For the second Active Directory Friday we have Group Policies on our radar. To query for Group Policy objects the following LDAP filter can be used:
1 | '(objectClass=groupPolicyContainer)' |
To get the full list of Group Policy objects the adsisearcher accelerator should be used in combination with the LDAP filter. This will return all group policy objects:
1 | ([adsisearcher]'(objectClass=groupPolicyContainer)').FindAll() |
To generate a short report with relevant information about the following code can be used:
1 2 3 4 5 6 7 8 9 10 11 12 | $GPOSearcher = New-Object DirectoryServices.DirectorySearcher -Property @{ Filter = '(objectClass=groupPolicyContainer)' PageSize = 100 } $GPOSearcher.FindAll() | ForEach-Object { New-Object -TypeName PSCustomObject -Property @{ 'DisplayName' = $_.properties.displayname -join '' 'CommonName' = $_.properties.cn -join '' 'FilePath' = $_.properties.gpcfilesyspath -join '' 'DistinguishedName' = $_.properties.distinguishedname -join '' } | Select-Object -Property DisplayName,CommonName,FilePath,DistinguishedName } |
This will display a list of all Group Policy Objects and display the following properties:
- DisplayName
- CommonName
- FilePath
- DistinguishedName
The full script is also available in the TechNet Script Gallery: http://gallery.technet.microsoft.com/Get-GroupPolicyObject-05aaef2d