Group policy Documentation (Network Steve Forum)

Group policy Documentation

I inherited a large active directory infrastructure with no proper documentation. We have tons of Group policy object associated with sites, OU or domain etc. Is there anyway to make a list of all the policies applied to each OU, sites and also which users and groups are assigned to each users. What are the best way you should use when you inherit such an organization to manage.What are the best way to document an AD group policy infrastructure

Thanks for your updates

July 31st, 2015 3:34pm

 $date = Get-Date -Format yyyyMMddhhmmss
 $file = "C:\Users\user1\Documents\Scripts\GPO\gpos_$date.csv"
 Add-Content $file "Name,LinksPath,WMI Filter,CreatedTime,ModifiedTime,CompVerDir,CompVerSys,UserVerDir,UserVerSys,CompEnabled,UserEnabled,SecurityFilter,GPO Enabled,Enforced"

$GPOList = (Get-Gpo -All).DisplayName

$colGPOLinks = @()
$LinksPaths = @()

foreach ($GPOItem in $GPOList){
 
      $LinksPaths = "" 
      $LinksPath = ""
 
    [xml]$gpocontent =  Get-GPOReport $GPOItem -ReportType xml
 
        $LinksPaths = $gpocontent.GPO.LinksTo #| %{$_.SOMPath}
    
    $Wmi = Get-GPO $GPOItem | Select-Object WmiFilter
 
    $CreatedTime = $gpocontent.GPO.CreatedTime
    $ModifiedTime = $gpocontent.GPO.ModifiedTime
    $CompVerDir = $gpocontent.GPO.Computer.VersionDirectory
    $CompVerSys = $gpocontent.GPO.Computer.VersionSysvol
    $CompEnabled = $gpocontent.GPO.Computer.Enabled
    $UserVerDir = $gpocontent.GPO.User.VersionDirectory
    $UserVerSys = $gpocontent.GPO.User.VersionSysvol
    $UserEnabled = $gpocontent.GPO.User.Enabled

    $SecurityFilter = ((Get-GPPermissions -Name $GPOItem -All | ?{$_.Permission -eq "GpoApply"}).Trustee | ?{$_.SidType -ne "Unknown"}).name -Join ','

   if($LinksPaths -ne $null)
   {
        foreach ($LinksPath in $LinksPaths)
        {
            Add-Content $file "$GPOItem,$($LinksPath.SOMPath),$(($wmi.WmiFilter).Name),$CreatedTime,$ModifiedTime,$CompVerDir,$CompVerSys,$UserVerDir,$UserVerSys,$CompEnabled,$UserEnabled,""$($SecurityFilter)"",$($LinksPath.Enabled),$($LinksPath.NoOverride)"
        }
    
    }
    else
    {#Write-Host "Empty Links"  
            Add-Content $file "$GPOItem,$($LinksPath.SOMPath),$(($wmi.WmiFilter).Name),$CreatedTime,$ModifiedTime,$CompVerDir,$CompVerSys,$UserVerDir,$UserVerSys,$CompEnabled,$UserEnabled,""$($SecurityFilter)"",$($LinksPath.Enabled),$($LinksPath.NoOverride)"
    } 
}

Here is what I use, took from web and altered for my use. Creates a csv by using 'Add-COntent'

Free Windows Admin Tool Kit Click here and download it now

July 31st, 2015 4:47pm

Thanks a lot . Let me try and update you the result

July 31st, 2015 4:55pm

To add, here is a great blog post on how to use PowerShell to find all of your Group Policy links for your root domain, OUs and sites:

http://blogs.technet.com/b/ashleymcglone/archive/2013/05/29/dude-where-s-my-gpo-using-powershell-to-find-all-of-your-group-policy-links.aspx

This will also finally generates a .csv file listing all of the linked policies, their locations, and link configurations. This .csv file can certainly be a reference to your group policy infrastructure.

Hope it helps.

Regards,

Eth

Free Windows Admin Tool Kit Click here and download it now

August 3rd, 2015 3:29am

This topic is archived. No further replies will be accepted.