PowerShell Script to Output GPO Versions across DCs
I wrote the following PowerShell script so that I could easily watch my GPO changes replicate around the globe, letting me know when I could have someone at a specific site update policy when new policies or changes were rolled out. To use, just replace $gpoGUID = "{12345678-1234-5678-9123-ABCDEFEDCBA0}" with the GUID of the policy you want to check on. You can find the GPO GUID in the properties of the GPO and on the details page in the Group Policy Management Console.
1$gpoGUID = "{12345678-1234-5678-9123-ABCDEFEDCBA0}"
2
3$dcList = Get-ADDomainController -Filter \*
4
5$replResults = @()
6
7$dcCount = $dcList.Count
8$dcIndex = 0
9
10$dcList | % {
11
12 $dcName = $_.Hostname
13 $dcIndex++
14
15 Write-Progress -Activity "Querying Domain Controllers for GPO Status" -Status "Querying $dcName" -PercentComplete (($dcIndex / $dcCount)\*100)
16
17 $gpo = Get-GPO -Server $dcName -Guid $gpoGUID
18
19 $results = New-Object -TypeName psobject
20 $results | Add-Member -MemberType NoteProperty -Name "DCNAME" -Value $dcName
21 $results | Add-Member -MemberType NoteProperty -Name "CreateDate" -Value $gpo.CreationTime
22 $results | Add-Member -MemberType NoteProperty -Name "ModifyDate" -Value $gpo.ModificationTime
23 $results | Add-Member -MemberType NoteProperty -Name "CompVer" -Value $gpo.Computer.DSVersion
24 $results | Add-Member -MemberType NoteProperty -Name "CompEnabled" -Value $gpo.Computer.Enabled
25 $results | Add-Member -MemberType NoteProperty -Name "UserVer" -Value $gpo.User.DSVersion
26 $results | Add-Member -MemberType NoteProperty -Name "UserEnabled" -Value $gpo.User.Enabled
27
28 $replResults += $results
29
30}
31
32$replResults | Sort-Object ModifyDate -Descending | FT DCName,CreateDate,ModifyDate,CompVer,CompEnabled,UserVer,UserEnabled
No comments