troubleshooting Question

Modifying AD Group Policy Powershell to list unused GPO

Avatar of Senior IT System Engineer
Senior IT System EngineerFlag for Australia asked on
PowershellActive DirectorySecurity
5 Comments2 Solutions304 ViewsLast Modified:
I had this question after viewing Powershell to list unused Group Policy Object ?.


Can anyone here please assist me in modifying the Powershell script below to add additional testing:

Some of the Group Policy Object is not linked to any OU but it has got Security Filtering with some AD security group and AD user account listed.

$result = @();

$AllGPOs = Get-GPO -All
foreach ($gpo in $AllGPOs)
 [xml]$report = Get-GPOReport -Name "$($gpo.DisplayName)" -ReportType Xml
 If ($report.GPO.LinksTo -eq $null -or ($gpo.Computer.DSVersion -eq 0 -and $gpo.User.DSVersion -eq 0))
  # Report and Export to .CSV file
  $temp = "" | Select Name, Status;
  $temp.Name = $gpo.DisplayName;
  $temp.Status = $gpo.GpoStatus;
  $result += $temp;
$result | Export-Csv -Path C:\Unused.csv -NoTypeInformation

So the checking should be Unlinked AD group AND the Security filtering that is empty.

Thanks in advance.
Join our community to see this answer!
Unlock 2 Answers and 5 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 2 Answers and 5 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros