Believe it or not, first few snapshots (Images) of this post were taken on 23rd Sep 2012 and few on 1st Sep 2013... And I did not got time for a write up for this post in last 3 years... You can understand now how busy I am... :)
Lets get back to this post... You can keep on praising me meanwhile for my dedication and hard work...
This post is all about GPMC in Windows 2012 Server. The new changes which were introduced in GPMC
Its a conflicting statement which I usually give... At times I say I have been working since the days of Windows 2000 and then at time I would like to say that I am young and haven't even seen Windows 2000... You know... Saying that you have been working since Windows 2000 days adds a lot of weight as a system admin...
Coming back to GPMC again... Earlier in Windows 2000 and Windows 2003, We use to have a tool known as GPOTOOL... You all must be knowing the fact that Group Policies are stored partially in AD and partially in SYSVOL. And to successfully apply them it is mandatory that the version of the GPO in AD should match with the version of same GPO in SYSVOL...
GPOTOOL was used to compare this version. However there were some issues with that tool and that`s why Microsoft introduced a Tab "Status"in GPMC.
"This page shows the status of Active Directory and SYSVOL (DFSR) replication for this domain as it relates to Group Policy"
You must be thinking why I wrote the above statement when it was mentioned in the snapshot given below... This is called search optimization... Getting my blog / post listed in the search results when someone looks for this string... This is not called ADShotGyan... This is ExtraGyan which I like to share periodically...
As stated earlier, this tool (As well as the earlier one "GPOTool") will "Compare" the version of a GPO in AD with that of in SYSVOL. For a comparison, there has to be a Baseline Server
So, here in this snap in, you will have a Baseline Server. Usually, the baseline server is the PDC, however this can be changed
Currently, The Data is Uncollected. So lets click on "Detect Now"
And here you gooooooo... Infrastructure Status was last gathered: 9/23/2012 6:04 AM
6:04 AM... Guys... 6:04 AM
See... How Hard Working I am... :)
So, It detected the domain controller and the replication was in sync
Now lets checks if this actually works. We will stop the Active Directory Domain Services on a Domain Controller and then will run the same test again
Ahhh... Active Directory Status "Inaccessible"
Click on this link...
Lets start the service again
Working again now...
Note that on left pane, we have selected the "Domain Name"
Now what if I select the linked Group Policy "Default Domain Policy"
I don`t get the "Status" Tab
I click on an OU in left pane and still I don`t see the Status Tab
But what if I click on a GPO listed in the Group Policy Objects
Yes, It shows the Status Tab. Point to note here is that this status tab when clicked on a GPO will show me the status for that GPO ONLY, However when the domain name was selected, it showed me the status of all the GPO`s
Group Policy Results...
Summary Tab
Details Tab
Policy Events Tab
Summary Tab
- If a fast link or a slow link was detected
- Any special alerts
Details
List all the group policy settings configured in this group policy object
This is further divided into:-
- General
- Component Status
- Settings
- Group Policy Objects
- WMI Filters
General:
- Computer Name
- Domain
- Site
- OU
- Security Group Membership
Component Status:
- Group Policy Infrastructure
- Registry
- Security
This will list the status (Success/Failure), Time Taken (In Processing the CSE), Last Process Time and Event Log
Notice that the "Last Process Time" and the "Event Log" is a Link
Click on the link for "Last Process Time" and you will get the following dialog box
Great Information...
- Loopback Processing
- Loopback Mode
- Link Speed
- Slow Link Threshold
- Domain Controller Name
- Domain Controller IP
- Processing Trigger
All this information is remote as this information if of the client and not of the domain controller (In the example we have selected the domain controller as the machine, but if you choose a client machine then all this information will be of the client machine) as we are running RSOP remotely from the GPMC Snap-In
Click on the "Event Log" Link
This will list all the events which has appeared in the event log while the group policy was processing
Settings:
The settings which have been defined in the Group Policy Object
Notice again that the Policy has a Link
Clicking on the link will display a dialog box which will explain the description of that setting
This is same which we use to get in the GPO Editor when we click on a setting
Applied GPO:
List all the GPO`s applied at this location
WMI Filters
Policy Events
List all the Events related to Group Policy Processing of the particular machine
Group Policy Update (Remote)
Another cool feature of GPMC is to allow remote policy update
Right click on an OU and select the option "Group Policy Update"
Oops... Error
Yes, that was done intentionally so that you can see that its not that you will only get success, you may get an error as well. At this time, the machine in that OU was turned off so we got this error
Doing the same on the Domain Controller OU
Success
