I created a small function called Get-ADGPOReplication to easily compare the versions of each Group Policy Objects (User and Computer Configurations) on each Domain Controllers in the Domain.
 |
| Get-ADGPOReplication sent to Out-Gridview |
Retrieving the GPO Version and SysVol Version
As you probably know, you'll find 2 types of configurations inside each GPO: User and Computer.
The Cmdlet Get-GPO (From the module GroupPolicy) give us some great details on the versions number and the SysVol versions of those configurations.
Get-GPO -Name AZE_Test
From this output, we can notice the properties UserVersion and ComputerVersion that give information about the GPO Version and SysVol Version. Those properties which are generated and available in the default view won't show if you look at all the properties/methods available (using Get-Member).
You'll have to dig into the property Computer and User to get the versions details.
Get-GPO -Name AZE_Test | Get-Member
(Get-GPO -Name AZE_Test).Computer | Get-Member
You need to inspect the property Computer to finally find the versions information.
(Get-GPO -Name AZE_Test).Computer
Same information is available for the User Configuration.
Function Get-ADGPOReplication
Get-ADGPOReplication is retrieving the GPO version and Sysvol version accross the domain for one or more Group Policy objects. This can especially helps you troubleshooting replication issues.This small function is taking advantage of the module ActiveDirectory to retrieve the list of all Domain Controllers and the module GroupPolicy to query one or more Group Policy objects.
For each GPO, It will then retrieve the version of the User/Computer configurations and the Sysvol Version.
Getting the list of Domain Controllers
$DomainControllers = ((Get-ADDomainController -filter *).hostname)
Processing each Group Policy Object, against each Domain controllers
Foreach ($GPOItem in $GPOName) { $GPO = Get-GPO -Name $GPOItem -Server $DomainController -ErrorAction Stop [pscustomobject][ordered] @{ GroupPolicyName = $GPOItem DomainController = $DomainController UserVersion = $GPO.User.DSVersion UserSysVolVersion = $GPO.User.SysvolVersion ComputerVersion = $GPO.Computer.DSVersion ComputerSysVolVersion = $GPO.Computer.SysvolVersion }#PSObject }#Foreach ($GPOItem in $GPOName)
Here is the output you should expect
Using the function against one GPO:
Get-ADGPOReplication -GPOName "AZE_Test"Using the function against multiple GPO:
Get-ADGPOReplication -GPOName "AZE_Test", "AZE_Test2"Using the function against All GPO:
Get-ADGPOReplication -AllOptionally you can send the output to Out-Gridview which will give you a very nice view on all your GPO versions.
Get-ADGPOReplication -GPOName AZE_Test | Out-GridView -Title "AZE_Test $(Get-Date)"
Download on GitHub
Download on Technet Gallery
Thanks for reading! If you have any questions, leave a comment or send me an email at fxcat@lazywinadmin.com. I invite you to follow me on Twitter @lazywinadm / Google+ / LinkedIn. You can also follow the LazyWinAdmin Blog on Facebook Page and Google+ Page.
No comments:
Post a Comment