GPC - J House Consulting - DevOps, Microsoft, Citrix & Desktop Virtualisation (VDI) Specialist

Script to Generate a Group Policy Object (GPO) Version Report

June 26, 2016May 23, 2014 by Jeremy Saunders

Is there a version match between your Group Policy Object (GPO) containers and templates?

This PowerShell script will check that the version of each GPO is consistent in the Active Directory Group Policy Container (GPC) and on each Domain Controller in the Group Policy Template (GPT).

All Windows Operating Systems (since Windows 2000) will apply the GPO regardless of a version mismatch. However, a version mismatch will typically mean that some settings will simply not be applied because they haven’t been replicated correctly across the environment. Replication issues with good old flaky FRS and perhaps (but rarely) the newer DFS-R is often the reason that the GPT gets out of sync and lags behind the GPC. This is such a common problem.

Finding Orphaned Group Policy Objects

September 4, 2012September 3, 2012 by Jeremy Saunders

Group Policy Objects (GPOs) are stored in two parts:

GPC (Group Policy Container). The GPC is where the GPO stores all the AD-related configuration under the CN=Policies,CN=System,DC=… container, which is replicated via AD replication.
GPT (Group Policy Templates). The GPT is where the GPO stores the actual settings located within SYSVOL area under the Policies folder, which is replicated by either File Replication Services (FRS) or Distributed File System (DFS).

This script will help find GPOs that are missing one of the parts, which therefore makes it an orphaned GPO.