Active Directory 2012, Group Policy Management Tips

Replication Status

Microsoft released a great feature here especially for people working in an international infrastructure with unreliable and low bandwidth links.

In this kind of context it often happen that you modify a GPO that has not been replicated between DC.

You are now able to see the replication status and set a baseline DC.

To set your Domain Controller baseline, click change:



Select your reference DC :



And generate the report :



You know see the GPO replication status between your domain controllers.



If you need to check the replication status of a unique GPO select it under “Group Policy Object” folder (not the linked GPO).

You see the replication status and where the GPO in not yet replicated.



Click on GPO Version to see the detailed status as bellow:



GPO Update

Who never said to a user ¬ęPlease open a command prompt and run a GPUPDATE /force” or ” Please, Log Off / Log One”.

In order to avoid this curious situation Microsoft finally gives us a tools.






It’ll then create two scheduled task to update computer and user policy. The triggers is in a 10minutes range.



If you don’t want to apply the Group policy to all users and computers under the OU then you’ll need to run a PowerShell script :



Invoke-Gpupdate documentation :

http://technet.microsoft.com/en-us/library/hh967455.aspx

Different RSOP :



In the result set of policy you have a different presentation and especially the Processing time and event log of the different components:



See more here:

http://channel9.msdn.com/Shows/Edge/EdgeShow-46-Whats-up-with-GPOs-in-Windows-Server-2012?format=html5

Enjoy,

Julien

Leave a Reply

Your email address will not be published. Required fields are marked *