This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(176, 60%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHB%3C/text%3E%3C/svg%3E)
Environment is with two forests and one-way trust.
Goal is to apply some user's settings for users from "domain A" loging in computers in "Domain B".
In "Domain B" GPO with "loopback processing configured" (GPO#1) is applied to "Computers_B" OU as well as GPO with needed user's settings (GPO#2). gpresult/r in run in case (User A logged in Computer B) and result is "The user 'domain\user' does not have RSoP data."
As a test, user from "Domain B", who is not in same OU as Computer B is logged to Computer B. gpresult/r show expected result, but only "Computer Settings" part of GPO#2 is applied, not "User Settings".
Configuration is very simple, no WMI filter, no Security Filtering, only "Authenticated Users" (default) is used in GPO permissions.
What is missing?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 38%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMP%3C/text%3E%3C/svg%3E)
You need to enable Computer Configuration\Administrative Templates\System\Group Policy\Allow cross-forest user policy and roaming user profiles
For an example, refer to
https://medium.com/@todddeland/cross-domain-group-policy-objects-ddaa96041a52
If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.
hth
Marcin
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 62%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDZ%3C/text%3E%3C/svg%3E)
Hello Haris Brkanic,
Thank you for posting in Q&A forum.
Based on the description "In "Domain B" GPO with "loopback processing configured" (GPO#1) is applied to "Computers_B" OU as well as GPO with needed user's settings (GPO#2)", I understand Computers_B OU has computer objects in domain B, you configure loopback processing ("Merge" or "Replace") (GPO#1) and link (GPO#1) to Computers_B OU, and you configure some needed user's settings (GPO#2) and link (GPO#2) to Computers_B OU.
Now as a test, you signed one domain user (such as U1) from "Domain B" (different OU as Computer B) on one machine in Computer_B OU (such as PC1), you can check this domain B user settings as below:
1.Logon PC1 using domain B user account U1 (that applies this gpo).
2.Create a folder named F1 in C drive.
3.Open CMD (do not run as Administrator).
4.Type gpresult /h C:\F1\gpo.html and click Enter.
5.Open gpo.html and check if there are needed user's settings (GPO#2) under "User Details" if it is "Replace" mode.
Or
Open gpo.html and check if there are needed user's settings (GPO#2) and U1 user settings under "User Details" if it is "Merge" mode.
I hope the information above is helpful.
If you have any questions or concerns, please feel free to let us know.
Best Regards,
Daisy Zhou
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.