Tags

, , , ,

A few weeks back, I needed to find the physical files or the folders of a few Group Policy Objects and I had to do the laborious task of navigating to each GPO in the Group Policy Management Console, navigating to the Details tab, copying the GUID, and searching for the GUID in the SYSVOL directory to find them. I could have done this within a few minutes if I already had the GUID to Name mappings of these GPOs. I could have quickly retrieved this each time I wanted by a PowerShell command but to do this I still need to run this command manually each time. So why not automate it?!!

So I came up with the following script to automate this task and created a scheduled task to run it daily. I also thought of preserving the mappings for some time so I can have a “sort of” timeline of creation and deletion of GPOs. So the script keeps a GUID to name mapping records for a single week before it overwrites the whole report on Monday. This was the simplest way to do this to fulfill my requirement. If you need to extend the number of days to retain the records you just need to think a bit more. 🙂

Note: You need to replace domainname.com with your domain name before you run the script. You can use the Get-ADDomain cmdlet if you want to automate this part too.

The generated report will be similar to the following one and will be stored in your Policies directory.

GPO report

Please download the script from here as WordPress may have messed up the PowerShell syntax below.

The code:

# ==============================================================================================
# name    : get_gporeport.ps1
# author  : Nimantha Wickremasinghe
# purpose : Generate a GPO report with Guid-Name mapping.
# version : 1.0
# ==============================================================================================

Import-Module GroupPolicy -ErrorAction Stop

$hostname = [Environment]::MachineName
$date = Get-Date
$rptFile = "\\"+ $hostname +"\sysvol\domainname.com\Policies\GPOReport.txt"

$rpt = "$date"
$rpt += Get-GPO -All | Select Id, DisplayName | Format-Table -AutoSize | Out-String -Width 10000
$rpt += "===================================================================`n"

if ($date.DayOfWeek -ne "Monday") {
    # Overwrites the file on Monday.
    # Guid-Name history is kept for 7 days in the report.
    if (Test-Path -Path $rptFile) {
        $curData = Get-Content -Path $rptFile | Out-String
    }
}

$rpt | Out-File $rptFile -Encoding ascii -Width 10000
# Without ASCII encoding Add-Content adds funny characters.

# Append the old data
if ($curData) {
    Add-Content $curData -Path $rptFile
}
exit

Advertisements