Listing all GPOs in the current forest

This post was written by Judith, a technical writer for Group Policy. This is the second post in a series on ways to use Powershell with Group Policy. See the first post on getting started with RSAT and Group Policy

Let’s say I have a forest and I’d like to document a listing of all the GPOs in that forest. And maybe be able to list the GPOs mapped to the domain the GPO is created in.

I can start with the Get-ADForest cmdlet which creates an object for the forest I’m logged into. This object has a Domains property. How do I know this? I can find this out by running:

Get-ADForest | Get-Member

Once I know that I can get a list of all the domains in the forest using the Domains property, I can pipe those domain names into the Get-GPO cmdlet to find the names of all GPOs for each domain in the forest.

Here’s how it works out in one long line:

(get-ADForest).domains | foreach { get-GPO -all -Domain $_ | Select-Object @{n='Domain Name';e={$_.DomainName}}, @{n='GPO Name';e={$_.DisplayName}} }

The Select-Object cmdlet is used to create an associative array that maps the domain name with the GPO name.

For a sample domain called corp.Contoso.com, with a child domain of HQ.corp.Contoso.com, with one test GPO named testGPO, I would get a listing that looks like this:

Domain Name GPO Name ----------- -------- corp.contoso.com Default Domain Policy corp.contoso.com testGPO corp.contoso.com Default Domain Controllers Policy HQ.corp.contoso.com Default Domain Policy HQ.corp.contoso.com Default Domain Controllers Policy

Pipe the output of this command to the Out-Gridview cmdlet to get a spreadsheet style listing of GPOs for each domain in the forest.

(get-ADForest).domains | foreach { get-GPO -all -Domain $_ | Select-Object @{n='Domain Name';e={$_.DomainName}}, @{n='GPO Name';e={$_.DisplayName}} } | Out-Gridview

No Comments