locked
PowerShell - Determining if a GPO is linked RRS feed

  • Question

  • Can anybody advise how I can make use of PowerShell to determine if a particular GPO is linked? I have a script that runs through all the GPOs in the domain via the Get-GPOReport cmdlet but I only want it to filter for GPOs that are linked.
    Wednesday, June 29, 2011 9:17 AM

Answers

  • Function Get-AllGPO
    {
    	Get-GPOReport -all -ReportType xml | %{
    		([xml]$_).gpo | select name,@{n="SOMName";e={$_.LinksTo | % {$_.SOMName}}},@{n="SOMPath";e={$_.LinksTo | %{$_.SOMPath}}}
    	}
    }
    
    #Get Gpo with name Turn* and display what OU is linked.
    Get-AllGPO | ? {$_.Name -match "Turn*"} | %{$_.SomName}
    
    


    Wednesday, June 29, 2011 10:02 AM
  • For those who cannot use the GPO module, get linked GPOs:

    $gpm = New-Object -ComObject GPMgmt.GPM
    $constants = $gpm.GetConstants()
    $GPODomain = $gpm.GetDomain($env:USERDOMAIN,$null,$contants.UsePDC)
    $GPOs = $GPODomain.SearchGPOs($gpm.CreateSearchCriteria())

    $GPOs | Foreach-Object{
     $gpmSearchCriteria = $gpm.CreateSearchCriteria()
     $gpmSearchCriteria.Add($constants.SearchPropertySomLinks,$constants.SearchOpContains,$_)
     $somList = $GPODomain.SearchSoms($gpmSearchCriteria)
     if($somList.Count -gt 0) {$somList.DisplayName}
    }


    Shay Levy [MVP]
    PowerShay.com
    PowerShell Toolbar
    Thursday, June 30, 2011 7:01 AM
  • Its part of RSAT it looks like

    http://technet.microsoft.com/en-us/library/ee461027.aspx
    http://technet.microsoft.com/en-us/library/dd367856(WS.10).aspx

    "To use the Windows PowerShell Group Policy cmdlets, you must be running either Windows Server 2008 R2 on a domain controller or on a member server that has the GPMC installed, or Windows 7 with Remote Server Administration Tools (RSAT) installed. RSAT includes the GPMC and its cmdlets."


    Justin Rich
    http://jrich523.wordpress.com
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    Thursday, June 30, 2011 1:32 PM

All replies

  • Function Get-AllGPO
    {
    	Get-GPOReport -all -ReportType xml | %{
    		([xml]$_).gpo | select name,@{n="SOMName";e={$_.LinksTo | % {$_.SOMName}}},@{n="SOMPath";e={$_.LinksTo | %{$_.SOMPath}}}
    	}
    }
    
    #Get Gpo with name Turn* and display what OU is linked.
    Get-AllGPO | ? {$_.Name -match "Turn*"} | %{$_.SomName}
    
    


    Wednesday, June 29, 2011 10:02 AM
  • dont forget to import the grouppolicy module
      Import-Module GroupPolicy


    Justin Rich
    http://jrich523.wordpress.com
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    Wednesday, June 29, 2011 12:24 PM
  • For those who cannot use the GPO module, get linked GPOs:

    $gpm = New-Object -ComObject GPMgmt.GPM
    $constants = $gpm.GetConstants()
    $GPODomain = $gpm.GetDomain($env:USERDOMAIN,$null,$contants.UsePDC)
    $GPOs = $GPODomain.SearchGPOs($gpm.CreateSearchCriteria())

    $GPOs | Foreach-Object{
     $gpmSearchCriteria = $gpm.CreateSearchCriteria()
     $gpmSearchCriteria.Add($constants.SearchPropertySomLinks,$constants.SearchOpContains,$_)
     $somList = $GPODomain.SearchSoms($gpmSearchCriteria)
     if($somList.Count -gt 0) {$somList.DisplayName}
    }


    Shay Levy [MVP]
    PowerShay.com
    PowerShell Toolbar
    Thursday, June 30, 2011 7:01 AM
  • Hi Mr. Rich,

    How to get that module please ?

    I get the following error message.

