Select Page

A couple of weeks ago I wrote this post on the MSDN site, reviewing some of the new Group Policy features in Windows 8/Server 2012. One of those features was a new PowerShell cmdlet in the Group Policy PowerShell module called invoke-gpupdate. This cmdlet, as the name implies, allows you to do a GPUpdate against remote target machines. This cmdlet is similar to another new feature in Win8/Server 2012–namely the ability to trigger remote GPUpdates from GPMC. The advantage of the GPMC interface, however, is that you can right-click and OU and trigger a GPUpdate against all computers in that OU. Unfortunately the invoke-gpupdate cmdlet does not include such a feature. You have to pass it a computer name one-at-a-time. However, thanks to the power of the PowerShell pipeline, that’s no big deal!

Using a combination of invoke-gpupdate from the Group Policy Module (import-module GroupPolicy) and Get-ADComputer from the ActiveDirectory module (import-module ActiveDirectory), you can get a list of all computers in a given OU, and pass that along to the invoke-gpupdate cmdlet. The following command does just that–getting all computer accounts in the OU called “VM” and passing them to invoke-gpupdate. For machines that are not on or are otherwise unavailable, I re-direct StdErr to a text file that I can look at after the fact. Also, since invoke-gpupdate doesn’t provide any output to tell me that it ran, I include a little text in the form of “Refreshing host $_.Name now” to let me know what machines ARE getting refreshed:

get-adcomputer -SearchBase "OU=VM, DC=cpandl,DC=com" -Filter * | %{invoke-gpupdate -Computer $_.Name; "Refreshing host $_.Name now"} 2> c:\data\errs.txt

Interestingly (and thanks to PowerShell MVP Brandon Shell for pointing me in the right direction on this), the invoke-gpupdate cmdlet does not allow me to pass objects from the pipeline directly, so I have to use the foreach-object cmdlet (%) to parse through each entry returned by get-adcomputer and pass it along to the invoke-gpupdate cmdlet.

So, even though you have to do a little extra work, using the combination of get-adcomputer and invoke-gpupdate allows you to achieve the same thing you can within the GPMC GUI. Gotta love PowerShell!

 

Darren