Verify GPO.ini files are present across forest

This script searches all the domains in a forest, queries each GPO for the GUID and verifies the sysvol path for each GPO.ini file of each GPO actually exists.

Change domain.com to your forest entry.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
# GPT.ini Status Script
CLS
$displayFound = $false # Show or Hide the found GPOs. $true = Show, $false = Hide.
(Get-ADForest -Server domain.com).domains | Sort Name | % {
Write-Host ":::: Processing $_ ::::" -ForegroundColor Yellow
$GPOs = Get-GPO -all -domain $_
$Missing = 0; $Found = 0
ForEach ($GPO in $GPOs){
    If(!(Test-Path "\\$_\sysvol\$_\Policies\{$($GPO.ID)}\gpt.ini" -ErrorAction SilentlyContinue)){
        Write-Host "Missing: $_ $($GPO.ID) $($GPO.DisplayName)" -ForegroundColor Red
        $Missing += 1
    }Else{
        If ($displayFound -eq $true){ Write-Host "Found: $_ $($GPO.ID) $($GPO.DisplayName)" -ForegroundColor Green}
            $Found += 1
        }
    }
Write-Host ":::: $_ Status ::::" -ForegroundColor Cyan
Write-Host "Total GPOs: $($GPOs.count)" -ForegroundColor Cyan
Write-Host "Found GPOs: $Found" -ForegroundColor Cyan
Write-Host "Missing GPOs: $Missing" -ForegroundColor Cyan
}

Leave a Reply

Your email address will not be published. Required fields are marked *