The GPO Health Check Report provides information about whether the security filtering, GPO data, security policies, and GPO structural integrity in a GPO are accurate or corrupted. This report also helps you to identify failures in the File Replication Service (FRS) on domain controllers by comparing the GPO template with the GPO container.
You can view the GPO Health Check Report for a GPO in the GP Repository or in Active Directory.
To view the GPO Health Check Report:
In the left pane, expand GP Repository or GP Explorer.
Expand the appropriate domain hierarchy to the GPO for which you want to generate the report.
In the right pane, click the Health Check tab.
The Health Check Report is divided into the following main sections:
This section contains information about the GPO, such as the GPO owner, its GUID, and its status. The General section also contains information specific to the GPO in the GP Repository, such as the change history of the GPO, including when it was created, when it was last modified, and how many revisions have been made to the settings contained in the GPO.
This section contains the following information:
Status on whether the GPO display name is correct or wrong and also whether the GPO revisions are consistent
Status on the integrity of the GPO file system and the GPO Active Directory data
Status on whether the GPO is applied to users or computers and also whether the inheritance flag is set on the GPO security descriptor
Status on the integrity checks for file security, registry security, and services security
You can use this information to help identify corrupt GPOs in your Active Directory environment.