Recently, as part of one of our Group Policy consulting engagements, we recommended to a customer to adopt a consistent GPO naming standard. This kind of standard makes the function and purpose of a GPO more clear and eases discovery of a Group Policy environment. As a result of this recommendation, we needed to rename a fairly large number of GPOs. Doing it by hand, in GPMC, of course, is one way. But the customer also wanted us to somehow make a note of the old GPO name. So we decided to use the GPO comments field, as shown in the screenshot below.
Commenting a GPO
Now, in order to populate this comment field, Microsoft makes it a little convoluted. You have to open GP Editor on the GPO, then right-click the GPO Name, choose Properties, and then select the Comments tab. That’s a lot of work to do manually for anything more than a few GPO. The whole operation “stunk” of the need for automation. Thankfully , PowerShell is your friend here. The script below, uses the Microsoft Group Policy module that ships with GPMC, and the Rename-GPO cmdlet to get the job done:
[codebox lang=”ps”]
$GPOs = import-csv -path C:\data\gporename.csv
foreach ($item in $GPOs)
{
$gpoToRename = Get-GPO -Name $item.OldName
$newComment = $gpoToRename.Description + ” — Old GPO Name: “+ $item.OldName
$gpoToRename.Description = $newcomment
Rename-GPO -Name $item.oldName -TargetName $item.NewName
}
[/codebox]
The above script is pretty straightforward. A pre-cursor to running this script, I created a csv file that contains the old GPO name and the new name. It has the format of:
OldName,NewName "My GPO","Lockdown Policy-Sales" "Folder Redir","Folder Redirection--Marketing" "IE Home Page","SetIEHomePage--Marketing"
This file has two columns–OldName and NewName, which I refer to in my script. So once I have my csv file that specifies the renames, I feed it into a variable called $GPOs using the import-csv cmdlet. Next, I loop through each line of the CSV in my Foreach statement. I first get a reference to the $gpoToRename using the get-gpo cmdlet. Next, I create a string variable called $newcomment, that takes any existing comments on it, and appends the Old GPO Name to that comment. Note that the comment on a GPO is stored in the Description property. I then assign the new comment to the Description field of the GPO I’m renaming, and then finally call rename-GPO to rename the GPO itself, using the properties I imported from the CSV file. This script is a bit verbose, which I tend to like. But you could easily trim it down to fewer lines, by coming some of the operations above. Fore example, you could assign the new comment to the old comment field in one line, rather than separating them out as I did. But the bottom line, is that this script accomplishes my goal of:
1) Renaming my GPOs
2.) Adding a comment to the GPO that contains the old name
3.) Maintains any existing comments that already exist on the GPO
Hopefully others will find this approach useful in your GPO renaming process.
Darren