Monday, October 4, 2010

GPO Scripts – Finding a GPO given only the GUID

Many times when you are chasing down a GPO problem, you only have the GPO GUID that is listed in the event log entry on the machine reporting the problem. If you are dealing with a domain of any size, finding the actual GPO that is causing the problem is a tedious process that requires a lot of patience when navigating through the directory tree looking for the actual policy link with the appropriate GUID.
The Powershell script below from the Technet Script Center addresses that problem and will produce an HTML report of the GPO in question given only its GUID. To use, simply replace your domain for the text "" in the script. Note: for this script to work you need the Group Policy Management Feature installed on your computer. Enjoy.

# Script By: Jonathan Knapp
# Script will search GPO's for GUID

$results1 = Test-Path C:\GPOReports

# Create folder

if ($results1 = "False") {
New-Item C:\GPOReports -type directory -Force
else {

$results2 = Test-Path C:\GPOReports\GPOReportsGUID.html

# Create empty file

if ($results = "False") {
New-Item C:\GPOReports\GPOReportsGUID.html -type file -force
else {

Import-Module -Name grouppolicy

$guidgpo = Read-Host "Enter the GUID of the GPO (Do Not Include Brackets {}"

Get-GPOReport -Domain Your.Domain.Here -Server DC01 -GUID $guidgpo -ReportType HTML -Path C:\GPOReports\GPOReportsGUID.html

# Now open in IE to View report

Invoke-Item C:\GPOReports\GPOReportsGUID.html

No comments:

Post a Comment