Are my GPO's in Sync?
Do you ever wake up at night in a panic...wondering are all my GPO's syncd? Me too! So today I thought I would write a GPO script that would allow me to check the versions of all my GPO's!
As you know the GPO version number is stored in a TXT based file in the root of each {<random string>} GIUD number folder and in the TXT file is a version number value.
The script does the following:
I hope you enjoy the script and it can help you in some way! I had fun writing it.
As you know the GPO version number is stored in a TXT based file in the root of each {<random string>} GIUD number folder and in the TXT file is a version number value.
The script does the following:
- Gets all the domain controllers in your domain (Checks if they are online or not)
- Gets all of the {GUID's} in each servers sysvol (If the path exists)
- Reads the version number for each one (If the file exists)
- Reports if there are errors
- Checks to see if all the versions match
- Prints out a nice report of Server, GUID, Version
Required Modules: ActiveDirectory
Required Permissions: RunAs Administrator on a domain controller as a domain admin account.
Results:
Script:
- #Group Policy Version Checker
- $startpath = get-location | select path
- $startpath = $startpath.path
- import-module activedirectory
- $hostnames = (Get-ADForest).Domains | %{ Get-ADDomainController -Filter * -Server $_ } | select hostname
- $domain = (get-adforest).rootdomain
- $myArray = @()
- $serverList = @()
- $hostnames = $hostnames.hostname
- $count = 0
- foreach($srv in $hostnames){
- $ping = Test-NetConnection $srv | select PingSucceeded
- $ping = $ping.pingsucceeded
- if ($ping -like "true"){
- write-host $srv "reply from host successful"
- $serverlist += [string]$srv
- }
- }
- foreach ($server in $serverList){
- $path = "\\" + $server + "\sysvol\" + $domain + "\Policies\"
- #write-host $path
- set-location $path
- $folders = get-childitem -directory
- foreach($folder in $folders){
- #write-host $folder.name
- $subfolder = $folder.name
- $subpath = $path + $subfolder
- $pathcheck = test-path $subpath
- if ($pathcheck -eq $true){
- set-location $subpath
- $filecheck = test-path GPT.INI
- if ($filecheck -eq $true){
- $version = get-content GPT.INI | select-string "Version"
- $version = $version -split "="
- $version = $version[1]
- $PSO = New-Object PSObject -property @{Server=$server;Folder=$subfolder;Version=$version}
- $myArray += $PSO
- }
- }
- }
- }
- $myArray | Sort-Object -Property Folder
- #Grab Unique GPO Objects:
- $folderchk = $myArray |select folder
- $folderchk = $folderchk.folder
- $folderchk = $folderchk | select -uniq
- #Create array to track version numbers in loop
- $myversions = @()
- #Loop through myarray and assign each version number to myversions
- foreach ($gpo in $folderchk){
- foreach ($row in $myArray){
- if($row.folder -like $gpo){
- $myversions += $row.version
- }
- }
- $checkveruni = $myversions | select -uniq
- $checkveruni = $checkveruni.count
- if ($checkveruni -gt 1){
- write-host "Mismatch found in $row"
- $count++
- }else
- {
- #write-host "Versions Match for:" $gpo
- }
- $myversions = $null
- }
- set-location $startpath
- start-sleep -seconds 2
- if ($count -eq 0){write-host "Congratualtions all GPO versions are in sync in your domain!"}
I hope you enjoy the script and it can help you in some way! I had fun writing it.
Comments
Post a Comment