I had thought about detailing how you can populate GPOs from backup using powershell, however this has already been covered more than adequately elsewhere, however the script I use looks into the backup location, uses a migration table (to make these GPOs easily pushed into multiple environments), and takes all the GPOs it finds, looks for the GPOs in the Active Directory, then populates them.
Linking them is slightly different, first we pass some variables into the script by using arguments when running the script, it then searches for the GPO in the AD by display name, searches for an the defined OU, then writes the link by writinging the AD attribute 'gpLink' on the OU.
param([string]$domainName,$domainDN,$gpoName,$OU)
# Searches for GPO defined above
$gpm = New-Object -ComObject GPMgmt.GPM # Create the GPMC Main object
$gpmConstants = $gpm.GetConstants() # Load the GPMC constants
$gpmDomain = $gpm.GetDomain($domainName, "", $gpmConstants.UseAnyDC) # Connect to the domain passed using any DC
$gpmSearchCriteria = $gpm.CreateSearchCriteria()
$gpmSearchCriteria.Add($gpmConstants.SearchPropertyGPODisplayName, $gpmConstants.SearchOpEquals, $gpoName)
$gpmResultlist = $gpmDomain.SearchGPOs($gpmSearchCriteria) # This will return the GPOs found
foreach ($gpmResult in $gpmResultList)
{
# Finds the OU defined above
$domainpath = "LDAP://" + $domainDN
$domain = [adsi] $domainpath
$searcher = New-Object System.DirectoryServices.DirectorySearcher $domain
$searcher.Filter = $searcher.Filter ='(&(objectClass=OrganizationalUnit)(name=' + $OU + '))'
$OUResult = $searcher.FindAll()
foreach ($result in $OUResult) {$Ou=$result.Path.ToString()}
$gpLinkEntry = "[LDAP://" + $gpmResult.Path + ";0]"
$OUC=new-object directoryservices.directoryentry($OU) #connect to OU
$OUC.Put("gplink", $gpLinkEntry) #Sets GPLink.
$OUC.SetInfo()
}
No comments:
Post a Comment