Active Directory Friday: Query Group Policy Objects in Active Directory

For the second Active Directory Friday we have Group Policies on our radar. To query for Group Policy objects the following LDAP filter can be used:

1
'(objectClass=groupPolicyContainer)'

To get the full list of Group Policy objects the adsisearcher accelerator should be used in combination with the LDAP filter. This will return all group policy objects:

1
([adsisearcher]'(objectClass=groupPolicyContainer)').FindAll()

To generate a short report with relevant information about the following code can be used:

1
2
3
4
5
6
7
8
9
10
11
12
$GPOSearcher = New-Object DirectoryServices.DirectorySearcher -Property @{
    Filter = '(objectClass=groupPolicyContainer)'
    PageSize = 100
}
$GPOSearcher.FindAll() | ForEach-Object {
    New-Object -TypeName PSCustomObject -Property @{
        'DisplayName' = $_.properties.displayname -join ''
        'CommonName' = $_.properties.cn -join ''
        'FilePath' = $_.properties.gpcfilesyspath -join ''
        'DistinguishedName' = $_.properties.distinguishedname -join ''
    } | Select-Object -Property DisplayName,CommonName,FilePath,DistinguishedName
}

This will display a list of all Group Policy Objects and display the following properties:

  • DisplayName
  • CommonName
  • FilePath
  • DistinguishedName

The full script is also available in the TechNet Script Gallery: http://gallery.technet.microsoft.com/Get-GroupPolicyObject-05aaef2d

Leave a Reply

Your email address will not be published.