asked on Modifying AD Group Policy Powershell to list unused GPO
I had this question after viewing Powershell to list unused Group Policy Object ?.
Hi,
Can anyone here please assist me in modifying the Powershell script below to add additional testing:
Some of the Group Policy Object is not linked to any OU but it has got Security Filtering with some AD security group and AD user account listed.
So the checking should be Unlinked AD group AND the Security filtering that is empty.
Thanks in advance.
Hi,
Can anyone here please assist me in modifying the Powershell script below to add additional testing:
Some of the Group Policy Object is not linked to any OU but it has got Security Filtering with some AD security group and AD user account listed.
$result = @();
$AllGPOs = Get-GPO -All
foreach ($gpo in $AllGPOs)
{
[xml]$report = Get-GPOReport -Name "$($gpo.DisplayName)" -ReportType Xml
If ($report.GPO.LinksTo -eq $null -or ($gpo.Computer.DSVersion -eq 0 -and $gpo.User.DSVersion -eq 0))
{
# Report and Export to .CSV file
$temp = "" | Select Name, Status;
$temp.Name = $gpo.DisplayName;
$temp.Status = $gpo.GpoStatus;
$result += $temp;
}
}
$result | Export-Csv -Path C:\Unused.csv -NoTypeInformation
So the checking should be Unlinked AD group AND the Security filtering that is empty.
Thanks in advance.
PowershellActive DirectorySecurity
Last Comment
Shaun Vermaak
Just a question... If GPO is empty or unlinked, why does the security filter matter?
ASKER
Wel, when running the GPO Powershell above,
I can see the GPO is not empty but it has got WMI FIlter ?
I can see the GPO is not empty but it has got WMI FIlter ?
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
OK,
what I have found from running the Powershell above is that some GPO has WMI filter and members in the Security Filtering.
So is it enough to trust the result of the Script above ?
what I have found from running the Powershell above is that some GPO has WMI filter and members in the Security Filtering.
So is it enough to trust the result of the Script above ?
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.