Discussion:
Copy GP structure to child OU structure
(too old to reply)
UnderCoverGuy
2008-10-15 13:30:01 UTC
Permalink
Good morning. We are setting up an identical OU structure within our
production environment to try and clean up some AD issues. We can't set up a
seperate staging environment for a number of different reasons. So I had to
go this route and created a child OU off of the domain root and have set up
an identical OU structure of the domain under this new child OU off of the
root.

What I am trying to do now is copy the GPO structure of the OU's and all
child OU's to this new "staging" OU area. I can use the
CreateXmlFromEnvironment.wsf script to export the structure out with the
/StartingOU option. However, with the CreateEnvironmentFromXml.wsf script, I
don't see an option to apply the GPO structure (links and permissions) to a
child OU - it looks llike it starts at the domain root. Plus, I don't need
to import the new GPO's themselves just links and permissions.

Anyone have any ideas how I can accomplpish this task?


Thanks in advance for any assistance,
UCG
Darren Mar-Elia
2008-10-16 05:02:32 UTC
Permalink
So, if I understand correctly, the GPOs already exist in the domain, but you
want to replicate a "production" OU structure off of another OU in the same
domain? If that is correct, then GPO permissions aren't involved since they
stay with the GPO, not the links. However, you can replicate just links (and
link states) if you are up for some scripting. The GPMC APIs all support
reading and writing links. So you could write a script to read from one OU
structure and write to another. Or, you can use our free GPMC PowerShell
cmdlets to do this in PowerShell if you are so inclined
(www.sdmsoftware.com/freeware).

Darren
--
Darren Mar-Elia
MS-MVP-Windows Server--Group Policy

*******************************
Secure and configure your Windows desktops accurately every time without
having to learn or install new technology.
Find out more about Desktop Policy Manager at
http://www.sdmsoftware.com/desktop_management
*******************************
Post by UnderCoverGuy
Good morning. We are setting up an identical OU structure within our
production environment to try and clean up some AD issues. We can't set up a
seperate staging environment for a number of different reasons. So I had to
go this route and created a child OU off of the domain root and have set up
an identical OU structure of the domain under this new child OU off of the
root.
What I am trying to do now is copy the GPO structure of the OU's and all
child OU's to this new "staging" OU area. I can use the
CreateXmlFromEnvironment.wsf script to export the structure out with the
/StartingOU option. However, with the CreateEnvironmentFromXml.wsf script, I
don't see an option to apply the GPO structure (links and permissions) to a
child OU - it looks llike it starts at the domain root. Plus, I don't need
to import the new GPO's themselves just links and permissions.
Anyone have any ideas how I can accomplpish this task?
Thanks in advance for any assistance,
UCG
UnderCoverGuy
2008-10-16 13:07:01 UTC
Permalink
Thanks Darren. Yes, that is exactly what I am looking to do. So I looked at
Microsoft's scripts and figured I'd try to modify them to do what I need but
that seemed a daunting task. I figure it would be easier to just create my
own scripts from scratch, but I've worked with GP scripting objects before so
I have a learning curve on the syntax to use. Hopefully it won't be too
difficult.

I'll check out the link you provided for the PowerShell cmdlets. I saw that
on MS's third-party GP stuff but didn't really start looking at the ones that
used PS. I was looking at the "quick" GUI apps or canned scripts but didn't
see any that would really help me. Scripting it would probably be better
anyway because this is just the setup phase for my project - and other admins
may make GP changes down the road in the next month or two (before I start to
really implement the structure change) that may be missed in the new
structure. A script will allow me to run it again late in the game and make
sure that I get any possible GP changes that had been made.


Thanks again,
UCG
UnderCoverGuy
2008-10-29 19:14:03 UTC
Permalink
Thanks. I picked up the GPO cmdlets from SDM Software. They work great by
themselves in testing thus far but I am having issues scripting it (or
running it from PS itself).

I've set up the OU structure in a text file, one per line, etc. It imports
just fine (the OU list already has the quotes around them):

$OUlist = GC "RealOUs_WorkWithCopy.csv"

But connecting the $OUlist to the cmdlets I have issues:

I've tried several variations but can't get it to work properly. If I do
this:

ForEach($OUname In $OUlist) {Write-Host Get-SDMgplink -Scope $OUname}

I get back:

Get-SDMgplink -Scope "OU=TestOU2,OU=_OurComputers,DC=domain,DC=com"
Get-SDMgplink -Scope "OU=TestOU1,OU=_OurComputers,DC=domain,DC=com"
(...etc...)

But, if I use the following line of code (same as before without Write-Host):

ForEach($OUname In $OUlist) {Get-SDMgplink -Scope $OUname}

I receive back the following error (for each one) as it cycles through the
list:

+ ForEach($OUname In $OUlist) {Get-SDMgplink <<<< -Scope $OUname}
Get-SDMgplink : Value does not fall within the expected range.
At line:1 char:43

char:43 equals the start of the -Scope parameter.

Any thoughts?


Thanks in advance,
UCG
unknown
2010-04-22 09:41:39 UTC
Permalink
PS> Import-Csv dn.csv | ForEach-Object -Process {Get-SDMgplink -Scope $_.'DN'} | Export-Csv gpo_
by_ou.txt



UnderCoverGu wrote:

Thanks. I picked up the GPO cmdlets from SDM Software.
29-Oct-08

Thanks. I picked up the GPO cmdlets from SDM Software. They work great by
themselves in testing thus far but I am having issues scripting it (or
running it from PS itself).

