A little while back I posted a Powershell 1.0 script to backup all the GPOs in a domain. Now that Powershell 2.0 is available together with the Group Policy module it is much easier to script Group Policy tasks. The attached script is basically a re-write of my previous script, but now using the Powershell 2.0 cmdlets.
The script is intended for use with the Windows Task Scheduler. For example, by backing up the GPOs to disk on a daily basis you have a simple method for restoring accidentally deleted (or badly modified) GPOs. In my customers’ environments I combine this task with a scheduled full volume snapshot to disk, so that a number of days worth of backups are available.
######################################################### #
# Name: BackupGPOsV2.ps1
# Author: Tony Murray
# Version: 1.0
# Date: 25/02/2010
# Comment: PowerShell 2.0 script to backup all
# GPOs within a domain
#
#########################################################
# Import the modules that we need
import-module activedirectory
import-module grouppolicy# Specify the location for the backups
$BackupPath = "C:\Backup\GPO\"# Create the backup folder if it doesn’t exist
if(test-path -path $BackupPath)
{write-host “The folder” $BackupPath “already exists”}
else
{New-Item $BackupPath -type directory}
# Remove any previous backups from the folder
## Note: You will need to move the backups off to tape/disk
## archive daily if you need access to older GPO versions
Remove-Item $BackupPath\* -Recurse -Force# Find out what domain this computer is in
$mydomain = get-ADDomain -current LocalComputer# Get all the GPOs in the specified domain
$AllDomGPOs = get-gpo -domain $mydomain.DNSRoot -all# Loop through the array
Foreach ($GPO in $AllDomGPOs)
{
# Backup the GPO to the specified path
backup-GPO $GPO.DisplayName -path $BackupPath
}#End
You can just use the pipeline. You do not have to use foreach.
get-gpo -domain $mydomain.DNSRoot -all | backup-GPO -path $BackupPath
You can just use the pipeline. You do not have to use foreach.
get-gpo -domain $mydomain.DNSRoot -all | backup-GPO -path $BackupPath
Also… you don’t need the AD module. It only adds an artificial dependency.
$Domain = [DirectoryServices.ActiveDirectory.Domain]::GetComputerDomain().Name
get-gpo -domain $domain -all
Also… you don’t need the AD module. It only adds an artificial dependency.
$Domain = [DirectoryServices.ActiveDirectory.Domain]::GetComputerDomain().Name
get-gpo -domain $domain -all
Pingback: Actice Directory Round 2/26/2010 - The Experts Community
Pingback: Actice Directory Round 2/26/2010 - The Experts Community
@Brandon
Thanks for your comments. As always, I defer to your knowledge regarding all things Powershell 🙂
Tony
Pingback: PowerShell — Резервное копирование групповых политик (GPO) | Блог IT-KB