Hi,
I've been tasked to write a powershell script which generates report of GPO auditing.
It works great for all modifications except the change of GPO Precedence.
I thought modifying GPO Precedence will generated 2 events, one for the old value deleted and one for the new value added, like other modifications.
When I try in my lab I was suprised to see 8 events generated.
For example, here are the value of the 8 events generated (most recent in first):
Value:[LDAP://cn={6289B536-D1E0-4F07-9FC8-B583A7EC3DAF},cn=policies,cn=system,DC=audit,DC=posh;0][LDAP://cn={2F8F9B73-9AE6-4106-A625-898F14A6E293},cn=policies,cn=system,DC=audit,DC=posh;0]
Type:Value Added
Value:[LDAP://cn={6289B536-D1E0-4F07-9FC8-B583A7EC3DAF},cn=policies,cn=system,DC=audit,DC=posh;0][LDAP://cn={2F8F9B73-9AE6-4106-A625-898F14A6E293},cn=policies,cn=system,DC=audit,DC=posh;0]
Type:Value Deleted
Value:[LDAP://cn={6289B536-D1E0-4F07-9FC8-B583A7EC3DAF},cn=policies,cn=system,DC=audit,DC=posh;0][LDAP://cn={2F8F9B73-9AE6-4106-A625-898F14A6E293},cn=policies,cn=system,DC=audit,DC=posh;0]
Type:Value Added
Value:[LDAP://cn={6289B536-D1E0-4F07-9FC8-B583A7EC3DAF},cn=policies,cn=system,DC=audit,DC=posh;0][LDAP://cn={2F8F9B73-9AE6-4106-A625-898F14A6E293},cn=policies,cn=system,DC=audit,DC=posh;0]
Type:Value Deleted
Value:[LDAP://cn={6289B536-D1E0-4F07-9FC8-B583A7EC3DAF},cn=policies,cn=system,DC=audit,DC=posh;0][LDAP://cn={2F8F9B73-9AE6-4106-A625-898F14A6E293},cn=policies,cn=system,DC=audit,DC=posh;0]
Type:Value Added
Value:[LDAP://cn={2F8F9B73-9AE6-4106-A625-898F14A6E293},cn=policies,cn=system,DC=audit,DC=posh;0]
Type:Value Deleted
Value:[LDAP://cn={2F8F9B73-9AE6-4106-A625-898F14A6E293},cn=policies,cn=system,DC=audit,DC=posh;0]
Type:Value Added
Value:[LDAP://cn={2F8F9B73-9AE6-4106-A625-898F14A6E293},cn=policies,cn=system,DC=audit,DC=posh;0][LDAP://cn={6289B536-D1E0-4F07-9FC8-B583A7EC3DAF},cn=policies,cn=system,DC=audit,DC=posh;0]
Type:Value Deleted
I thought it will be directly that :
Value:[LDAP://cn={6289B536-D1E0-4F07-9FC8-B583A7EC3DAF},cn=policies,cn=system,DC=audit,DC=posh;0][LDAP://cn={2F8F9B73-9AE6-4106-A625-898F14A6E293},cn=policies,cn=system,DC=audit,DC=posh;0]
Type:Value Added
Value:[LDAP://cn={2F8F9B73-9AE6-4106-A625-898F14A6E293},cn=policies,cn=system,DC=audit,DC=posh;0][LDAP://cn={6289B536-D1E0-4F07-9FC8-B583A7EC3DAF},cn=policies,cn=system,DC=audit,DC=posh;0]
Type:Value Deleted
Does anyone know why changing the GPO Precedence generates 8 5136 events ?
Thanks,