PowerShell - Check the GPO Replication accross your domain
A couple of days ago we had to troubleshoot some SYSVOL replication issues throughout the domain. I wanted to check the version of the GPO that was modified recently and make sure it was replicated on all the Domain Controllers.
I created a small function called Get-ADGPOReplication
to easily compare the versions of each Group Policy Objects (User and Computer Configurations) on each Domain Controllers in the Domain.
Get-ADGPOReplication sent to Out-Gridview |
Retrieving the GPO Version and SysVol Version
As you probably know, you’ll find 2 types of configurations inside each GPO: User and Computer.
The Cmdlet Get-GPO
(From the module GroupPolicy) give us some great details on the versions number and the SysVol versions of those configurations.
Get-GPO -Name AZE_Test
From this output, we can notice the properties UserVersion and ComputerVersionthat give information about the GPO Version and SysVol Version. Those properties which are generated and available in the default view won’t show if you look at all the properties/methods available (using Get-Member).
You’ll have to dig into the propertyComputerandUserto get the versions details.
Get-GPO -Name AZE_Test | Get-Member
(Get-GPO -Name AZE_Test).Computer | Get-Member
You need to inspect the property Computer to finally find the versions information.
(Get-GPO -Name AZE_Test).Computer
Same information is available for the User Configuration.
Function Get-ADGPOReplication
Get-ADGPOReplication
is retrieving the GPO version and Sysvol version accross the domain for one or more Group Policy objects. This can especially helps you troubleshooting replication issues.
This small function is taking advantage of the module ActiveDirectory to retrieve the list of all Domain Controllers and the module GroupPolicy to query one or more Group Policy objects.
For each GPO, It will then retrieve the version of the User/Computer configurations and the Sysvol Version.
Getting the list of Domain Controllers
$DomainControllers= ((Get-ADDomainController -filter *).hostname)
Processing each Group Policy Object, against each Domain controllers
Foreach ($GPOItem in $GPOName)
{
$GPO = Get-GPO -Name $GPOItem -Server $DomainController -ErrorAction Stop
[pscustomobject][ordered] @{
GroupPolicyName = $GPOItem
DomainController = $DomainController
UserVersion = $GPO.User.DSVersion
UserSysVolVersion = $GPO.User.SysvolVersion
ComputerVersion = $GPO.Computer.DSVersion
ComputerSysVolVersion = $GPO.Computer.SysvolVersion
}#PSObject
}#Foreach ($GPOItem in $GPOName)
Here is the output you should expect
Using the function against one GPO:
Get-ADGPOReplication -GPOName "AZE_Test"
Using the function against multiple GPO:
Get-ADGPOReplication -GPOName "AZE_Test", "AZE_Test2"
Using the function against All GPO:
Get-ADGPOReplication -All
Optionally you can send the output to Out-Gridview which will give you a very nice view on all your GPO versions.
Get-ADGPOReplication -GPOName AZE_Test | Out-GridView -Title "AZE_Test $(Get-Date)"
Download on GitHub Download on Technet Gallery
Leave a comment