I was recently involved in a task to consolidate an OU structure. Part of this involved moving user objects from one OU to another and re-linking GPOs that were linked to the old OU to the new OU. There were a large number of links and I didn’t fancy adding them manually, so I spent a little time writing a PoSH script to do it. Enjoy! As always, please post a comment if know of a better/different way to do the same thing.
#########################################################
#
# Name: CopyGPOLinks.ps1
# Author: Tony Murray
# Version: 1.0
# Date: 26/10/2010
# Comment: PowerShell 2.0 script to copy GPO links from
# one OU to another
#
#########################################################
# Import the Group Policy module
Import-Module GroupPolicy
### Set global variables
# Source for GPO links
$Source = "OU=Sales,DC=contoso,DC=com"
# Target where we want to set the new links
$Target = "OU=Logistics,DC=contoso,DC=com"
### Finished setting global variables
# Get the linked GPOs
$linked = (Get-GPInheritance -Target $source).gpolinks
# Loop through each GPO and link it to the target
foreach ($link in $linked)
{
$guid = $link.GPOId
$order = $link.Order
$enabled = $link.Enabled
if ($enabled)
{
$enabled = "Yes"
}
else
{
$enabled = "No"
}
# Create the link on the target
New-GPLink -Guid $guid -Target $Target -LinkEnabled $enabled -confirm:$false
# Set the link order on the target
Set-GPLink -Guid $guid -Target $Target -Order $order -confirm:$false
}
Tony
Thanks for sharing Tony. Great script. 😀
That is a great script. I have been looking at a way to replicate our production GPO listing (of which there are many) to a test OU so I can clean them up. You have made the job much easier.
I modified this a bit – added the ability to use a text file of OU DNs (one per line, not quoted).
I put the main part of your script into a loop within a function and call the function for each DN found in the text list.
#########################################################
#
# Name: CopyGPOLinks.ps1
# Original Author: Tony Murray
# Version: 1.0
# Original Date: 26/10/2010
# Comment: PowerShell 2.0 script to copy GPO links from
# one OU to another
#
# Modified by: Sean Huggans
# Added external list function as well as enforcement
# checking, also added human readable output.
#
#########################################################
# Import the Group Policy module
Import-Module GroupPolicy
### Set global variables
# Source for GPO links
$Source = “OU=SampleOU,DC=SampleDomain,DC=org”
$TargetList = “c:\temp\newOUlist.txt”
# Target where we want to set the new links
### Finished setting global variables
function CopyGPOs {
# Get the linked GPOs
$linked = (Get-GPInheritance -Target $source).gpolinks
echo “————————————————”
echo $Target
echo “————————————————”
# Loop through each GPO and link it to the target
foreach ($link in $linked)
{
$guid = $link.GPOId
$title = $link.DisplayName
$order = $link.Order
$enabled = $link.Enabled
if ($enabled)
{
$enabled = “Yes”
}
else
{
$enabled = “No”
}
$enforced = $link.Enforced
if ($enforced)
{
$enforced = “Yes”
}
else
{
$enforced = “No”
}
echo “———”
echo “$title – Link Enabled: $enabled – Policy Enforced: $enforced”
# Create the link on the target
New-GPLink -Name $title -Target $Target -LinkEnabled $enabled -confirm:$false
# Set the link order on the target
Set-GPLink -Name $title -Target $Target -Order $order -confirm:$false
# Set the original enforcement setting on the target
Set-GPLink -Name $title -Target $Target -Enforced $enforced -confirm:$false
echo ” ”
}
echo ” ”
}
$DestList = Get-Content $TargetList
foreach ($ListedOU in $DestList) {
$Target = $ListedOU
CopyGPOs
}