Problem:
A client has several hundred GPOs and you need to find a single GPO where they have input an identifiable string i.e. a server name. Instead of searching through each GPO individually we can do this in PowerShell.
Solution:
Run the below code and when prompted enter the string you want to search for. i.e. enter server1.domain.com and all GPOs with this string in it will be returned and highlighted in green.
# Get the string we want to search for $string = Read-Host -Prompt "What string do you want to search for?" # Set the domain to search for GPOs $DomainName = $env:USERDNSDOMAIN # Find all GPOs in the current domain write-host "Finding all the GPOs in $DomainName" Import-Module grouppolicy $allGposInDomain = Get-GPO -All -Domain $DomainName [string[]] $MatchedGPOList = @() # Look through each GPO's XML for the string Write-Host "Starting search...." foreach ($gpo in $allGposInDomain) { $report = Get-GPOReport -Guid $gpo.Id -ReportType Xml if ($report -match $string) { write-host "********** Match found in: $($gpo.DisplayName) **********" -foregroundcolor "Green" $MatchedGPOList += "$($gpo.DisplayName)"; } # end if else { Write-Host "No match in: $($gpo.DisplayName)" } # end else } # end foreach write-host "`r`n" write-host "Results: **************" -foregroundcolor "Yellow" foreach ($match in $MatchedGPOList) { write-host "Match found in: $($match)" -foregroundcolor "Green" }
Thank you, Robin! The only drawback is if one is looking for a UNC path or a mapped drive letter, it fails to run the script. For example, I cannot search for “D:” in a GPO. It has been over a month since I used the script, but I believe it could not find “\\servername” either.
Oops! Correction: On the SBS 2011 server (based on Server 2008 R2) I was using to do the search, it could not find a “D:” search, but on my Server 2019 DC, it just worked fine. Same with a search for “\\dc1”. Never mind!
Well done, just used to look for printnightmare settings. Thanks
Thank you for this easy to copy and use script. Saved me many hours of labor.
I was pulling out my hair until I found this neat little script. How simple, how effective is this! Thanks mate for sharing this good work!
Simple and working! It should be like that! Thanks!
Awesome! Thank you.
Thanks, consider adding -domain $DomainName parameter to get-dcreport to make it work with hardcoded DomainName different than currently logged in (trust)
HI, I love this, however I do have trouble getting it to run on some of my server via powershell.
The script does not stop and let me input the text I want to search it just keeps going?
Any idea what i’m doing wrong?
Amazing!!
Awesome! works great
I did it like this:
$FindThisGPO = Read-Host ‘GPO to find’ ; get-gpo -all | Where-Object{$_.DisplayName -like “*$FindThisGPO*”} | Select-Object Displayname
for UNC and DFS paths like \\server\someshare\ or \\domain\someshare\
You need to escape the \ with another \ for it to work.
A solution is to add below code to line 3 (after the read host input):
$string = $string.replace(‘\’,’\\’)
How can I filter to OU(s)? The original script do search in the full domain. It takes about half an hour. I need for search only in a specified OU (and their sub OU-s).
Thanks!
You don’t know how many hours I just saved using that script! Thanks!