Recently we wanted to do a review of all our Active Directory Group policy objects (GPO’s), we wanted to see what GPO’s where not assigned or what OU they where assigned, so that we could try to consolidate or remove unused GPO’s.
There was a couple of hundred in each domain, so I didn’t want to have to check each one manually.
There is a PowerShell command that you can run to list all GPO’s but it doesn’t show assignments
To get more information on the GPO we can run the command Get-GPOReport which let’s you create either a HTML or XML report.
In this case I want to use an XML as I want to pull information from the xml report, the only issue is getting data directly from a XML report is a bit difficult.
To read an XML report in PowerShell you can use the typecast to XML by using [xml] in front of the variable which should make querying the content easier. The only part of the XML that I really want currently is the LinksTo, as this shows where the GPO is assigned. Once I had all this information I was then able to create the full script. I will put the script up on GitHub since it easier for people to copy the script file.
Below is the script running This is what the export will look like.