A look at Get-Help Get-GPInheritance shows us this:
Why? Because Get-GPInheritance returns an object with a property listing all GPOs linked to that OU. We then want to pipe the OUs to Get-GPInheritance. The –Don’tUseDefaultIncludedProperties speeds the search up since we are not interested in most of the default properties of the OU. Setting a size limit of 0 will cause all matching objects to be returned, not just the first 1000. by specifying a type, we limit the returned objects to just OUs. Get-QADObject, as the name implies, returns Active Directory objects. Get-QADObject – type organizationalunit – sizelimit 0 – DontUseDefaultIncludedProperties So, first let’s get every OU in the domain. I decided to approach this starting with looking at all the OUs. Any given OU can have multiple GPOs linked to it and any given GPO can be linked to multiple OUs. Similarly, you can enforce a GPO link by right clicking and checking enforced. In the Group Policy Management Console, you can do this by right clicking the linked GPO and un-checking Link Enabled. īefore beginning, make sure the Quest tools are loaded and that you’ve imported the Group Policy cmdlets.Īdd-PSSnapin They are available as part of the Quest ActiveRoles Management Shell for Active Directory at. I will also once again be using the Quest AD cmdlets, making them a requirement as well. As with the previous post, this script requires Windows 7 or Server 2008 R2 for the Group Policy cmdlets.
Today, we will take a look at auditing to see which GPO links have the link disabled and which are enforced. In my last post, I discussed auditing for Group Policy inheritance blocking.
0 kommentar(er)
