Author Posts

February 9, 2016 at 4:47 pm

I have to implement a change to a PKI CA that will require gpupdate /force on all DC's in the forest (multi child domains) to receive the registry addition(s) in a timely manner.

How can I run a PS one liner to invoke-command to accomplish that if I have (so far) this discovery bit of scripting? I'm unclear after the pipe how to accomplish.

foreach ($domain in ((get-adforest).domains)) { get-addomaincontroller -filter * -server $domain } | invoke-command {gpupdate /force}

thank you

February 9, 2016 at 5:15 pm

I did get this to work thanks to Month of Lunches CH 15!

Invoke-Command -ScriptBlock {gpupdate /force} -ComputerName (Get-Content .\alldcs.txt)

Can someone help me put the two together?

February 9, 2016 at 5:51 pm

Hi Jeff

foreach ($domain in ((get-adforest).domains)) {

Invoke-Command -computername (get-addomaincontroller -filter * -server $domain).hostname -ScriptBlock{gpupdate /force}
}

February 9, 2016 at 5:53 pm

Your almost there

foreach ($domain in (get-adforest).domains) { get-addomaincontroller -filter * -server $domain | invoke-gpupdate -RandomDelayInMunutes 0}

February 10, 2016 at 4:29 pm

Thanks Yuan...perfect success for my 2008 DC's

Thanks David...perfect success for my 2012 DC's (typo corrected for -RandomDelayInMinutes)

February 10, 2016 at 4:34 pm

quick followup question.

I have 45 DCs to run gpupdate against. Does invoke-gpupdate have a throttle limit on the number of processes this will use against my DC's. I want to ensure all of them recieve the gpupdate.

I seem to recall in Month of Lunches (returned to library) that there was a limit with Invoke-Command so wondered about invoke-gpupdate similarly.

February 11, 2016 at 9:28 am

If you take a look at the -Computer parameter for Invoke-GPUpdate, you'll notice that it only accepts a single computer, while the -ComputerName parameter of Invoke-Command accepts multiple computers. Compare Get-Help -Name Invoke-GPUpdate -Parameter Computer and Get-Help -Name Invoke-Command -Parameter ComputerName. See the square brackets –> []. Those indicate it'll take more than one at a time. Therefore, there's no need for a -ThrottleLimit parameter. In addition, since we're piping computer names to the cmdlet, it's only going to process one computer at a time anyway.

February 16, 2016 at 11:35 am

tommymaynard, thanks for the reminder on those []

I didn't know we could do a get-help on get-help! niiiice