List of all GPO's with their links.

This topic contains 3 replies, has 2 voices, and was last updated by Profile photo of Tim French Tim French 2 years, 4 months ago.

  • Author
    Posts
  • #17138
    Profile photo of Tim French
    Tim French
    Participant

    I'm brand new to PS, and have tried using the various helps for both the Get-ADOrganizationalUnit and Get-GPO cmdlets, but I can't seem to get what I need. I found a script online which (I export to a CSV and...) lists all the OU's in column A, and then the GPO's linked to each of the OU's. However, what I want is just the opposite. I want to get a list of all the policies in column A, and then all the OU's that they're linked to in column B.

    The script I was trying is below. I modified it a little to spit out a CSV and only show the "FriendlyGPODisplayName" and OU Name. But I just feel like Get-ADOrganizationalUnit is just not going to be the right cmdlet for what I'm looking for. However, there doesn't seem to be any "Get-GPLink" type cmdlets (only "set, remove, and new) which sounds like it would work perfect if it existed.
    http://powershell.com/cs/forums/p/13834/25908.aspx

    Thanks.

  • #17140
    Profile photo of Don Jones
    Don Jones
    Keymaster

    Get-ADOrganizationalUnit returns an OU. OU objects don't know anything about linked GPOs.

    Get-GPO returns a GPO object – e.g., a representation of the file on disk. It has no idea where it's linked.

    Keep in mind a GPO link can apply to an OU, a site, or a domain – not just OUs. And yes, we're notably lacking a native Get-GPLink. It's a pain.

    You're probably after something like http://blogs.technet.com/b/thbouche/archive/2013/07/10/get-gplink-cmdlet-and-gplink-backup.aspx (which discusses a Get-GPLink function). You can also look at SDM Software's GP cmdlets (http://sdmsoftware.com/group-policy-blog/gpmc/retrieving-gpo-links-with-powershell/).

  • #17141
    Profile photo of Tim French
    Tim French
    Participant

    Thanks for the info. Regarding the first link, I am able to register the cmdlet and successfully run it against my domain. However, it only seems to do one path at a time (top-level OU for example). I tried using a "*" wildcard after -path, but it had an Unvalide error.
    This seems like it will produce the type of file I want, if I can get it to spit out all the GPONames from all the paths.

  • #17142
    Profile photo of Tim French
    Tim French
    Participant

    I'm also having the same issue with the SDM cmdlets in the second link. I can get everything to run if I specify the OU or CN, like this,
    Get-SDMgplink -scope "OU=Servers,DC=example,DC=com"

    However, I don't understand the correct syntax to allow "OU" to equal a wildcard, or somehow bring back the results from ALL OU's.

You must be logged in to reply to this topic.