Update: 22. August 2014: I have posted an updated version of the script here.
During his Group Policy: Notes from the Field - Tips, Tricks, and Troubleshooting session at TechEd Group Policy MVP Jeremy Moskowitz demonstrates how to filter the event log using the correlation ID. Now because I love using PowerShell I thought I create a function for that using Jeremy’s XMLquery.
function Get-GPEventByCorrelationID
{
<#
.Synopsis
Get Group Policy Eventlog entries by Correlation ID
.DESCRIPTION
This function retrieves Group Policy event log entries filtered by Correlation ID
.EXAMPLE
Get-GPEventByCorrelationID -CorrelationID A2A621EC-44B4-4C56-9BA3-169B88032EFD
TimeCreated Id LevelDisplayName Message
----------- -- ---------------- -------
7/17/2014 3:00:27 PM 5117 Information Group policy session completed successfully.
#>
[CmdletBinding()]
Param
(
# CorrelationID
[Parameter(Mandatory=$true,
ValueFromPipelineByPropertyName=$true,
Position=0)]
[string]$CorrelationID
)
Begin
{
$Query = '*[System/Correlation/@ActivityID="{CorrelationID}"]'
$FilterXML = $Query.Replace("CorrelationID",$CorrelationID)
}
Process
{
Get-WinEvent -FilterXml $FilterXML
}
End
{
}
}
Greetings form the sunny beaches at Sardinia.