-
-
Save irwins/88dc2930fe459ce0c252 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| Author: I.C.A. Strachan | |
| Version: 1.0 | |
| Version History: Based on Ashley McGlone's Get-GPOReport. Here's a shortlink to it: http://tinyurl.com/ofpfnf4 | |
| Purpose: Get all GPOs that are linked to Domain, Sites and/or OUs | |
| #> | |
| Function Get-GPOsSoM { | |
| BEGIN{ | |
| Import-Module GroupPolicy -Verbose:$false | |
| Import-Module ActiveDirectory -Verbose:$false | |
| #region Get a list of all GPOs | |
| $GPOs = Get-GPO -All | | |
| Select-Object ID, Path, DisplayName, GPOStatus, WMIFilter | |
| #endregion | |
| #Array for GPLinks results | |
| $gPLinks = @() | |
| #region GPO Linked to the Domain | |
| $domainGPO = @{ | |
| Identity = ((Get-ADDomain).distinguishedName) | |
| Properties = @('name', 'distinguishedName', 'gPLink', 'gPOptions', 'canonicalname') | |
| } | |
| $gPlinks += Get-ADObject @domainGPO | | |
| Select-Object 'name', 'distinguishedName', 'gPLink', 'gPOptions', 'canonicalname', | |
| @{name='Depth';expression={0}} | |
| #endregion | |
| #region GPO Linked to OUs | |
| $ouGPOs = @{ | |
| Filter = '*' | |
| Properties = @('name', 'distinguishedName', 'gPLink', 'gPOptions', 'canonicalname') | |
| } | |
| $gPLinks += Get-ADOrganizationalUnit @ouGPOs | | |
| Select-Object name, distinguishedName, gPLink, gPOptions ,canonicalname , | |
| @{name='Depth';expression={($_.distinguishedName -split 'OU=').count - 1}} | |
| #endregion | |
| #region GPOs linked to sites | |
| $siteGPOs = @{ | |
| LDAPFilter = '(objectClass=site)' | |
| SearchBase = "CN=Sites,$((Get-ADRootDSE).configurationNamingContext)" | |
| SearchScope = 'Onelevel' | |
| Properties = @('name', 'distinguishedName', 'gPLink', 'gPOptions', 'canonicalname') | |
| } | |
| $gPLinks += Get-ADObject @siteGPOs | | |
| Select-Object name, distinguishedName, gPLink, gPOptions ,canonicalname, | |
| @{name='Depth';expression={0}} | |
| #Hashtable to lookup GPOs | |
| $lookupGPO = $GPOs | Group-Object -AsHashTable -Property 'Path' | |
| } | |
| PROCESS{ | |
| #Get the Scope of Management of each gPLink | |
| ForEach ($SOM in $gPLinks) { | |
| if ($SOM.gPLink) { | |
| If ($SOM.gPLink.length -gt 1) { | |
| $links = @($SOM.gPLink -split {$_ -eq '[' -or $_ -eq ']'} | Where-Object {$_}) | |
| For ( $i = $links.count - 1 ; $i -ge 0 ; $i-- ) { | |
| $GPOData = $links[$i] -split {$_ -eq '/' -or $_ -eq ';'} | |
| [PSCustomObject]@{ | |
| Depth = $SOM.Depth; | |
| Name = $SOM.Name; | |
| DistinguishedName = $SOM.distinguishedName; | |
| canonicalName = $SOM.canonicalname; | |
| PolicyDN = $GPOData[2]; | |
| LinkOrderNr = $links.count - $i | |
| GUID = $lookupGPO.$($GPOData[2]).ID; | |
| DisplayName = $lookupGPO.$($GPOData[2]).DisplayName; | |
| GPOStatus = $lookupGPO.$($GPOData[2]).GPOStatus; | |
| WMIFilter = $lookupGPO.$($GPOData[2]).WMIFilter.Name; | |
| Config = $GPOData[3]; | |
| LinkEnabled = [bool](!([int]$GPOData[3] -band 1)); | |
| Enforced = [bool]([int]$GPOData[3] -band 2); | |
| BlockInheritance = [bool]($SOM.gPOptions -band 1) | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| END{} | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment