Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

Professional Opinions
Ask a Question
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

troubleshooting Question

Modifying AD Group Policy Powershell to list unused GPO

Avatar of Senior IT System Engineer
Senior IT System EngineerFlag for Australia asked on
SecurityActive DirectoryPowershell
5 Comments1 Solution304 ViewsLast Modified:
I had this question after viewing Powershell to list unused Group Policy Object ?.


Can anyone here please assist me in modifying the Powershell script below to add additional testing:

Some of the Group Policy Object is not linked to any OU but it has got Security Filtering with some AD security group and AD user account listed.

$result = @();

$AllGPOs = Get-GPO -All
foreach ($gpo in $AllGPOs)
 [xml]$report = Get-GPOReport -Name "$($gpo.DisplayName)" -ReportType Xml
 If ($report.GPO.LinksTo -eq $null -or ($gpo.Computer.DSVersion -eq 0 -and $gpo.User.DSVersion -eq 0))
  # Report and Export to .CSV file
  $temp = "" | Select Name, Status;
  $temp.Name = $gpo.DisplayName;
  $temp.Status = $gpo.GpoStatus;
  $result += $temp;
$result | Export-Csv -Path C:\Unused.csv -NoTypeInformation

So the checking should be Unlinked AD group AND the Security filtering that is empty.

Thanks in advance.