This feature is available in NetTools v1.30.10 beta and above
Previously included in the Windows 2003 Resource Kit there was simple tool called GPOTool.exe, which checked the status of the GPOs in a domain, this would check the consistency of the details between the AD and Sysvol and highlight a number of common problems. As Windows 2003 Resource kit is no longer available for download from Microsoft, and this functionality hasn't been incorporated into any of the existing tools, there is no easy way to confirm the status of the GPOs in a domain.
Under the GPO Explorer in NetTools there is a test option that performs a similar suite of tests that were performed by GPOTool.exe. There are two methods to test the status of the GPOs, either at the individually GPO level or at the domain level to test all GPOs.
The test covers the following items:
- AD Replication
- Sysvol Replication
- Mismatching of AD and Sysvol versions
- Compare object counts for both AD and Sysvol
- Sysvol gpt.ini exists
- Trustees that have apply GPO rights have permissions in Sysvol
Test an Individual GPO
When selecting a GPO in the GPO Explorer an tab called Testing is shown with the details of the policy, which allows you to test the selected GPO. By default, the test will be run against all Domain Controllers in the domain, however, you are able to select which domain controllers will be be included in the test. This allows you to deselect domain controllers that might be at the end of a slow link or are offline temporarily. The server selection is on the test all GPO screen, see below.
Test All or multiple GPOs at once
This option is found by select the root of the domain in the left hand pane, the Testing tab displays the domain controllers and GPOs in the domain. The lists can be used to select which servers and GPOs will be included in the test . The test provides to those who have used GPOTool.exe before, with a touch nostalgia, as the output is pretty must the same as GPOTool.exe.
If an issue is found with the policies, the details of the policies on all domain controllers is displayed, or if Display Policy Details options is selected.