Migrated computers appear to be associated with the source GPO (4212926)

After migrating a computer to the target domain, a user logged on to the target domain may show a source GPO policy being applied when performing a GPResult.

This is the problem with the way GPRESULT reads GPO status on the local computer. The source GPO is not in fact applied. Please refer to the resolution section for more details.

****WARNING: Using Registry Editor incorrectly can cause serious problems that can damage the operating system and the software installed. Quest cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk.****

When a source user logs on to the machine, the source policies are loaded, later when the machine is moved to the target domain those policies are still stored (cashed) under the following registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\[Users-Sid]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\History\[Users-Sid]

If the migrated target user has the SidHistory of the source user, then gpresult.exe will shows both policies, but only the target policy is in fact applied. This can be verified in following ways:

1. Looking at RSoP (Resultant Set of Policies) MMC snap-in while running the query in the logging mode against the computer in question.
2. Exploring Local Security settings using Group Policy Object Editor MMC snap-in.

The behavior may vary depending on the gpresult.exe version determined by computer operating system and hotfixes installed.