Windows Server TechCenter >
Windows Server Forums
>
Group Policy
>
How to tell what GPOs aren't in use
How to tell what GPOs aren't in use
- Is there any way to tell what GPOs are not active on any folders within an entire AD domain? I have a lot of GPOs in the list when I go to link an existing one, but most of them aren't active anymore. I want to generate a list of all the ones not needed so we can delete them.
Answers
- Using GPMC, You can right click on the forest and select Search.I built the following search criteria to get GPOs that aren't linked:Search Item: GPO-linksCondition: Does not exist inValue: Domain nameWhen added, this condition returned GPOs that have no links in the domain. If you have multiple domains or use sites for GPO links, you add additional conditions. you can also save the results for additional review.Guy
- Edited byGuy Yardeni Friday, November 06, 2009 9:24 PMtypo
- Marked As Answer byRJO22 Friday, November 06, 2009 10:07 PM
All Replies
- Good day RJO22,
If you have GPMC you can generate Group Policy Report with this report will show the list of group policy and it will show also Computer and User Configuration is Enabled or Disabled each group policy with detailed information.
GPMC you can install with this link:
http://www.microsoft.com/downloads/details.aspx?familyid=0a6d4c24-8cbd-4b35-9272-dd3cbfc81887&displaylang=en
Hope this will help you,
Cheers...
- Using GPMC, You can right click on the forest and select Search.I built the following search criteria to get GPOs that aren't linked:Search Item: GPO-linksCondition: Does not exist inValue: Domain nameWhen added, this condition returned GPOs that have no links in the domain. If you have multiple domains or use sites for GPO links, you add additional conditions. you can also save the results for additional review.Guy
- Edited byGuy Yardeni Friday, November 06, 2009 9:24 PMtypo
- Marked As Answer byRJO22 Friday, November 06, 2009 10:07 PM
- Thanks Guy, I didn't know that search existed. It'd be cooler if you could narrow it down to polices who's names contain or to policies that aren't on certain OUs and their sub-OUs. but this will definitely get the job done. many thanks!
- Hi,
Additional, you could find unlinked GPOs using scripts. For your reference:
Hey, Scripting Guy! How Can Get a List of All My Orphaned Group Policy Objects?
http://blogs.technet.com/heyscriptingguy/archive/2009/02/10/how-can-get-a-list-of-all-my-orphaned-group-policy-objects.aspx
Or use FindUnlinkedGPOs.wsf which was installed with GPMC.
Listing Unlinked GPOs in a Domain
http://msdn.microsoft.com/en-us/library/aa814151(VS.85).aspx#_win32_listing_unlinked_gpos_in_a_domain
Thanks.
This posting is provided "AS IS" with no warranties, and confers no rights.
