12.18.08
Posted in General Stuff at 10:01 am by Administrator
We’ve updated our PowerShell-based Group Policy Health cmdlet and made it free up on our website at www.sdmsoftware.com/freeware. For those of you who have not seen the Health Cmdlet, this is a command-line tool for retrieving GP processing health against remote systems. You can use it to quickly get red or green status about GP processing on a single machine, all machines in an OU or all machines in a domain. The installer comes with a help file to explain usage, and of course, you can also use get-help get-sdmgphealth. The following is a sample of the output of the cmdlet. Note that we retrieve overall red or green status. This is based on two main things. THe first is whether GP core processing succeeded for both computer and user. The second is whether all of the CSEs processed by the computer and user succeeded. If any of these return an error, we consider this a "red". Otherwise, all is well and its green. You will notice that the cmdlet returns both computer and user GPOs processed as well as computer and user CSEs processed. These are returned in PowerShell as a collection of objects, so if you want to drill into any of these, you need to iterate through these collections separately. For example, if I want to see the list of GPO processed by the computer, I could do something like this:
$health = get-sdmgphealth -ComputerName xp3
$health.ComputerGPOsProcessed
More information and examples is available in the help file that ships with the cmdlet. I’m also working on putting together a PowerGUI snap-in so that you can easily call the cmdlet on AD objects from within PowerGUI’s AD tree. Look for that soon!
Tags:
PowerShell, Group Policy, SDM Software, PowerGUI
Permalink
12.09.08
Posted in AD at 2:57 pm by Administrator
Just a quick note to let everyone know that the 4th edition of the Active Directory Book from O’Reilly is out, courtesy of AD MVP Brian Desmond. For those of you who aren’t familiar with this book, its an invaluable resource for Active Directory Administrators, and Brian has added his considerable AD expertise to this latest update, which has a long history and distinguished history of authors. Definitely worth checking out!
Tags:
Active Directory, Brian Desmond
Permalink
12.02.08
Posted in PowerShell at 7:18 pm by Administrator
I had a question come up today about a use case for our GPMC cmdlets and figured it was worth sharing for other’s benefit. Here’s the scenario. I have a GPO who’s name I know. I want to find all the places that its linked and then I want disable all the links for that GPO. And I want to use PowerShell to do it because, well, I can!
So here we go. The first thing we need to do is search for all the links for a given GPO, using the get-sdmgplink cmdlet like this:
$scopes = get-sdmgplink -Name "My GPO"
In this example, I’m using the ability of this cmdlet to search for links by GPO name (using the -Name parameter). Once I’ve got the list of my scopes, I want to feed that into a set of commands to disable the links, like this:
$scopes = get-sdmgplink -Name "My GPO"
$gpo = get-SDMGPO "My GPO"
foreach ($scope in $scopes)
{
$links = get-sdmgplink -Scope $scope.Path -native
foreach ($link in $links)
{
if ($link.GPOID -eq $gpo.ID){$link.enabled = $false}
}
}
So, what I’m doing here is first getting the list of DNs that contain a link to the GPO called "My GPO". Then I call the get-sdmgpo cmdlet to get the GUID of the GPO to use later. Then I foreach through each scope I returned in the first call, and pass that to a call to get-sdmgplink again. Except this time, I am using the -Scope parameter to search by DN (returned as the Path property on the $scope variable). Once I get the list of links on that scope, I next foreach through them to find the one that corresponds to my GPO (by checking the GPO ID of the link compared to that of the GPO I want to search on). Once I find my GPO, I set that link’s enabled property equal to false.
Note that in my 2nd call to get-sdmgplink, I pass in the optional -Native parameter, which lets me get back the actual GPMC object that has the enabled property on it. This is important because if I don’t use this param, the call to .enabled will fail!
Well, hope that helps someone out there!
Tags:
Group Policy, PowerShell, GPMC, SDM Software
Permalink