    Import-Module : The specified module 'GroupPolicy' was not loaded because no valid module file was found in any module directory.
    At C:\Temp\04ab5602-b14f-4215-821b-c52125dcd287.ps1:1 char:15
    + Import-Module <<<< GroupPolicy
      + CategoryInfo     : ResourceUnavailable: (GroupPolicy:String) [Import-Module], FileNotFoundException
      + FullyQualifiedErrorId : Modules_ModuleNotFound,Microsoft.PowerShell.Commands.ImportModuleCommand
     
    New-Object : Cannot load COM type GPMgmt.GPM.
    At C:\Temp\04ab5602-b14f-4215-821b-c52125dcd287.ps1:3 char:18
    + $gpm = New-Object <<<< -ComObject GPMgmt.GPM
      + CategoryInfo     : InvalidType: (:) [New-Object], PSArgumentException
      + FullyQualifiedErrorId : CannotLoadComObjectType,Microsoft.PowerShell.Commands.NewObjectCommand
     
    You cannot call a method on a null-valued expression.
    At C:\Temp\04ab5602-b14f-4215-821b-c52125dcd287.ps1:4 char:31
    + $constants = $gpm.GetConstants <<<< ()
      + CategoryInfo     : InvalidOperation: (GetConstants:String) [], RuntimeException
      + FullyQualifiedErrorId : InvokeMethodOnNull
     
    You cannot call a method on a null-valued expression.
    At C:\Temp\04ab5602-b14f-4215-821b-c52125dcd287.ps1:5 char:28
    + $GPODomain = $gpm.GetDomain <<<< ($env:USERDOMAIN,$null,$contants.UsePDC)
      + CategoryInfo     : InvalidOperation: (GetDomain:String) [], RuntimeException
      + FullyQualifiedErrorId : InvokeMethodOnNull
     
    You cannot call a method on a null-valued expression.
    At C:\Temp\04ab5602-b14f-4215-821b-c52125dcd287.ps1:6 char:56
    + $GPOs = $GPODomain.SearchGPOs($gpm.CreateSearchCriteria <<<< ())
      + CategoryInfo     : InvalidOperation: (CreateSearchCriteria:String) [], RuntimeException
      + FullyQualifiedErrorId : InvokeMethodOnNull
     
    You cannot call a method on a null-valued expression.
    At C:\Temp\04ab5602-b14f-4215-821b-c52125dcd287.ps1:9 char:48
    + $gpmSearchCriteria = $gpm.CreateSearchCriteria <<<< ()
      + CategoryInfo     : InvalidOperation: (CreateSearchCriteria:String) [], RuntimeException
      + FullyQualifiedErrorId : InvokeMethodOnNull
     
    You cannot call a method on a null-valued expression.
    At C:\Temp\04ab5602-b14f-4215-821b-c52125dcd287.ps1:10 char:24
    + $gpmSearchCriteria.Add <<<< ($constants.SearchPropertySomLinks,$constants.SearchOpContains,$_)
      + CategoryInfo     : InvalidOperation: (Add:String) [], RuntimeException
      + FullyQualifiedErrorId : InvokeMethodOnNull
     
    You cannot call a method on a null-valued expression.
    At C:\Temp\04ab5602-b14f-4215-821b-c52125dcd287.ps1:11 char:34
    + $somList = $GPODomain.SearchSoms <<<< ($gpmSearchCriteria)
      + CategoryInfo     : InvalidOperation: (SearchSoms:String) [], RuntimeException
      + FullyQualifiedErrorId : InvokeMethodOnNull
    


    /* Server Support Specialist */
    Thursday, June 30, 2011 7:35 AM
  • Its part of RSAT it looks like

    http://technet.microsoft.com/en-us/library/ee461027.aspx
    http://technet.microsoft.com/en-us/library/dd367856(WS.10).aspx

    "To use the Windows PowerShell Group Policy cmdlets, you must be running either Windows Server 2008 R2 on a domain controller or on a member server that has the GPMC installed, or Windows 7 with Remote Server Administration Tools (RSAT) installed. RSAT includes the GPMC and its cmdlets."


    Justin Rich
    http://jrich523.wordpress.com
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    Thursday, June 30, 2011 1:32 PM
  • I tried to reverse engineer this for all GPO's that were unlinked or orphaned.

