Got an issue with doing the GPUpdate /force as a post installation after an image has been installed.

The post install is: JoinDomain+Win7OU.ps1, Reg KMS, EnableUAC, reboot, gpupdate /force, reboot.

What happens is that the command GPUPdate /force doesn't work until after about five minutes, then it works fine.

Got a temporary solution which is "timeout 500" then "gpupdate /force" but that is doing the process a lot slower when imaging a lot of computers.


Do anyknow have any idea what the issue could be with the GPO?
I can send some logs tomorrow when I'm at the company.


Answer Summary:
0 Comments   [ - ] Hide Comments


Please log in to comment

Community Chosen Answer



This is most likely due to AD replication among the DC's.  When you join the machine a secure channel cert is issued and the added to the attached DC, this needs to replicate to the other DC's in the domain before this machine is fully recognized by the domain. 

GPUPdate /force on a large number of computers can be a problem. This is because these machines will hit a domain controller and reevaluate every GPO applicable to them.

Answered 11/07/2013 by: SMal.tmcc
Red Belt

  • GPUpdate: Applies any policies that is new or modified

    GPUpdate /force: Reapplies every policy, new and old.

    /LogOff: Certain GPOS, such as Folder Redirection, can’t apply in the background. If a logoff is required, this switch will initiate it.

    /Boot: If a policy, such as software installation, needs to be applied – the boot command will reboot the machine.

    /Sync: Useful for changing the foreground (startup/logon) processing to synchronous.
    • Thanks for the help, this will solve our issue.

      Have a great weekend
Please log in to comment
Answer this question or Comment on this question for clarity


This content is currently hidden from public view.
Reason: Removed by member request
For more information, visit our FAQ's.

Admin Script Editor
Admin Script Editor is an integrated scripting environment available free here at ITNinja