Determine What Active Directory Organization Units a Group Policy is Linked to with PowerShell

Have you ever noticed that there’s not many GPO related PowerShell cmdlets? I started out wanting to know what group policies existed that weren’t linked to OU’s and added a few other properties to return additional useful information for the ones that were:

One of more group policy names can be piped into this function or provided via parameter input. If you want to query all group policy objects, simply pipe Get-GPO -All to it:

gpolink1

What’s neat to me is being able to create an XML report on the fly, store it in a variable, and query that variable to return the desired output. Cool huh?

The function shown in this blog can be downloaded from the TechNet script repository.

µ

6 Comments

  1. Darren Mar-Elia

    Mike- Also, have a look at my GPMC module. It’s been around for a while and includes a built-in cmdlet called Get-SDMGPLink that lets you retrieves links by GPO name or SOM: http://www.sdmsoftware.com/freeware

    Reply
  2. albajock1816

    Hi, great script, thanks. Is it possible to get the ‘LinksTo’ = $report.GPO.LinksTo.SOMName to display the full CN rather than just the name of the OU please? Our AD structure contains lots of OUs called server, all having the same GPO assigned to them, The results then are server,server,server,servers…etc. Thanks.

    Reply
  3. joel

    Word of caution – this doesn’t seem to show Site links. If you want to use it to find GPO’s not linked to ANYTHING, check Site links also.

    Reply
  4. Chris

    Mike, I am receiving an error when trying to run your function as shown in the screenshot above. The error I am getting is:

    PS C:\adscripts> Get-GPO -All | Get-GPOLink | Format-Table -AutoSize
    Get-GPOLink : The term ‘Get-GPOLink’ is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
    At line:1 char:16
    + Get-GPO -All | Get-GPOLink | Format-Table -AutoSize
    + ~~~~~~~~~~~
    + CategoryInfo : ObjectNotFound: (Get-GPOLink:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

    Reply
  5. renard

    I have the same problem, “Get-GPOLink” is not recognized as the name of a cmdlet etc.. How did you solve the problem ?
    Thanks

    Reply

Leave a Reply

%d bloggers like this: