Skip to content

PowerShell: Retrieve GPO reports and replication information

This PowerShell Function retrieves one or all the GPO and report their DSVersions and SysVolVersions (Users and Computers) from the Active Directory.

function Get-enADGPOReplication
{
   <#
         .SYNOPSIS
         Retrieve one or all the GPO and report their DSVersions and SysVolVersions
	
         .DESCRIPTION
         Retrieve one or all the GPO and report their DSVersions and SysVolVersions (Users and Computers)
	
         .PARAMETER GPOName
         Specify the name of the GPO
	
         .PARAMETER All
         Specify that you want to retrieve all the GPO (slow if you have a lot of Domain Controllers)
	
         .EXAMPLE
         Get-enADGPOReplication -GPOName "Default Domain Policy"

         Retrieve one GPO and report their DSVersions and SysVolVersions (Users and Computers)
	
         .EXAMPLE
         Get-enADGPOReplication -All

         Retrieve all the GPO and report their DSVersions and SysVolVersions (Users and Computers)
	
         .NOTES
         Version: 1.0.1
		
         GUID: 3b7d48e2-3cc9-4cfa-8664-2d9ffa425415
		
         Author: Joerg Hochwald
		
         Companyname: enabling Technology
		
         Copyright: Copyright (c) 2ß18-2019, enabling Technology - All rights reserved.
		
         License: https://opensource.org/licenses/BSD-3-Clause
		
         Releasenotes:
         1.0.1 2019-07-26 Refactored, License change to BSD 3-Clause
         1.0.0 2019-01-01 Initial Version
		
         THIS CODE IS MADE AVAILABLE AS IS, WITHOUT WARRANTY OF ANY KIND. THE ENTIRE RISK OF THE USE OR THE RESULTS FROM THE USE OF THIS CODE REMAINS WITH THE USER.
		
         Dependencies:
         Active Directory PowerShell Module
	
         .LINK
         https://www.enatec.io

         .LINK
         Get-ADDomainController

         .LINK
         Get-GPO
   #>
	
   [CmdletBinding(DefaultParameterSetName = 'All',
   ConfirmImpact = 'None')]
   param
   (
      [Parameter(ParameterSetName = 'One',HelpMessage = 'Specify the name of the GPO',
            Mandatory,
            ValueFromPipeline,
      ValueFromPipelineByPropertyName)]
      [ValidateNotNullOrEmpty()]
      [Alias('GPO')]
      [String[]]
      $GPOName,
      [Parameter(ParameterSetName = 'All',
            ValueFromPipeline,
      ValueFromPipelineByPropertyName)]
      [Switch]
      $All = $true
   )

   process
   {
      foreach ($DomainController in ((Get-ADDomainController -ErrorAction Stop -ErrorVariable ErrorProcessGetDC -Filter *).hostname))
      {
         try
         {
            if ($psBoundParameters['GPOName'])
            {
               foreach ($GPOItem in $GPOName)
               {
                  $GPO = (Get-GPO -Name $GPOItem -Server $DomainController -ErrorAction Stop -ErrorVariable ErrorProcessGetGPO)
						
                  [pscustomobject][ordered] @{
                     GroupPolicyName       = $GPOItem
                     DomainController      = $DomainController
                     UserVersion           = $GPO.User.DSVersion
                     UserSysVolVersion     = $GPO.User.SysvolVersion
                     ComputerVersion       = $GPO.Computer.DSVersion
                     ComputerSysVolVersion = $GPO.Computer.SysvolVersion
                  }
               }
            }
				
            if ($psBoundParameters['All'])
            {
               $GPOList = (Get-GPO -All -Server $DomainController -ErrorAction Stop -ErrorVariable ErrorProcessGetGPOAll)
					
               foreach ($GPO in $GPOList)
               {
                  [pscustomobject][ordered] @{
                     GroupPolicyName       = $GPO.DisplayName
                     DomainController      = $DomainController
                     UserVersion           = $GPO.User.DSVersion
                     UserSysVolVersion     = $GPO.User.SysvolVersion
                     ComputerVersion       = $GPO.Computer.DSVersion
                     ComputerSysVolVersion = $GPO.Computer.SysvolVersion
                  }
               }
            }
         }
         catch
         {
            Write-Warning -Message '[PROCESS] Something wrong happened'

            if ($ErrorProcessGetDC)
            {
               Write-Warning -Message '[PROCESS] Error while running retrieving Domain Controllers with Get-ADDomainController'
            }

            if ($ErrorProcessGetGPO)
            {
               Write-Warning -Message '[PROCESS] Error while running Get-GPO'
            }

            if ($ErrorProcessGetGPOAll)
            {
               Write-Warning -Message '[PROCESS] Error while running Get-GPO -All'
            }

            Write-Warning -Message "[PROCESS] $($Error[0].exception.message)"
         }
      }
   }
}

This is also part of my open-source repository.

Published inPowerShell

Be First to Comment

Leave a comment

By posting a comment you consent that I store the submitted information as well as your anonymized IP address on my servers, under the terms of my Privacy Policy. Your email is never shared with anyone else.

Required fields are marked *.