none
How to validate the .admx/.adml files with powershell or other scripts? RRS feed

  • Question

  • Hi experts,

    I have two files: .admx and the related .adml file and they will be added to C:\Windows\PolicyDefinitions for .admx (and the corresponding locale folder for .adml. For English, it is C:\Windows\PolicyDefinitions\en-US).

    Some policies will be added/modified/removed in the file at different stage.

    My question is: is they any way to validate the file after modification? We want to do it automatically instead of any manual operation.

    In a more detailed way, after importing the files(we could just copy the files into the above two locations, given we have all access rights to the folder), we could check all are valid. We want to use the validation in code thus it could be done automatically.

    I know we could process the GPO programmatically with C++ or other languages(such as this link). But they look a little heavy and complex.

    Is there any way to do the validation through the powershell or other scripts?

    Thanks very much! And even any suggestion would be great!

    Monday, October 21, 2019 8:10 AM

Answers

  • There is no automated way in PowerShell to do that. You will have to design and write a script that can cross validate the two files.


    \_(ツ)_/

    • Marked as answer by B0L Monday, October 21, 2019 9:01 AM
    Monday, October 21, 2019 8:55 AM

All replies

  • There is no known method for validating the files. You must edit them according to the requirements for ADMX policy files.

    You can check the XML structure against the schema but that does not prove that the templates are actually correct.

    [xml]$xml = Get-Content poicyfile.admx

    If there is no error then the XML has passed the schema test.

    https://support.microsoft.com/en-us/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra


    \_(ツ)_/

    Monday, October 21, 2019 8:23 AM
  • Really thank you very much for the reply, jrv!

    After we copying .admx/.adml to the system, when running gpedit.msc, error dialog will be popped up if there is any error for the .admx/.adml files. For example, if there is attribute used in .admx but not defined in .adml.

    We want to make the checking with these kind of errors in an automatic way. So now we have no luck? Thanks.

    Monday, October 21, 2019 8:41 AM
  • There is no automated way in PowerShell to do that. You will have to design and write a script that can cross validate the two files.


    \_(ツ)_/

    • Marked as answer by B0L Monday, October 21, 2019 9:01 AM
    Monday, October 21, 2019 8:55 AM
  • Thank you, jrv!
    Monday, October 21, 2019 9:01 AM
  • Hi jrv,

    If I import my own .admx/.adml files into the system, and if there are some failures, such as the key of one policies is not missing, then when I open the gpedit.msc, I will be prompted the error "Expected attribute 'key' not found." and also pointed out the exact line.

    So I have a question:

    Is there a error list? Or can we get all the possible errors if the .admx/.adml files have some invalidate fields?

    Thanks!

    (Please let me know if it is better to open a new thread to discuss it)


    • Edited by B0L Wednesday, October 23, 2019 9:26 AM
    Wednesday, October 23, 2019 9:09 AM
  • You will need to ask tis in the GP forum. It is not a scripting issue.

    There is no published API for this and no SDK support that I can find. 

    The errors you request info on will likely be detectable when the files are loaded as XML and the schema is validated.  If this is not something you are familiar with then you will need to take some time to understand how XML is designed and how it works, Schema validation returns any instance where an XML item does not match the schema.

    You might also ask in the Directory Services forum to see if they know of other sources of documentation.

    Also carefully review the documentation on how to create these files to extract the rules and any information that can help discover the rules.

    Again - none of this has anything to do with scripting.


    \_(ツ)_/

    Wednesday, October 23, 2019 2:26 PM