RSS All Posts

RSS PowerShell Posts

Tags

2142 Active Directory Administrativia Announcements Battlefield Blogging Cricket Deployment Deployment4 Get-PSUGUK Group Policy HowTo Linux MDT MDT 2010 Microsoft Deployment Toolkit MSDN Music Permissions Personal PowerGui Power Lines PowerShell PowerShell Groups PowerShell Support PowerShell Tools PowerShell V2 Presentations PSUGAU Quick Tips Scripting SDDL Security Tech Talk Ubuntu User Groups Virtualisation VMware Infrastructure Client WAIK Weekly Poll Windows 7 Windows Automation Installation Kit Windows Server 2003 Windows Server 2008 XML

Archives

Meta


« | Main | »

Creating a GPO with GPMC and PowerShell

By Adam Bell | April 19, 2007

If you have GPMC installed then you have the ability to manage your Group Policy objects via the COM object that the software exposes.

Microsoft provide a good set of example scripts located in the Scripts folder in the GPMC install directory. There is also a pretty decent help file (CHM format). Both the help and samples are well worth a look.

Through the COM object we can perform any of the management tasks in PowerShell that can be done in VBScript or JScript etc.

Create a GPO with PowerShell - Screen shot 1
We instantiate the object, and after binding to the Directory, search for any GPO’s that match our displayName of “New GPO Test”. Receiving a count of 0 shows us that no conflict will occur. You can actually have two GPO’s with the same displayName, but this would just add a level of confusion in your environment that you just don’t need!

You might notice that I have a function dot sourced in my profile here: ConvertDNtoFQDN. This allows me to dynamically lookup data and change the format as needed.

Create a GPO with PowerShell - Screen shot 2
GPMC shows what a new GPO looks like.At this stage it is just an empty GPO, with no attributes set.

Create a GPO with PowerShell - Screen shot 3
The commands to create the object. We can also see the methods and property’s available to the GPO object. And then finally we set the displayName.

Create a GPO with PowerShell - Screen shot 4
GPMC shows our updated object with the displayName configured.

For the GPO to become useful, at a minimum, we would need to actually import settings and link it to the directory.

I am not aware of any programmatic method of actually configuring settings at the moment. What I have personally seen is people exporting backup of the GPO’s from a reference system, and then importing them into the target environment using a Migration Table to handle any domain specific references.

Below is a sample function to create a new GPO.
Create-NewGPO.ps1


# Globals and Constants
$gpm  = New-Object -com gpmgmt.gpm
 
#----------------------------------------------------------------------------------------------------------
function Create-NewGPO
#----------------------------------------------------------------------------------------------------------
{
Param (
  $GPOname,
  $FQDName
  )
  $domain = $gpm.GetDomain( $FQDName), $null, $gpm.GetConstants().UseAnyDC )
  $searcher = $gpm.CreateSearchCriteria()
  $searcher.Add( $gpm.GetConstants().SearchPropertyGPODisplayName, `
    $gpm.GetConstants().SearchOpEquals, $GPOname )
  
  $GPOlist = $domain.SearchGPOs( $Searcher )
  
  If ($GPOlist.count -eq 0)
  {  
    $GPO = $domain.CreateGPO()
    $GPO.DisplayName = $GPOname
  }
}
#----------------------------------------------------------------------------------------------------------
Create-NewGPO "New Test GPO" "dc=rig1, dc=testlab,dc=tld"
 

Topics: Group Policy, PowerShell | 1 Comment »

One Response to “Creating a GPO with GPMC and PowerShell”

  1. Lead, Follow, or Move » Blog Archive » Importing a GPO using GPMC and PowerShell Says:
    May 4th, 2007 at 21:07

    [...] we discussed how to create a GPO using the COM object exposed by using [...]

Comments