次の方法で共有


Get-GpLink function and GpLink backup

Hi all,

Who hasn't been dreaming of a get-gplink cmdlet? How would it be so simple to run a command and get the list of GPOs links to a site, OU or domain DN?

We could be doing so much with a simple "get-gplink".

I recently was at a client where I was performing remediation following a Group Policy Health I did a year ago and where the client had not time to do it himself.
When I left, 12 month ago, I gave him a list of the GPOs that were linked to its domain and the state of the links. But I wasn't able to do it now, as it was done using the Group Policy Health Check tool.

So I took upon myself to create the missing "get-glink" and I am now happy to share it with you.

I have built it so that it produces objects that can be used by the existing cmdlets related to gplink:

  • new-gplink
  • set-gplink
  • remove-gplink

In order to use it, you first have to register it to your environment. You can do this by simply executing the script with no parameter .\get-gplink.ps1

Run the command dir function:\ and verify that get-gplink is registed

 

Listing link GPO on an object:

Running the command get-help get-gplink –detailed will give you details on how to use the command.

Here is what an output looks like:

The same one returned in a table format:

 

Path: returns the DN of the object you run the command against
GPOGUID: returns the GUID of the GPO linked
GPOName: returns the friendly name of the GPO
Enforced: Returns whether the GPO link is enforce or not
Enabled: returns whether the GPO link is enabled or not
Order: return the link order

If the GPOGUID cannot be found in the domain, the GPO name is replaced by "Orphaned GPLink or External GPO". This version of get-gplink does not verify the GUID in other domains of the forest. This will be for a future version. So a unknow GUID can be either an "External GPO" or an "Orphaned GPLINK"

An Orphaned GPLINK is a gplink that is pointing to a missing GPC (group policy container).

This is how it looks like in GPMC:

Exporting to CSV:

Now the nice part about it is that you can simply export the results to a CSV file:

What could you then do with that CSV file…

How about restoring deleted gplinks?

 

Restoring deleted links and link order:

This is what I have exported in my csv:

I now delete my links:

Since I exported the links in the csv file, I can simply run the following command to restore them:

My links have been restored in the proper order and with the proper options:

 

And now the "plat de résistance"…

Group Policy Disaster Recovery:

You got it, this export is actually also a backup of sort.

So with some little PS scripting here is how on top of doing a backup of all you domain gpo, you can do the same with your GPO links.

I won't explain how to use backup-gpo and restore-gpo to backup and restored GPOs in your domain. But simply give you the command that you can add now to be able to simply restore those links:

Get-adobject –filter {(objectclass –eq "domaindns") –or (objectclass –eq "organizationalunit")} | foreach {get-gplink –path $_} | export-csv "gplink.all"

You now have a "backup" of all your domain gplinks.

Limitations:

This is just the first version of get-gplink. I plan you adding other functions such as reporting external linked GPOs and running the command against Sites as well. Stay tune for the updates.

You can find the script here

Comments

  • Anonymous
    October 30, 2015
    Hello,
    The link is broken. Where can i download your script ?
    Thanks