PowerShell GPMC scripts

By | December 13, 2008

 

The other day I had a need to configure scheduled backups of GPOs to file on a Windows Server 2008 Domain Controller.  Aha (I thought), I’ve done this before using the BackupAllGPOs.wsf script that is included along with a whole bunch of other handy scripts when you install the Group Policy Management Console (GPMC).  After a few minutes of fruitless searching on my Windows Server 2008 DC I realised that although the GPMC was installed (as a feature) the scripts were nowhere to be found.  After some Googling I found out that I hadn’t been singled out for victimisation – unlike Windows Server 2003, the scripts just aren’t installed by default in Windows Server 2008 when you enable the GPMC feature.  I discovered that you could download the Vista and Windows Server 2008 versions of the scripts here:

Group Policy Management Console Sample Scripts

It puzzled me that the scripts weren’t included by default.  I suspect the Vista and WS2008 versions of the scripts were developed after the products had shipped.  Anyway, it made me think that Microsoft maybe wanted me to work with PowerShell and not VBScript.  Aha (I thought again), I’ll see if I can find the PowerShell equivalent of the GPMC scripts.  After a fair bit of searching I found two options.

Option 1.

SDM GPMC PowerShell Cmdlets from Darren Mar-Elia

Option 2.

Sample functions provided by Thorbjörn Sjövold in his Technet Magazine article, Simplify Group Policy Administration with Windows PowerShell

The first option requires installing the Cmdlets from an .msi install package, something I didn’t really want to have to do in the environment I was working with.

The second option proved a winner and provided the functions I needed to get my PowerShell script up and running within a few minutes.  Here’s my script to backup all the GPOs in a given domain. 

## FileName: BackupGPOs.ps1
## Date: 13.12.2008
## Purpose:  Backs up all GPOs within domain to file

## Variables

$backupDirectory = “c:\backup\GPO”
$domainName = [System.DirectoryServices.ActiveDirectory.Domain]::GetComputerDomain().Name

## Functions

# Source: http://technet.microsoft.com/en-us/magazine/cc162355.aspx

###########################################################################
# Function   : BackupAllGpos
# Description: Backs up all GPOs in a Domain
# Parameters : $backupDirectory – The directory where the backups will be stored
#            : $domainName – The dns name, e.g. microsoft.com, of the domain to operate on
#            : $backupComment – An optional comment for the backups, if nothing is passed the current date will be
used.
# Returns    : N/A
###########################################################################
function BackupAllGpos(
  [string] $backupDirectory=$(throw ‘$backupDirectory is required’),
  [string] $domainName=$(throw ‘$domainName is required’),
  [string] $backupComment=$(get-date))
{
  $gpmAllGposInDomain = GetAllGposInDomain $domainName

  foreach ($gpmGpo in $gpmAllGposInDomain) # Iterate through all the GPOs
  {
    “Back up GPO : ” + $gpmGpo.DisplayName
    $gpmResult = $gpmGpo.Backup($backupDirectory, $backupComment) # Backup the GPO
    [void] $gpmResult.OverallStatus
    $gpoBackup = $gpmResult.Result
  }
}

###########################################################################
# Function   : GetAllGposInDomain
# Description: Returns all GPOs in a domain
# Parameters : $domainName – The dns name, e.g. microsoft.com, of the domain to operate on
# Returns    : All Group Policy Objects in the supplied domain
###########################################################################
function GetAllGposInDomain(
  [string] $domainName=$(throw ‘$domainName is required’))
{
  $gpm = New-Object -ComObject GPMgmt.GPM # Create the GPMC Main object
  $gpmConstants = $gpm.GetConstants() # Load the GPMC constants
  $gpmDomain = $gpm.GetDomain($domainName, “”, $gpmConstants.UseAnyDC) # Connect to the domain passed using any DC
  $gpmSearchCriteria = $gpm.CreateSearchCriteria() # Create a search criteria without any restrictions
  $gpmDomain.SearchGPOs($gpmSearchCriteria) # Search and find all GPOs in the domain, this will return the array
}

## Main

backupAllGpos $backupDirectory $domainName

## End

Note that I’ve set the $domainName variable to match the domain of the computer from which the script is run.  To set the variable to match the domain of the user account under which the script runs change it to (may wrap):

[System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain().Name

The sample functions provided by Thorbjörn are comprehensive and cover nearly all of the features included in the original GPMC VBScripts.  I encourage you to take a look.

4 thoughts on “PowerShell GPMC scripts

  1. Pingback: Open a Socket! » Powershell 2.0 Script to Backup GPOs

  2. Pingback: Open a Socket! » Powershell 2.0 Script to Backup GPOs

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.