This one popped up last week in my PowerShell class at Naval Station Norfolk. The goal was to provide an OU and have a list of GPOs that are applied to that specific OU. The help file has the details on how to use it. I did a little extra work on creating an advanced object for the pipeline. I’ll be teaching the logic behind it when I return to Norfolk for part II of this 10 day class. The BEGIN block is where the magic is at. It is a bit overkill for such a simple task. For those of you who have taken my classes, you know that I like to keep things simple when I introduce new concepts.
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136
| Function Get-ScopedGPO { <# .SYNOPSIS Returns the GPOs scoped to an Organizational Unit
.DESCRIPTION Returns the GPOs scoped to an Organizational Unit. This list does not include GPOs from parent containers.
.PARAMETER OU The OU or OUs that you want to get the currently scoped GPOs for. .EXAMPLE Get-ScopedGPO -OU Clients
OU GPOs -- ---- OU=Clients,DC=TechTour,DC=com {@{GPO=GPO2}, @{GPO=GPO3}}
Returns the GPOs that are scoped to the Clients OU.
.EXAMPLE "Clients", "Domain Controllers" | Get-ScopedGPO
OU GPOs -- ---- OU=Clients,DC=TechTour,DC=com {@{GPO=GPO2}, @{GPO=GPO3}} OU=Domain Controllers,DC=TechTour,DC=com {@{GPO=Default Domain Controllers Policy}}
Returns the GPOs that are scoped to both the Clients and the Domain Controllers OUs.
.EXAMPLE Get-ScopedGPO -OU Clients | Select-Object -ExpandProperty GPOs
GPO --- GPO2 GPO3
Shows the GPOs scoped to the Clients OU. This is useful when more than one GPO is scoped to an OU.
.NOTES =============================================================================== == Cmdlet: Get-ScopedGPO == == Author: Jason A. Yoder == == Company: MCTExpert of Arizona == == Copyright: All rights reserved. == == Version: 1.0.0.0 == == Legal: The user assumes all responsibility and liability for the usage of == == this PowerShell code. MCTExpert of Arizona, Its officers, shareholders, == == owners, and their relatives are not liable for any damages. As with all == == code, review it and understand it prior to usage. It is recommended that == == this code be fully tested and validated in a test environment prior to == == usage in a production environment. == == == == Does this code make changes: NO == =============================================================================== #> [CmdletBinding()] Param ( [parameter(Mandatory=$true, ValueFromPipeline=$true)] [String[]]$OU )
BEGIN { Function New-GPO-Item { # An instance of this object is created for GPO # scoped for an object $Obj = New-Object -TypeName PSObject -Property @{ "GPO" = $null } Write-Output $Obj } # END: Function New-GPO-Item
Function New-GPO-Object { # This is the final object sent to the pipeline. it contains # a property to hold the OU. The second property, GPOs, # contains one object from New-GPO-Item for each individual # GPO scoped to the OU. $Obj = New-Object -TypeName PSObject -Property @{ "OU" = $null "GPOs" = $null } $Obj.psobject.typenames.insert(0, 'GPOScope'); Write-Output $obj } # END: Function New-GPO-Object
} # END : BEGIN BLOCK PROCESS { ForEach ($Item in $OU) {
# Create a new GPO object for each OU that is being examined. $Obj = New-GPO-Object
# Assign the FQDN of the OU to the objects OU property. $Obj.OU = Get-ADOrganizationalUnit -Filter 'name -eq $Item'| Select-Object -ExpandProperty DistinguishedName Write-Verbose "Gathering information for OU $($Obj.OU)"
# Dynamic array to hold all GPOs scoped for this OU. $GPOTemp = @() ForEach ($GPO in (Get-GPInheritance -Target $Obj.OU | Select-Object -ExpandProperty GPoLinks | Select-Object -ExpandProperty DisplayName)) { $GPOItem = New-GPO-Item $GPOItem.GPO = $GPO $GPOTemp += $GPOItem } $Obj.GPOs = $GpoTemp Write-Output $Obj } # End:ForEach ($Item in $OU) } # END: PROCESS BLOCK END {} }
#"Clients", "Domain Controllers" | Get-ScopedGPO #Get-ScopedGPO -OU Clients | Select-Object -ExpandProperty GPOs Get-help Get-ScopedGPO -Full
|
Comments