Group Policy Objects and Gpotool.EXE

Group Policy has two parts; GPC and GPT. GPC is called Group Policy Container and GPT is called Group Policy Template. The first one is stored in Active Directory and later is stored in SYSVOL share.

The GPC is stored at the following path in the Active Directory:

DomainName.Com\System\Policies\{FGR32-2F244…..}

The GPT is stored at:

SYSVOL\DomainName.Com\SYSVOL\Policies\{FGR32-2F244…..}

GPC and GPT must sync with each other. The GPC is replicated by the Active Directory replication and replicated to all the domain controllers of that domain. GPT is replicated by the File Replication Service or DFS-R and replicated to all the domain controllers of that domain.

A Group Policy may not apply to client computers if both GPC and GPT do not sync. GPC stores its version number in an attribute called VersionNumber which is matched with the Version Number stored in the GPT.INI for GPT. As an example, GPC version number is 23 whereas GPT version number is 24. Both versions are not matching and this is called Version Mismatch. You can check if all the Group Policy Objects in your organization has synced properly using the Gpotool.exe. The Gpotool.exe returns OK for each Group Policy it checks as shown below:

  • C:\>Gpotool.exe
  •    Validating DCs…
  •    Available DCs:
  •    DC1.DomainName.Com
  •    DC2.DomainName.Com
  •    Searching for policies…
  •    Found 2 policies
  •    =============================================
  •    Policy {GUID}
  •    OK
  •    =============================================
  •    Policy {GUID}
  •    Version Mismatch: DS Version (23), SYSVOL Version (24)
  •    =============================================

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top