Summary: Guest blogger, Alex Verboon, continues his series about using Windows PowerShell to troubleshoot Group Policy.
Microsoft Scripting Guy, Ed Wilson, is here. Welcome back guest blogger, Alex Verboon. Today Alex adds to his previous blog about using Windows PowerShell to troubleshoot Group Policy. He provides a script that automates this process. You can read his blog at Anything about IT.
Take it away Alex…
In my previous post, Use PowerShell to Troubleshoot Group Policy, I shared a script that retrieves the Group Policy processing time. As shown here, when specifying the optional –ShowDetails switch, the Get-GPProcessingTime script output also displays the Correlation:ActivityID that represents one instance of Group Policy processing.
To get all the details of what happened during that Group Policy processing cycle, we simply retrieve all events that have the corresponding ActivityID:
Get-GPEventByCorrelationID -Computer TestClient1 -CorrelationID f7cb68e1-f6da-4d23-8fca-c4cb85158de2
Here is the script output:
Following is the full script. You can download this script from the Script Center Repository at Get-GPEventByCo​rrelationID.
function Get-GPEventByCorrelationID
{
<#
.Synopsis
Get Group Policy Eventlog entries by Correlation ID
.DESCRIPTION
This function retrieves Group Policy event log entries filtered by Correlation ID from the specified computer
.EXAMPLE
Get-GPEventByCorrelationID -Computer TestClient -CorrelationID A2A621EC-44B4-4C56-9BA3-169B88032EFD
TimeCreated Id LevelDisplayName Message
———– — —————- ——-
7/28/2014 5:31:31 PM 5315 Information Next policy processing for CORP\CHR59104$ will be attempted in…
7/28/2014 5:31:31 PM 8002 Information Completed policy processing due to network state change for co…
7/28/2014 5:31:31 PM 5016 Information Completed Audit Policy Configuration Extension Processing in 0…
…….
#>
[CmdletBinding()]
Param
(
[Parameter(Mandatory=$true,
ValueFromPipelineByPropertyName=$true,
HelpMessage="Enter Computername(s)",
Position=0)]
[String]$Computer = "localhost",
# CorrelationID
[Parameter(Mandatory=$true,
ValueFromPipelineByPropertyName=$true,
HelpMessage="Enter CorrelationID",
Position=0)]
[string]$CorrelationID
)
Begin
{
$Query = '<QueryList><Query Id="0" Path="Application"><Select Path="Microsoft-Windows-GroupPolicy/Operational">*[System/Correlation/@ActivityID="{CorrelationID}"]</Select></Query></QueryList>'
$FilterXML = $Query.Replace("CorrelationID",$CorrelationID)
}
Process
{
$orgCulture = Get-Culture
[System.Threading.Thread]::CurrentThread.CurrentCulture = New-Object "System.Globalization.CultureInfo" "en-US"
$gpevents = Get-WinEvent -FilterXml $FilterXML -ComputerName $Computer
[System.Threading.Thread]::CurrentThread.CurrentCulture = $orgCulture
}
End
{
[System.Threading.Thread]::CurrentThread.CurrentCulture = New-Object "System.Globalization.CultureInfo" "en-US"
$gpevents | Format-Table -Wrap -AutoSize -Property TimeCreated, Id, LevelDisplayName, Message
[System.Threading.Thread]::CurrentThread.CurrentCulture = $orgCulture
}
}
In addition to what I have posted here and in the Script Center Repository, I found the following script written by Thomas Bouchereau (PFE), which is similar: Group Policy processing events collection with PowerShell.
~Alex
Thank you, Alex, for sharing your time and knowledge. This is an awesome script and I wanted to make sure we shared it with the community. Join me tomorrow when Windows PowerShell MVP, Richard Siddaway, begins a great series about working with the registry. You will not want to miss it.
I invite you to follow me on Twitter and Facebook. If you have any questions, send email to me at scripter@microsoft.com, or post your questions on the Official Scripting Guys Forum. See you tomorrow. Until then, peace.
Ed Wilson, Microsoft Scripting Guy
0 comments