Do you need to get an overview of the GPO’s and the GPO links in Active Directory?
Don’t worry! You’re only a few lines of PowerShell away from reaching your goal.
To retrieve all GPO’s you can use the following line:
- Get-GPO -All
However, the resulting list of objects does not give away detailed information like GPO links, the enabled state of user/computer settings, etc.
To get the full information you need to generate a GPO report. The report type should be XML to allow you direct access to the GPO properties.
The following code gets an XML report of the first GPO:
- [xml]$Report = (Get-GPO -All)[0] | Get-GPOReport -ReportType XML
As you can see in the below output you can drill down in the properties of the $Report object to retrieve various information:
Obviously, now we have all the information needed to produce a script that lists all links for all GPO’s in your domain.
It could look like this:
- $GPOs = Get-GPO -All
- $OutputFile = ".\GPOList.txt"
- "Name;LinkPath;ComputerEnabled;UserEnabled;WmiFilter" | Out-File $OutputFile
- $GPOs | % {
- [xml]$Report = $_ | Get-GPOReport -ReportType XML
- $Links = $Report.GPO.LinksTo
- ForEach($Link In $Links){
- $Output = $Report.GPO.Name + ";" + $Link.SOMPath + ";" + $Report.GPO.Computer.Enabled + ";" + $Report.GPO.User.Enabled + ";" + $_.WmiFilter.Name
- $Output | Out-File $OutputFile -Append
- }
- }
The output file will list one line for each GPO link, stating the following information:
- the GPO name
- the GPO link
- the computer settings enabled status
- the user settings enabled status
- the name of the WMI filter (if one exists)
Adjust the script according to your needs. Have fun!
