I have inherited a AD environment that is in much need of some TLC. Using the script found on:
https://social.technet.microsoft.com/wiki/contents/articles/52209.active-directory-find-and-treat-orphaned-group-policy-objects.aspx
My environment is showing that it has 25 phantom items.
24 of which are listed under a GUID and 1 is a PolicyDefinitions
I am looking for info on how to clean this up as safely as possible and exactly what steps i should take to backup and how to recover.
Little bit more background, when i first started going through the environment i found about a dozen GPO's that had revision mismatches via the below link and was able to get them all in sync by making a small change on the affected GPO's and then reverting
the change. Right now i am running this script daily and manually watching just to make sure nothing goes out of wack again. Future plans is to try to figure out a way to automate this and roll it into a monitoring solution.
https://gallery.technet.microsoft.com/Get-GPO-Replication-4db47c83
My other future plans are to check for any Disabled / unlinked GPO's and to find out why they are still there and try to remove them as well.
Any help / suggestions on the initial cleanup of the phantom objects or other ideas for cleanup and what to check for would be appreciated. Just a note on top of this, the current environment is still only a 2008 R2 functional level and has not made the migration to DFRS for sysvol replication. I figure i want to get this as cleaned up as possible before I make any more moves, but with 2008R2 going EoL by end of year i need to move somewhat fast.