So bear this in mind if you’re running this against your desktops or laptops with users logged in. The following Powershell will get you a list of computers from the Servers OU and export them to a text file on the C drive. I’ve added a dummy first entry to the text file, for some reason PSExec fails the first entry so this gets around that.
In Server 2012 this is an option, but we are on 2008 so this makes it much easier when applying GPO changes."Ian Zahorik In a Windows Domain Setup, Group Policy Objects (GPOs) can be used to configure the computer and user objects of the Active Directory.
Let’s look at 3 ways to achieve that, two of the methods require Server 2012 or Windows 8 with the remote administration tools to initiate the refresh, and the 3rd method can be initiated from Windows 7 or Server 2008 R2. Server 2012 introduced the functionality to remotely refresh Group Policy settings for all computers in an OU from the Group Policy Management Console (GPMC).
When you use this method, there is a random delay of up to 10 minutes, with the view of decreasing load on network traffic- this random delay cannot be configured when using the GUI.
By updating the DCs first one can start implementing stronger authentication as clients are migrated and also start implementing policies that address the new versions of Windows as they start joining the domain.
One of the feature I like on Windows 2012 and Windows 2012 R2 is the starter GPO for allowing the Power Shell cmdlet Invoke-GPUpdate to remotely schedule so as to update GPO settings at a time of our choosing.
For obvious reasons, I cannot test the server being shutdown and restarted constantly.