{"id":8031,"date":"2015-02-01T00:01:00","date_gmt":"2015-02-01T00:01:00","guid":{"rendered":"https:\/\/blogs.technet.microsoft.com\/heyscriptingguy\/2015\/02\/01\/weekend-scripter-use-powershell-to-troubleshoot-group-policy-part-2\/"},"modified":"2019-02-18T10:35:39","modified_gmt":"2019-02-18T17:35:39","slug":"weekend-scripter-use-powershell-to-troubleshoot-group-policy-part-2","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/scripting\/weekend-scripter-use-powershell-to-troubleshoot-group-policy-part-2\/","title":{"rendered":"Weekend Scripter: Use PowerShell to Troubleshoot Group Policy Part 2"},"content":{"rendered":"

Summary<\/b>: Guest blogger, Alex Verboon, continues his series about using Windows PowerShell to troubleshoot Group Policy.<\/span><\/p>\n

Microsoft Scripting Guy, Ed Wilson, is here. Welcome back guest blogger, Alex Verboon. Today Alex adds to his previous blog about using Windows PowerShell to troubleshoot Group Policy. He provides a script that automates this process. You can read his blog at Anything about IT<\/a>.<\/p>\n

Take it away Alex…<\/p>\n

In my previous post, Use PowerShell to Troubleshoot Group Policy<\/a>, I shared a script that retrieves the Group Policy processing time. As shown here, when specifying the optional –ShowDetails<\/b> switch, the Get-GPProcessingTime<\/a> script output also displays the Correlation:ActivityID that represents one instance of Group Policy processing.<\/p>\n

\"<\/a><\/p>\n

To get all the details of what happened during that Group Policy processing cycle, we simply retrieve all events that have the corresponding ActivityID:<\/p>\n

Get-GPEventByCorrelationID -Computer TestClient1 -CorrelationID f7cb68e1-f6da-4d23-8fca-c4cb85158de2<\/p>\n

Here is the script output:<\/p>\n

\"Image<\/a><\/p>\n

Following is the full script. You can download this script from the Script Center Repository at Get-GPEventByCo\u200brrelationID<\/a>.<\/p>\n

function Get-GPEventByCorrelationID<\/p>\n

{<\/p>\n

<#<\/p>\n

.Synopsis<\/p>\n

   Get Group Policy Eventlog entries by Correlation ID<\/p>\n

.DESCRIPTION<\/p>\n

   This function retrieves Group Policy event log entries filtered by Correlation ID from the specified computer<\/p>\n

.EXAMPLE<\/p>\n

   Get-GPEventByCorrelationID -Computer TestClient -CorrelationID A2A621EC-44B4-4C56-9BA3-169B88032EFD<\/p>\n

 <\/p>\n

TimeCreated                     Id LevelDisplayName Message                                                         <\/p>\n

———–                     — —————- ——-                                                         <\/p>\n

7\/28\/2014 5:31:31 PM          5315 Information      Next policy processing for CORP\\CHR59104$ will be attempted in…<\/p>\n

7\/28\/2014 5:31:31 PM          8002 Information      Completed policy processing due to network state change for co…<\/p>\n

7\/28\/2014 5:31:31 PM          5016 Information      Completed Audit Policy Configuration Extension Processing in 0…<\/p>\n

…….<\/p>\n

 <\/p>\n

#><\/p>\n

    [CmdletBinding()]<\/p>\n

    Param<\/p>\n

    (<\/p>\n

        [Parameter(Mandatory=$true,<\/p>\n

        ValueFromPipelineByPropertyName=$true,<\/p>\n

        HelpMessage="Enter Computername(s)",<\/p>\n

        Position=0)]<\/p>\n

        [String]$Computer = "localhost",<\/p>\n

        # CorrelationID<\/p>\n

        [Parameter(Mandatory=$true,<\/p>\n

        ValueFromPipelineByPropertyName=$true,<\/p>\n

        HelpMessage="Enter CorrelationID",<\/p>\n

        Position=0)]<\/p>\n

        [string]$CorrelationID<\/p>\n

        )<\/p>\n

 <\/p>\n

    Begin<\/p>\n

    {<\/p>\n

        $Query = '<QueryList><Query Id="0" Path="Application"><Select Path="Microsoft-Windows-GroupPolicy\/Operational">*[System\/Correlation\/@ActivityID="{CorrelationID}"]<\/Select><\/Query><\/QueryList>'<\/p>\n

        $FilterXML = $Query.Replace("CorrelationID",$CorrelationID)<\/p>\n

    }<\/p>\n

    Process<\/p>\n

    {<\/p>\n

        $orgCulture = Get-Culture<\/p>\n

        [System.Threading.Thread]::CurrentThread.CurrentCulture = New-Object "System.Globalization.CultureInfo" "en-US"<\/p>\n

        $gpevents = Get-WinEvent -FilterXml $FilterXML -ComputerName $Computer<\/p>\n

        [System.Threading.Thread]::CurrentThread.CurrentCulture = $orgCulture<\/p>\n

    }<\/p>\n

    End<\/p>\n

    {<\/p>\n

        [System.Threading.Thread]::CurrentThread.CurrentCulture = New-Object "System.Globalization.CultureInfo" "en-US"<\/p>\n

        $gpevents | Format-Table -Wrap -AutoSize -Property TimeCreated, Id, LevelDisplayName, Message<\/p>\n

        [System.Threading.Thread]::CurrentThread.CurrentCulture = $orgCulture<\/p>\n

     }<\/p>\n

}<\/p>\n

In addition to what I have posted here and in the Script Center Repository, I found the following script written by Thomas Bouchereau (PFE), which is similar: Group Policy processing events collection with PowerShell<\/a>.<\/p>\n

~Alex<\/p>\n

Thank you, Alex, for sharing your time and knowledge. This is an awesome script and I wanted to make sure we shared it with the community. Join me tomorrow when Windows PowerShell MVP, Richard Siddaway, begins a great series about working with the registry. You will not want to miss it.<\/p>\n

I invite you to follow me on Twitter<\/a> and Facebook<\/a>. If you have any questions, send email to me at scripter@microsoft.com<\/a>, or post your questions on the Official Scripting Guys Forum<\/a>. See you tomorrow. Until then, peace.<\/p>\n

Ed Wilson, Microsoft Scripting Guy<\/b><\/p>\n","protected":false},"excerpt":{"rendered":"

Summary: Guest blogger, Alex Verboon, continues his series about using Windows PowerShell to troubleshoot Group Policy. Microsoft Scripting Guy, Ed Wilson, is here. Welcome back guest blogger, Alex Verboon. Today Alex adds to his previous blog about using Windows PowerShell to troubleshoot Group Policy. He provides a script that automates this process. You can read […]<\/p>\n","protected":false},"author":596,"featured_media":87096,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[532,152,56,3,61,45],"class_list":["post-8031","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-scripting","tag-alex-verboon","tag-group-policy","tag-guest-blogger","tag-scripting-guy","tag-weekend-scripter","tag-windows-powershell"],"acf":[],"blog_post_summary":"

Summary: Guest blogger, Alex Verboon, continues his series about using Windows PowerShell to troubleshoot Group Policy. Microsoft Scripting Guy, Ed Wilson, is here. Welcome back guest blogger, Alex Verboon. Today Alex adds to his previous blog about using Windows PowerShell to troubleshoot Group Policy. He provides a script that automates this process. You can read […]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/8031","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/users\/596"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/comments?post=8031"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/8031\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media\/87096"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media?parent=8031"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/categories?post=8031"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/tags?post=8031"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}