I've set up the OU structure in a text file, one per line, etc. It imports
just fine (the OU list already has the quotes around them):

$OUlist = GC "RealOUs_WorkWithCopy.csv"

But connecting the $OUlist to the cmdlets I have issues:

I've tried several variations but can't get it to work properly. If I do
this:

ForEach($OUname In $OUlist) {Write-Host Get-SDMgplink -Scope $OUname}

I get back:

Get-SDMgplink -Scope "OU=TestOU2,OU=_OurComputers,DC=domain,DC=com"
Get-SDMgplink -Scope "OU=TestOU1,OU=_OurComputers,DC=domain,DC=com"
(...etc...)

But, if I use the following line of code (same as before without Write-Host):

ForEach($OUname In $OUlist) {Get-SDMgplink -Scope $OUname}

I receive back the following error (for each one) as it cycles through the
list:

+ ForEach($OUname In $OUlist) {Get-SDMgplink <<<< -Scope $OUname}
Get-SDMgplink : Value does not fall within the expected range.
At line:1 char:43

char:43 equals the start of the -Scope parameter.

Any thoughts?


Thanks in advance,
UCG

Previous Posts In This Thread:

On Wednesday, October 15, 2008 9:30 AM
UnderCoverGu wrote:

Copy GP structure to child OU structure
Good morning. We are setting up an identical OU structure within our
production environment to try and clean up some AD issues. We can't set up a
seperate staging environment for a number of different reasons. So I had to
go this route and created a child OU off of the domain root and have set up
an identical OU structure of the domain under this new child OU off of the
root.

What I am trying to do now is copy the GPO structure of the OU's and all
child OU's to this new "staging" OU area. I can use the
CreateXmlFromEnvironment.wsf script to export the structure out with the
/StartingOU option. However, with the CreateEnvironmentFromXml.wsf script, I
don't see an option to apply the GPO structure (links and permissions) to a
child OU - it looks llike it starts at the domain root. Plus, I don't need
to import the new GPO's themselves just links and permissions.

Anyone have any ideas how I can accomplpish this task?


Thanks in advance for any assistance,
UCG

On Thursday, October 16, 2008 1:02 AM
Darren Mar-Elia wrote:

So, if I understand correctly, the GPOs already exist in the domain, but you
So, if I understand correctly, the GPOs already exist in the domain, but you
want to replicate a "production" OU structure off of another OU in the same
domain? If that is correct, then GPO permissions aren't involved since they
stay with the GPO, not the links. However, you can replicate just links (and
link states) if you are up for some scripting. The GPMC APIs all support
reading and writing links. So you could write a script to read from one OU
structure and write to another. Or, you can use our free GPMC PowerShell
cmdlets to do this in PowerShell if you are so inclined
(www.sdmsoftware.com/freeware).

Darren
--
Darren Mar-Elia
MS-MVP-Windows Server--Group Policy

*******************************
Secure and configure your Windows desktops accurately every time without
having to learn or install new technology.
Find out more about Desktop Policy Manager at
http://www.sdmsoftware.com/desktop_management
*******************************
"UnderCoverGuy" <***@discussions.microsoft.com> wrote in message news:A07E482F-E803-4770-8FD2-***@microsoft.com...

On Thursday, October 16, 2008 9:07 AM
UnderCoverGu wrote:

Thanks Darren. Yes, that is exactly what I am looking to do.
Thanks Darren. Yes, that is exactly what I am looking to do. So I looked at
Microsoft's scripts and figured I'd try to modify them to do what I need but
that seemed a daunting task. I figure it would be easier to just create my
own scripts from scratch, but I've worked with GP scripting objects before so
I have a learning curve on the syntax to use. Hopefully it won't be too
difficult.

I'll check out the link you provided for the PowerShell cmdlets. I saw that
on MS's third-party GP stuff but didn't really start looking at the ones that
used PS. I was looking at the "quick" GUI apps or canned scripts but didn't
see any that would really help me. Scripting it would probably be better
anyway because this is just the setup phase for my project - and other admins
may make GP changes down the road in the next month or two (before I start to
really implement the structure change) that may be missed in the new
structure. A script will allow me to run it again late in the game and make
sure that I get any possible GP changes that had been made.


Thanks again,
UCG

On Wednesday, October 29, 2008 3:14 PM
UnderCoverGu wrote:

Thanks. I picked up the GPO cmdlets from SDM Software.
Thanks. I picked up the GPO cmdlets from SDM Software. They work great by
themselves in testing thus far but I am having issues scripting it (or
running it from PS itself).

I've set up the OU structure in a text file, one per line, etc. It imports
just fine (the OU list already has the quotes around them):

$OUlist = GC "RealOUs_WorkWithCopy.csv"

But connecting the $OUlist to the cmdlets I have issues:

I've tried several variations but can't get it to work properly. If I do
this:

ForEach($OUname In $OUlist) {Write-Host Get-SDMgplink -Scope $OUname}

I get back:

Get-SDMgplink -Scope "OU=TestOU2,OU=_OurComputers,DC=domain,DC=com"
Get-SDMgplink -Scope "OU=TestOU1,OU=_OurComputers,DC=domain,DC=com"
(...etc...)

But, if I use the following line of code (same as before without Write-Host):

ForEach($OUname In $OUlist) {Get-SDMgplink -Scope $OUname}

I receive back the following error (for each one) as it cycles through the
list:

+ ForEach($OUname In $OUlist) {Get-SDMgplink <<<< -Scope $OUname}
Get-SDMgplink : Value does not fall within the expected range.
At line:1 char:43

char:43 equals the start of the -Scope parameter.

Any thoughts?


Thanks in advance,
UCG


Submitted via EggHeadCafe - Software Developer Portal of Choice
WPF Report Engine, Part 4
http://www.eggheadcafe.com/tutorials/aspnet/5ac799db-385f-431a-8a45-8b37cb7f3186/wpf-report-engine-part-4.aspx
Loading...