Group Policy Verification Tool (gpotool.exe)
Group Policy Verification Tool (gpotool.exe)
Group Policy has two parts; GPC and GPT. GPC is called Group Policy Container and GPT is called Group Policy Template. The first one is stored in Active Directory and later is stored in SYSVOL share.
The GPC is stored at the following path in the Active Directory:
DomainName.Com\System\Policies\{31B2F340-016D-11D2 .....}
The GPT is stored at:
SYSVOL\DomainName.Com\SYSVOL\Policies\{31B2F340-016D-11D2.....}
GPC and GPT must sync with each other. The GPC is replicated by the Active Directory replication and replicated to all the Domain Controllers of that domain. GPT is replicated by the File Replication Service or DFS-R and replicated to all the domain controllers of that domain.
- GPOTool is very useful tool that do the health of your groups policies. This is free utility and it can be downloaded from MS site.
- Tasks that can be accomplished:
- Verify consistency of a GPO across domain controllers, view properties of GPOs, such as display name, when created and changed, version number, GUID, and flags
A Group Policy may not apply to client computers if both GPC and GPT do not sync. GPC stores its version number in an attribute called VersionNumber which is matched with the Version Number stored in the GPT.INI for GPT. As an example, GPC version number is 23 whereas GPT version number is 24. Both versions are not matching and this is called Version Mismatch. You can check if all the Group Policy Objects in your organization has synced properly using the Gpotool.exe. The Gpotool.exe returns OK for each Group Policy it checks as shown below:
C:\>Gpotool.exe
Validating DCs…
Available DCs:
DC01.Windowstechno.local
DC02.Windowstechno.local
DC04.Windowstechno.local
Searching for policies…
Found 4 policies
Policy {31B2F340-016D-11D2-945F-00C04FB984F9}
Friendly name: Default Domain Policy
Policy OK
Policy {6AC1786C-016F-11D2-945F-00C04FB984F9}
Friendly name: Default Domain Controllers Policy
Policy OK
Policy {79A24835-93A3-4240-8DEA-F35EF53780DE}
Friendly name: CL-C-HomeDriveMapping-LS
Error: Cannot access \DC02.Windowstechno.local\sysvol\Windowstechno.local\polic
ies{79A24835-93A3-4240-8DEA-F35EF53780DE}, error 2
Error: Cannot access \DC04.Windowstechno.local\sysvol\Windowstechno.local\polic
ies{79A24835-93A3-4240-8DEA-F35EF53780DE}, error 2
Details:
DC: DC01.Windowstechno.local
Friendly name: CL-C-HomeDriveMapping-LS
Created: 4/14/2019 3:58:05 PM
Changed: 4/14/2019 4:11:07 PM
DS version: 10(user) 0(machine)
Sysvol version: 10(user) 0(machine)
Flags: 2 (user side enabled; machine side disabled)
User extensions: [{00000000-0000-0000-0000-000000000000}{2EA1A81B-48E5-45E9-8BB7
-A6E3AC170006}][{5794DAFD-BE60-433F-88A2-1A31939AC01F}{2EA1A81B-48E5-45E9-8BB7-A
6E3AC170006}]Machine extensions: not found
Functionality version: 2
DC: DC02.Windowstechno.local
Friendly name: CL-C-HomeDriveMapping-LS
Created: 4/14/2019 3:58:05 PM
Changed: 4/19/2019 4:23:38 PM
DS version: 10(user) 0(machine)
Sysvol version: not found
Flags: 2 (user side enabled; machine side disabled)
User extensions: [{00000000-0000-0000-0000-000000000000}{2EA1A81B-48E5-45E9-8BB7
-A6E3AC170006}][{5794DAFD-BE60-433F-88A2-1A31939AC01F}{2EA1A81B-48E5-45E9-8BB7-A
6E3AC170006}]Machine extensions: not found
Functionality version: 2
DC: DC04.Windowstechno.local
Friendly name: CL-C-HomeDriveMapping-LS
Created: 4/14/2019 3:58:05 PM
Changed: 4/19/2019 4:26:13 PM
DS version: 10(user) 0(machine)
Sysvol version: not found
Flags: 2 (user side enabled; machine side disabled)
User extensions: [{00000000-0000-0000-0000-000000000000}{2EA1A81B-48E5-45E9-8BB7
-A6E3AC170006}][{5794DAFD-BE60-433F-88A2-1A31939AC01F}{2EA1A81B-48E5-45E9-8BB7-A
6E3AC170006}]Machine extensions: not found
Functionality version: 2
————————————————————
Policy {A8F52BB2-BA8E-4327-B551-9AB1606559EE}
Friendly name: ST_Proxy_Setting_FD
Policy OK
Errors found
C:\Users\administrator.WINDOWSTECHNO>
You can download the GPO tool from here.
Download GPO Tool
So, that’s all in this blog. I will meet you soon with next stuff. Have a nice day!!!
Recommended contents
- GP Result
- What is Group Policy
- Group Policy Update
- Design Considerations for Group-Policy
- What is the Refresh Interval for Group Policy
- Group Policy templates and containers
- Group Policy objects
- Group Policy health check
- Group Policy health check on specific domain controller
- Group Policy verification tool gpotool exe
- how to find the group policy guid
- Group Policy understanding group policy preferences
- Group Policy management process
Guys please don’t forget to like and share the post. You can also share the feedback on below windows techno email id.
If you have any questions feel free to contact us on admin@windowstechno.com also follow us on facebook@windowstechno to get updates about new blog posts.