Verifying GPO Replication

How will my dear readers !!

I am in a constant search for a script that brings me the replication time of Sysvol ... remembering that the environment in question is "Windows Server 2003" as functional mode domain; that is, we only have the ability to replicate the Sysvol with FRS ... who can help ... .eheheheheh

... During this journey, I came across a very cool function called Get-ADGPOReplication filtering results of the cmdlet Get-GPO so we can compare the versions of each GPO Sysvol on all domain DCs !! So we can verify that replication as well as the policy objects are consistent throughout the domain ... I know at this time hit that will thrill cry !!

Below function code:

function Get-ADGPOReplication
{
<#
.SYNOPSIS
This function retrieve one or all the GPO and Their report DSVersions and SysVolVersions (Users and Computers)
.DESCRIPTION
This function retrieve one or all the GPO and Their report DSVersions and SysVolVersions (Users and Computers)
.PARAMETER GPOName
Specify the name of the GPO
All .PARAMETER
Specify That You want to retrieve all the GPO (slow if you have a lot of Domain Controllers)
.EXAMPLE
Get-ADGPOReplication -GPOName "Default Domain Policy"
.EXAMPLE
Get-ADGPOReplication -All
.NOTES
Francois-Xavier Cat
lazywinadm
lazywinadmin.com

VERSION HISTORY
1.0 22/09/2014 Initial version
Adding some more Error Handling
Fix some typo
#>
#requires -version 3
[CmdletBinding ()]
PARAM (
[Parameter (Mandatory = $ True, ParameterSetName = "One")]
[String []] $ GPOName,
[Parameter (Mandatory = $ True, ParameterSetName = "All")]
[Switch] $ All
)
BEGIN
{
TRY
{
if (-not (Get-Module ActiveDirectory -Name)) {Import-Module ActiveDirectory -Name -ErrorAction Stop -ErrorVariable ErrorBeginIpmoAD}
if (-not (Get-Module -Name GroupPolicy)) {Import-Module -Name GroupPolicy -ErrorAction Stop -ErrorVariable ErrorBeginIpmoGP}
}
CATCH
{
Write-Warning -Message "[BEGIN] Something wrong happened"
IF ($ ErrorBeginIpmoAD) {Write-Warning -Message "[BEGIN] Error while Importing the module Active Directory"}
IF ($ ErrorBeginIpmoGP) {Write-Warning -Message "[BEGIN] Error while Importing the module Group Policy"}
Write-Warning -Message "[BEGIN] $ ($ Error [0] .exception.message)"
}
}
PROCESS
{
FOREACH ($ DomainController in ((Get-ADDomainController -ErrorAction Stop -ErrorVariable ErrorProcessGetDC -filter *). Hostname))
{
TRY
{
IF ($ psBoundParameters ['GPOName'])
{
Foreach ($ GPOItem in $ GPOName)
{
$ GPO = Get-GPO -Name $ GPOItem -Server $ DomainController -ErrorAction Stop -ErrorVariable ErrorProcessGetGPO

[PSCustomObject] [ordered] {@
GroupPolicyName = $ GPOItem
DomainController = $ DomainController
UserVersion = $ GPO.User.DSVersion
UserSysVolVersion = $ GPO.User.SysvolVersion
ComputerVersion = $ GPO.Computer.DSVersion
ComputerSysVolVersion = $ GPO.Computer.SysvolVersion
} #PSObject
} #Foreach ($ GPOItem in $ GPOName)
} #IF ($ PsBoundParameters ['GPOName'])
IF ($ psBoundParameters ['All'])
{
$ GPOList = Get-GPO -All -Server $ DomainController -ErrorAction Stop -ErrorVariable ErrorProcessGetGPOAll

foreach ($ GPO in $ GPOList)
{
[PSCustomObject] [ordered] {@
GroupPolicyName = $ GPO.DisplayName
DomainController = $ DomainController
UserVersion = $ GPO.User.DSVersion
UserSysVolVersion = $ GPO.User.SysvolVersion
ComputerVersion = $ GPO.Computer.DSVersion
ComputerSysVolVersion = $ GPO.Computer.SysvolVersion
} #PSObject
}
} #IF ($ PsBoundParameters ['All'])
} #TRY
CATCH
{
Write-Warning -Message "[PROCESS] Something wrong happened"
IF ($ ErrorProcessGetDC) {Write-Warning -Message "[PROCESS] Error while running retrieving Domain Controllers with Get-ADDomainController"}
IF ($ ErrorProcessGetGPO) {Write-Warning -Message "[PROCESS] Error while running Get-GPO"}
IF ($ ErrorProcessGetGPOAll) {Write-Warning -Message "[PROCESS] Error while running Get-GPO -All"}
Write-Warning -Message "[PROCESS] $ ($ Error [0] .exception.message)"
}
} #FOREACH
} #PROCESS
}

1. Create a .ps1 file containing the code above, or download it here
2. Run the script in PS ISE as administrator
3. Run the function !!

We have some syntax options, such as:

To bring the result of a single GPO:

Get-ADGPOReplication -GPOName "Default Domain Policy"

To bring the result of some policies:

Get-ADGPOReplication -GPOName "Default Domain Policy", "Default Domain Controllers Policy"

To bring its results for the All Policies:

Get-ADGPOReplication -All

We can also improve the filters with the following command:

Get-ADGPOReplication -all | Out-GridView -Title "GPO Verify $ (Get-Date)"

... Now we just need to be able to filter the time required for a change in Sysvol, is uncommitted in all domain DC's.