Friday, January 17, 2014

PowerShell Script: GPO replication status across Domain Controller

Helloooo !!

A colleague asked me to create a PS script to check for a given GPO its AD and Sysvol versions across all Domain Controllers.

So I wrote this script that utilize the ActiveDirectory and GroupPolicy Module.

Depending on the size of your domain it can take a couple of minutes to contact each DC and retrieve the info, so launch it and go for a coffee or something...

In the same fashion as for the script from my last post, we will again be using a system object to collect all of the data together, which gives you the option to pipe it nicely to display the data or create CSV reports.
So here we go:

What the script does: 

This script takes the name of the GPO you want to check the replication status as an argument. 
It then uses the get-addomaincontroller  cmdlet from the ActiveDirectory Module to gather a list of all domain controllers host name to query. 
The retrieval of the versions on each DC is done using the Get-GPO cmdlet with -server option.

All of it is then wacked into a System.Object which is output at the end of the process. 

It is assumed that the ActiveDirectory and GroupPolicy modules are already imported in your session and that you have set the ExecutionPolicy properly on your system beforehand so that you can run the script locally.

How it works: 

Here are a few syntax example to use the script. 

& Get-GPOReplicationReport.ps1 "My GPO Name_v1.5" | Out-GridView
      The script creates a report for the specified GPO and display it in the out.GridView window.

& Get-GPOReplicationReport.ps1 "My GPO Name_v1.5" | ConverTo-Csv -Delimiter ','
      The script creates a report for the specified GPO and display it in the powershell host window as a comma delimited string (for copy and paste) .

& Get-GPOReplicationReport.ps1 "My GPO Name_v1.5" |  Export-Csv -Delimiter ',' -Path C:\MyGPOReplicationReport.csv
      The script creates a report for the specified GPO and save it as a CSV file.

Download Link:


Script Content:

#Created by toussman@gmail.com on 17/01/2014 
#http://theplatformadmin.blogspot.co.uk/

param(
  [parameter(Mandatory = $TRue )][String]$GPOName
 )

$DCList = (get-addomaincontroller -filter *).hostname 

$colGPOVer = @()

foreach ($DC in $DCList){

$objGPOVers = New-Object System.Object

$GPOObj = Get-GPO $GPOName -server $DC

$UserVersion = [string]$GPOObj.User.DSVersion + ' (AD), ' + [string]$GPOObj.User.SysvolVersion + ' (sysvol)'
$ComputerVersion = [string]$GPOObj.Computer.DSVersion + ' (AD), ' + [string]$GPOObj.Computer.SysvolVersion + ' (sysvol)'

$objGPOVers | Add-Member -type noteproperty -name GPOName -value $GPOName
$objGPOVers | Add-Member -type noteproperty -name DCName -value $DC
$objGPOVers | Add-Member -type noteproperty -name UserVersion -value $UserVersion
$objGPOVers | Add-Member -type noteproperty -name ComputerVersion -value $ComputerVersion

$colGPOVer += $objGPOVers 
}

$colGPOVer | sort-object GPOName, DCName

Well, that's it for this post. 

I hope you will find the script useful and if you have any suggestions or spot something that can be improved leave me a comment to let me know. 

Until next time !! 
Posted by at
Labels: , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)