Updating Group policy on specific Delivery Groups and Servers

Doing a lot of Citrix implementations I often find myself wanting to update Group policy on a number of Citrix servers to test changes.

One could log on to every single server and update group policy with the GPupdate command – but hey that would take forever.

Powershell to the rescue.

I created a function that queries for delivery groups and presents them with Out-GridView. Out-GridView is a native cmdlet in powershell that creates a sort of GUI for the object passed into it.

This looks like this in my test environment with two delivery groups present:

When the delivery group you want to update and press the OK button.

This passes the delivery group names on to the next step – selecting the servers to update:

If you want to select all servers press CTRL-A and press OK when ready

The servers choosen is then passed on to the part that dows the actual gpupdate part.

The script utillizes Powershell remoting to issue the GPupdate command to each server choosen

To speed things up in a larger environment the script does this with a powershell job for each server. These jobs run synchronously in batches of 32 by default. This number can be change with the ‘ThrottleLimit’ parameter for Invoke-Command.

Each job fires up a new Powershell instance on your computer so be carefull not to bloat with to many at a time.

If you want to view the progress an result you can use the Get-Job cmdlet:

And when it is has completed:

If a server fails to execute the command it is possible to view the actual output from the remote server for a single job with ‘Retrieve-Job’

As you can see this the exact output as if you had run it locally on your own server.

As this uses Powershell remoting to do its job this has to be enabled. It is enabled by default in Windows Server 2012 and later.

I hope that others will find this usefull and please reach out if you have comments or things that could need improvement.


Here is the entire Powershell function:

Function Update-DeliveryGroupGPO {
   Refreshes GPO on selected Delivery Groups and servers 
   Queries for list of delivery groups. Based on selected delivery groups servers are retreived. Selected servers will be contacted via Powershell remoting to run a GPupdate 
   command. Use Get-Job to see the execution status of each server selected Use Receive-Job to see the output generated from the job 
   Update-DeliveryGroupGPO Starts the script - Uses Out-Gridview to guide through the process 
   Script takes no input from pipeline 
   Outputs jobs you can see with Get-Job and Receive-Job
  Param ()
  Add-PSSnapin citrix*

  $DeliveryGroups = Get-BrokerDesktopGroup |
                      Select-Object Name |
                      Out-GridView -Title "Choose delivery group" -PassThru

  $Servers = Get-BrokerDesktop |
               Where-Object { $DeliveryGroups.name -contains $_.DesktopGroupName } |
               Select-Object DNSName, DesktopGroupName |
               Sort-Object -Property desktopgroupname |
               Out-GridView -Title "Choose servers" -PassThru

  foreach ($Server in $Servers) {
    Write-Host "Updating $($Server.DNSName)"
    Invoke-Command -ComputerName $($Server.DNSName) -ScriptBlock { gpupdate } -AsJob | Out-Null

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.