≡ Menu

Find Group Policies Objects in Domain using PowerShell

Windows Server 2012 and Windows 8.1 has inbuilt module for managing Group Policy objects in Windows environment. It has a total of 26 cmdlets to serve different types of Group policy operations. In this article I will focus on Get-GPO cmdlet and its usage.

You can start with importing the module first.

Import-Module GroupPolicy

This module is made available automatically when you install domain controller role in Windows Server 2012. If you want to install this module on a member server running windows server 2012, you can do it by adding Group Policy Management feature. This installs both MMC and PowerShell modules.

gpo module install

If you want to install this feature also via PowerShell, then try the below two commands. This will install GPMC.

Import-Module ServerManager            
Add-WindowsFeature GPMC

Get total no. of cmdlets in GroupPolicy module

To see the no. of cmdlets available in this module, below command will help.

(Get-Command -Module GroupPolicy | ? {$_.CommandType -ne "Alias" }).Count

List all Group policies in domain.

If you want to list all Group policies in current domain, use Get-GPO cmdlet with -All parameter. This will all GPOs in the current domain. This will return information like Displayname, GUID, GPO status, creation and modified time, etc of each GPO.

Get-GPO -All

Search for a GPO

Searching for a GPO by display name is also easy. Its matter of filtering the output generated from Get-GPO cmdlets.

Get-Gpo -all | ? {$_.displayName -match "Logon" }

filter-gpo-by-name

Convert to GUID to Name and Name to GUID:

If you know GUID of a GPO, you can get the display name of and similarly you can get GUID if you know the display name of it. Finding this information in prior operation systems requires either nontrivial coding or usage of third party tools/scripts.

Get-GPO -Name LogonPolicy | select id
Get-GPO -Guid 98cbbc75-de94-4093-9b46-d4100230849e | select displayname

gpo-name-to-guid-to-name

Specify DC name/domain name to query:

If you would like to query Group policy information from a specific domain controller, you can do that by pointing Get-GPO cmdlet to domain controller by specifying -Server parameter. You can also specify the name of the domain in FQDN format.

Get-GPO -all -Server TIBDC1

Export Group policy information to CSV:

The group policy information can be easily exported to a CSV/Excel by using Export-CSV cmdlet in combination with Get-GPO cmdlet.

Get-GPO -all | export-csv c:\temp\GPOinfo.csv -NoTypeInformation

Hope this helps. Happy learning. In next post I will cover about other Group Policy cmdlets and their usage.

{ 4 comments… add one }
  • Elias Gonzalez June 15, 2017, 1:38 am

    Thanks for thi article. but ok you list the policy objects, but what that alphanumerical string means?

    • Wintel Rocks June 27, 2017, 2:08 pm

      the alphanumerical string is nothing but GUID of the Group Policy object.

Leave a Comment