A Windows computer Group Policy is updated in the background every 90 minutes with a random offset of 0 to 30 minutes. This is enough to guarantee that Group Policies are refreshed frequently without introducing a high processing on computers and domain controllers you have or increasing bandwidth consumption. However, it happens that an immediate refresh of Group Policy settings is required to urgently apply new settings on domain-joined computers. This Wiki article shares a way to force this immediate refresh.

To force an immediate refresh of Group settings on domain-joined computers, you need to:

  1. Download PsExec: http://technet.microsoft.com/en-gb/sysinternals/bb897553.aspx
  2. Use the following script to get the list of AD-integrated computers and run gpupdate /force remotely on them:

##############Variables#################

$DN = "DC=contoso,DC=com"

#######################################

##############Main######################

Import-module activedirectory

$allcomputers = Get-ADComputer -SearchBase $DN -Filter *

foreach ($computer in $allcomputers) {$comp = $computer.name.ToString();.\PsExec.exe \\$comp gpupdate.exe /force}

You need to update $DN parameter to specify the start of search of computers in your Active Directory domain. Also, the script should be launched from the same folder where PsExec is located.

The script will process the discovered computers one by one in sequence. To improve the processing, you can run multiple instances of the script at the same time using the different start of searches.