Evotec

Project

GPOZaurr

GPOZaurr helps inspect, report on, and remediate Group Policy environments with PowerShell.

View on GitHub Releases Get package
Stars 1,166
Forks 115
Open issues 16
PowerShell Gallery downloads 417,764
Release v1.1.9
Language: PowerShell Updated: 2026-04-11

API Reference

Function

Get-GPOZaurrBroken

Aliases: Get-GPOZaurrSysvol
Namespace GPOZaurr
Aliases
Get-GPOZaurrSysvol

Detects broken or otherwise damaged Group Policies

Remarks

Detects broken or otherwise damaged Group Policies providing insight whether GPO exists in both AD and SYSVOL. It provides few statuses: - Permissions issue - means account couldn't read GPO due to permissions - ObjectClass issue - means that ObjectClass is of type Container, rather than expected groupPolicyContainer - Not available on SYSVOL - means SYSVOL data is missing, yet AD metadata is available - Not available in AD - means AD metadata is missing, yet SYSVOL data is available - Exists - means AD metadata and SYSVOL data are available

Examples

Authored help example

EXAMPLE 1

PS >


Get-GPOZaurrBroken -Verbose | Format-Table

Common Parameters

This command supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable.

For more information, see about_CommonParameters.

Syntax

Get-GPOZaurrBroken [-ExcludeDomainControllers <String[]>] [-ExcludeDomains <String[]>] [-ExtendedForestInformation <IDictionary>] [-Forest <String>] [-IncludeDomainControllers <String[]>] [-IncludeDomains <String[]>] [-SkipRODC] [-VerifyDomainControllers] [<CommonParameters>]
#
Parameter set: All Parameter Sets

Parameters

ExcludeDomainControllers String[] optionalposition: 2pipeline: False
Exclude specific domain controllers, by default there are no exclusions, as long as VerifyDomainControllers switch is enabled. Otherwise this parameter is ignored.
ExcludeDomains String[] optionalposition: 1pipeline: False
Exclude domain from search, by default whole forest is scanned
ExtendedForestInformation IDictionary optionalposition: 5pipeline: False
Ability to provide Forest Information from another command to speed up processing
Forest String optionalposition: 0pipeline: Falsealiases: ForestName
Target different Forest, by default current forest is used
IncludeDomainControllers String[] optionalposition: 4pipeline: Falsealiases: DomainControllers
Include only specific domain controllers, by default all domain controllers are included, as long as VerifyDomainControllers switch is enabled. Otherwise this parameter is ignored.
IncludeDomains String[] optionalposition: 3pipeline: Falsealiases: Domain, Domains
Include only specific domains, by default whole forest is scanned
SkipRODC SwitchParameter optionalposition: namedpipeline: False
Skip Read-Only Domain Controllers. By default all domain controllers are included.
VerifyDomainControllers SwitchParameter optionalposition: namedpipeline: False
Forces cmdlet to check GPO Existance on Domain Controllers rather then per domain