Saturday, May 20, 2006

GPOTool to Check GPO Consistency

One of the most common group policy problems which produces hidden policies or inconsistent results is when SYSVOL may not be replicating correctly. Using the resource kit tool GPOTool is the best way to ensure that replication of Group Policy is occurring

The utility will report all “Policies OK” if all Domain Controllers SYSVOLS are up to date and current. It is worth considering scheduling this process to occur and report early in the morning as a standard maintenance check.

SYSVOL replication or convergence can take some time in larger organisations, however if the problem still remains after more than 24hrs you need to start investigating the FRS service which is responsible for replicating SYSVOL.

Start by using the sonar utility from the resource kit to see if it exposes any errors with FRS. This tool interrogates the FRS service on all of your Domain Controllers and reports back status and errors in a GUI tool. Then start to investigate the error messages you find.