« PowerTab 0.9 released | Main | Tech Talk: A server in every home? »
Creating a GPO with GPMC and PowerShell
By Adam Bell | April 19, 2007
If you have GPMC installed then you have the ability to manage your Group Policy objects via the COM object that the software exposes.
Microsoft provide a good set of example scripts located in the Scripts folder in the GPMC install directory. There is also a pretty decent help file (CHM format). Both the help and samples are well worth a look.
Through the COM object we can perform any of the management tasks in PowerShell that can be done in VBScript or JScript etc.
We instantiate the object, and after binding to the Directory, search for any GPO’s that match our displayName of “New GPO Test”. Receiving a count of 0 shows us that no conflict will occur. You can actually have two GPO’s with the same displayName, but this would just add a level of confusion in your environment that you just don’t need!
You might notice that I have a function dot sourced in my profile here: ConvertDNtoFQDN. This allows me to dynamically lookup data and change the format as needed.
GPMC shows what a new GPO looks like.At this stage it is just an empty GPO, with no attributes set.
The commands to create the object. We can also see the methods and property’s available to the GPO object. And then finally we set the displayName.
GPMC shows our updated object with the displayName configured.
For the GPO to become useful, at a minimum, we would need to actually import settings and link it to the directory.
I am not aware of any programmatic method of actually configuring settings at the moment. What I have personally seen is people exporting backup of the GPO’s from a reference system, and then importing them into the target environment using a Migration Table to handle any domain specific references.
Below is a sample function to create a new GPO.
Create-NewGPO.ps1
# Globals and Constants
$gpm = New-Object -com gpmgmt.gpm
#----------------------------------------------------------------------------------------------------------
function Create-NewGPO
#----------------------------------------------------------------------------------------------------------
{
Param (
$GPOname,
$FQDName
)
$domain = $gpm.GetDomain( $FQDName), $null, $gpm.GetConstants().UseAnyDC )
$searcher = $gpm.CreateSearchCriteria()
$searcher.Add( $gpm.GetConstants().SearchPropertyGPODisplayName, `
$gpm.GetConstants().SearchOpEquals, $GPOname )
$GPOlist = $domain.SearchGPOs( $Searcher )
If ($GPOlist.count -eq 0)
{
$GPO = $domain.CreateGPO()
$GPO.DisplayName = $GPOname
}
}
#----------------------------------------------------------------------------------------------------------
Create-NewGPO "New Test GPO" "dc=rig1, dc=testlab,dc=tld"
- Linking a GPO using GPMC and PowerShell
- Importing a GPO using GPMC and PowerShell
- GPO Settings with PowerShell and GPExpert Scripting Toolkit
- SpecOps Command
- Microsoft TechNet article on GPO management with PowerShell
Topics: Group Policy, PowerShell | 1 Comment »
May 4th, 2007 at 21:07
[...] we discussed how to create a GPO using the COM object exposed by using [...]