Force Group Policies after imaging
Got an issue with doing the GPUpdate /force as a post installation after an image has been installed.
The post install is: JoinDomain+Win7OU.ps1, Reg KMS, EnableUAC, reboot, gpupdate /force, reboot.
What happens is that the command GPUPdate /force doesn't work until after about five minutes, then it works fine.
Got a temporary solution which is "timeout 500" then "gpupdate /force" but that is doing the process a lot slower when imaging a lot of computers.
Do anyknow have any idea what the issue could be with the GPO?
I can send some logs tomorrow when I'm at the company.
Community Chosen Answer
This is most likely due to AD replication among the DC's. When you join the machine a secure channel cert is issued and the added to the attached DC, this needs to replicate to the other DC's in the domain before this machine is fully recognized by the domain.
GPUPdate /force on a large number of computers can be a problem. This is because these machines will hit a domain controller and reevaluate every GPO applicable to them.