I'm trying to get a logon script for USERS applied through group policy to NOT apply to domain controllers.

I set the domain controllers OU group policy to NOT overwrite but the main group policy with the script still applies to the DC.
I also tried blocking inheritance for the OU and it still doesn't work.

I can’t see any other way. There has to be something wrong.

Place all your users in a seperate OU in Active Directory. Then apply the group policy only to that OU instead of your whole domain.

I'll try that..but...

Am I doing something wrong?
Is this the normal behavior?

My previous attempts should have worked, according to regular understanding unless there is some sort of extra clause not written about it.

I'm assuming that you're placing the group policy on your entire domain rather then on just one OU. Or perhaps you're making the policy change on the default domain policy. Which wouldn't be a good idea.

I got it...did what you said.

I have one GPO for the entire domain (global) with the master set of rules compatible with all machines.

I have one GPO on the OU Domain controllers

I have one GPO on an OU I made called "Member Machines" which I can use the "Computer" aspect of the GPO if I need to in the future.
I moved the applicable machines from "Computers" to this OU.

I have one GPO on an OU I made called "Member Users" which I use the "User" aspect of the GPO. I put the logon script in this one and moved the applicable users to this OU.

I just didn't want to move the machines from the default location because any time a new user or computer comes along; I have to manually add them to these custom OU's.

Baring all that, your suggestion worked and the policy is now working as I want it to.

Thanks.