95% of issues with Group Policy not replicating are linked with the permissions problems.
First, make sure that the GPOs permissions are set correctly. You might want to reset them to default in case there are too many changes.
In Group Policy Management Console, click on your domain then Delegation tab -> Advanced -> Advanced -> Restore Defaults.
At this point, wait at least 15 minutes to replicate all the group policy files to all the domain controllers. Wait time is going to depend on your replication setting and the number of group policies in use.
You will probably see more ACL errors while everything is replicating.
If you want to force replication you can use the following PowerShell command:
Get-ADDomainController -Filter * | %{repadmin /syncall /edjQSA $_.hostname}
I also recommend making sure that the sysvol permissions on all your domain controllers are correct.
In addition, use the PowerShell script below to make sure that “Enterprise Domain Controllers” have the appropriate rights.
Save the code below as a .ps1 file and make sure you replace your domains FQDN below:
$FQDN = “yourdomainhere”
$acl = Get-Acl C:\Windows\SYSVOL\sysvol\$FQDN\Policies*
$accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule “NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS”,”WriteData”,”Allow”
$acl.SetAccessRule($accessRule)
$acl | Set-Acl C:\Windows\SYSVOL\sysvol\$FQDN\Policies*
$acl.RemoveAccessRule($accessRule)
$acl | Set-Acl C:\Windows\SYSVOL\sysvol\$FQDN\Policies*
Working in IT for more than 15 years now, I’ve ran into and solved problems that are very specific to network and system administration.
I have implemented my expertise in designing, developing and executing technical solutions that have passed the test of time, managing simple and complex systems, and administrating networks.