    It proved a litle more difficult:

    foreach ($GPOName in get-gpo -all) {if (($null -eq ([xml](get-gporeport-name $GPOName.DisplayName -ReportType xml)).gpo.LinksTo)){Write-Output $GPOName.Displayname}}Function Get-AllGPO

    I apologize for cramming everything into one line... it just works better in my head this way.

    I had to do a comparison to verify the array was empty... but it ended up with a good outputted list.

    Wednesday, August 8, 2012 6:28 PM
  • It's nice, that MS makes the life so much easier with PowerShell :/

    When looking in Group Policy Management, you can click a GPO and see the links.

    When using PowerShell, why do they not show the links with get-gpo (almost the same way)?

    Thursday, October 31, 2013 8:47 AM
  • Good afternoon Shay,

         When I run the above script I get several errors. I am on a server 2003 domain with only PSv2 available to me. Can you tell me what the arguments need to be for this to run?

    Exception calling "GetDomain" with "3" argument(s): "A referral was returned from the server. (Exception from HRESULT:
    0x8007202B)"
    At D:\scripts\LinkedGPOs.ps1:3 char:28
    + $GPODomain = $gpm.GetDomain <<<< ($env:USERDOMAIN,$null,$contants.UsePDC)
        + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
        + FullyQualifiedErrorId : ComMethodTargetInvocation

    You cannot call a method on a null-valued expression.
    At D:\scripts\LinkedGPOs.ps1:4 char:30
    + $GPOs = $GPODomain.SearchGPOs <<<< ($gpm.CreateSearchCriteria())
        + CategoryInfo          : InvalidOperation: (SearchGPOs:String) [], RuntimeException
        + FullyQualifiedErrorId : InvokeMethodOnNull

    You cannot call a method on a null-valued expression.
    At D:\scripts\LinkedGPOs.ps1:9 char:34
    +  $somList = $GPODomain.SearchSoms <<<< ($gpmSearchCriteria)
        + CategoryInfo          : InvalidOperation: (SearchSoms:String) [], RuntimeException
        + FullyQualifiedErrorId : InvokeMethodOnNull

    Thank you,

    Lee Dandridge

    Wednesday, December 11, 2013 8:56 PM
  • Good afternoon Shay,

         When I run the above script I get several errors. I am on a server 2003 domain with only PSv2 available to me. Can you tell me what the arguments need to be for this to run?

    Exception calling "GetDomain" with "3" argument(s): "A referral was returned from the server. (Exception from HRESULT:
    0x8007202B)"
    At D:\scripts\LinkedGPOs.ps1:3 char:28
    + $GPODomain = $gpm.GetDomain <<<< ($env:USERDOMAIN,$null,$contants.UsePDC)
        + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
        + FullyQualifiedErrorId : ComMethodTargetInvocation

    You cannot call a method on a null-valued expression.
    At D:\scripts\LinkedGPOs.ps1:4 char:30
    + $GPOs = $GPODomain.SearchGPOs <<<< ($gpm.CreateSearchCriteria())
        + CategoryInfo          : InvalidOperation: (SearchGPOs:String) [], RuntimeException
        + FullyQualifiedErrorId : InvokeMethodOnNull

    You cannot call a method on a null-valued expression.
    At D:\scripts\LinkedGPOs.ps1:9 char:34
    +  $somList = $GPODomain.SearchSoms <<<< ($gpmSearchCriteria)
        + CategoryInfo          : InvalidOperation: (SearchSoms:String) [], RuntimeException
        + FullyQualifiedErrorId : InvokeMethodOnNull

    Thank you,

    Lee Dandridge

    I know this is an old post and probably will get ding by moderator, but I want to point out couple things that help to get rid of the error with the null-valued expression above so people can avoid it in the future.

    1. $GPODomain = $gpm.GetDomain($env:USERDOMAIN,$null,$contants.UsePDC) --> It should be $constants.UsePDC (missing an "s")

    2.  I have to use 
    $env:USERDNSDOMAIN instead of $env:USERDOMAIN.
    Saturday, January 14, 2017 12:57 AM
  • This results in the error

    Cannot convert value "<?xml version="1.0" encoding="utf-16"?>

    ans several other "Cannot convert value" errors.

    Thursday, July 16, 2020 6:56 PM
  • This topic was finished in 2011. 

    If you have any problems with any external script please contact with author or create new topic.


    The opinion expressed by me is not an official position of Microsoft

    Thursday, July 16, 2020 9:11 PM