How do I enumerate GPOs linked to an OU in Active Directory?
Posted on 2008-10-08
How would I find a computer object in AD, determine the computer object's OU, and enumerate the GPOs that are specifically linked to that OU?
I received an audit script request from Management that I've been able to translate into the following request.
"Write a script that can do the following:
1. Search AD for a computer object
2. Identify the OU of the computer object
3. Enumerate the GPOs linked to the identified OU
4. Determine the Global Group(s) designated in the security filter of the GPO
5. Verify that the members of the Administrator group belong to one of the identified Global Groups"
This was a fairly liberal translation and is significantly less ambiguous than the original request. Steps 1 and 2 are fairly simplistic by my standards, as well as step 5. It is those pesky steps 3 and 4 that have me browsing the web, watching webcasts, and finally pandering to those who have more scripting mojo than myself.
Simply put, how do I use a computer object's ADsPath to query AD to find GPOs linked to the computer object's OU? I'm only interested in the GPOs linked directly to the OU and none of the GPOs linked higher up in AD. Thanks!