Author Posts

July 15, 2014 at 7:59 am

I'm brand new to PS, and have tried using the various helps for both the Get-ADOrganizationalUnit and Get-GPO cmdlets, but I can't seem to get what I need. I found a script online which (I export to a CSV and...) lists all the OU's in column A, and then the GPO's linked to each of the OU's. However, what I want is just the opposite. I want to get a list of all the policies in column A, and then all the OU's that they're linked to in column B.

The script I was trying is below. I modified it a little to spit out a CSV and only show the "FriendlyGPODisplayName" and OU Name. But I just feel like Get-ADOrganizationalUnit is just not going to be the right cmdlet for what I'm looking for. However, there doesn't seem to be any "Get-GPLink" type cmdlets (only "set, remove, and new) which sounds like it would work perfect if it existed.
http://powershell.com/cs/forums/p/13834/25908.aspx

Thanks.

July 15, 2014 at 8:05 am

Get-ADOrganizationalUnit returns an OU. OU objects don't know anything about linked GPOs.

Get-GPO returns a GPO object – e.g., a representation of the file on disk. It has no idea where it's linked.

Keep in mind a GPO link can apply to an OU, a site, or a domain – not just OUs. And yes, we're notably lacking a native Get-GPLink. It's a pain.

You're probably after something like http://blogs.technet.com/b/thbouche/archive/2013/07/10/get-gplink-cmdlet-and-gplink-backup.aspx (which discusses a Get-GPLink function). You can also look at SDM Software's GP cmdlets (http://sdmsoftware.com/group-policy-blog/gpmc/retrieving-gpo-links-with-powershell/).

July 15, 2014 at 9:19 am

Thanks for the info. Regarding the first link, I am able to register the cmdlet and successfully run it against my domain. However, it only seems to do one path at a time (top-level OU for example). I tried using a "*" wildcard after -path, but it had an Unvalide error.
This seems like it will produce the type of file I want, if I can get it to spit out all the GPONames from all the paths.

July 15, 2014 at 10:00 am

I'm also having the same issue with the SDM cmdlets in the second link. I can get everything to run if I specify the OU or CN, like this,
Get-SDMgplink -scope "OU=Servers,DC=example,DC=com"

However, I don't understand the correct syntax to allow "OU" to equal a wildcard, or somehow bring back the results from ALL OU's.