
// "The system cannot find the path specified. " (0x80070003) if
// GPO_OPEN_LOAD_REGISTRY is passed.
    pGPO->Release();

// Since save can be called only with GPO opened with
GPO_OPEN_LOAD_REGISTRY,
// open the GPO again.
    CoCreateInstance(.., IID_IGroupPolicyObject, ..., &pGPO);
    pGPO->OpenDSGPO(<BindPath binding to DC1 including the GPO being bound
to>,
                                GPO_OPEN_LOAD_REGISTRY);
    pGPO->Save(TRUE,TRUE, &GPO_EXTENSION_MACHINE_TEMPLATES,
                        &GPO_EXTENSION_MACHINE_TEMPLATES_GUI);

    This code works fine if there is only one DC or if all the DCs are in
the same site.
    But in the case mentioned above, pGPO->New binds to the DC1 but
pGPO->OpenDSGPO
    seems to ignore the bind string and tries to bind to DC2 (the nearest
DC).
    Since replication hasn't yet happened, it fails.

    Is this a problem in OpenDSGPO not binding correctly?
    Has anyone else faced this before?

Another question:
    Does no one else use IGroupPolicyObject? I find so little information on
the web
    3 years after the interface is publised!!!

Thanks in anticipation,
Best Regards,
ravi.

PS: If you want to contact me directly, please remove the .net at the end of
the mail address.