I had this question after viewing Powershell to list unused Group Policy Object ?
Can anyone here please assist me in modifying the Powershell script below to add additional testing:
Some of the Group Policy Object is not linked to any OU but it has got Security Filtering
with some AD security group and AD user account listed.
$result = @();
$AllGPOs = Get-GPO -All
foreach ($gpo in $AllGPOs)
[xml]$report = Get-GPOReport -Name "$($gpo.DisplayName)" -ReportType Xml
If ($report.GPO.LinksTo -eq $null -or ($gpo.Computer.DSVersion -eq 0 -and $gpo.User.DSVersion -eq 0))
# Report and Export to .CSV file
$temp = "" | Select Name, Status;
$temp.Name = $gpo.DisplayName;
$temp.Status = $gpo.GpoStatus;
$result += $temp;
$result | Export-Csv -Path C:\Unused.csv -NoTypeInformation
Open in new window
So the checking should be Unlinked AD group AND the Security filtering that is empty.
Thanks in advance.