List of all GPO's with their links.

I'm brand new to PS, and have tried using the various helps for both the Get-ADOrganizationalUnit and Get-GPO cmdlets, but I can't seem to get what I need. I found a script from Jaap in another post ( ) which (I export to a CSV and…) lists all the OU's in column A, and then the GPO's linked to each of the OU's. However, what I want is just the opposite. I want to get a list of all the policies in column A, and then all the OU's that they're linked to in column B.

Column A (GPO's)     Column B (Linked to...)

IESettingsGPO1        LondonOU, ChicagoOU, AtlantaUsersOU

RemoteUsersGPO2    ChicagoOU

GPO3                     domainlevelOU



On the forum, I was directed to the Get-GPLink and SDM-GP cmdlets, but I'm not sure if those produce the output I need. So far, I can use the cmdlet below to get a list of all the GPO's, but I don't know how to pipe that over to some other command to be able to get the links to each of the GPO's

get-gpo -All | Select-Object displayname | format-list


  • I take this as an opportunity for you to learn something so I will only generally describe how I'd approach that problem, so you can figure it our yourself :)


     I would list all policies using jaaps script. Foreach item in this list I would take the column B and foreach item in the column B i would output it and Column A. That would give list of all linked policies and their OUs. then I would list all available policies and each of them to the Column A. Then all you have to do is Sort -Unique the list. 

  • Nice a learning moment, I'll refrain from answering this one then. Let us know if you get stuck with anything and be sure to share your solution when you find it!

  • I am dying to answer this one, just because I spent an hour yesterday figuring out something similar, only I wanted to get the filter groups so I could move them.

    However I want to help get you started

    This is just the way I did it:

    You will need to get a list of all the OUs in your domain.

    $Searcher = New-Object -TypeName System.DirectoryServices.DirectorySearcher

    $Searcher.SearchRoot = "LDAP://DC=Domain,DC=Domain,DC=net"

    $Searcher.SearchScope = "subtree"

    $Searcher.Filter = "(objectClass=organizationalUnit)"

    $Searcher.PropertiesToLoad.Add('Distinguishedname') | Out-Null

    $LDAP_OUs = $Searcher.FindAll()

    $OUs = $

    Now that will give you a list of OUs with the DN using $OUs variable, you can use the pipeline and use the GPinheritance CMD to find the GPOlinks. You will have to research using foreach if you are not familiar with it. once you figure that out you can Select the Displayname for column A and Target for Column B.

    Let me know if you get stuck, I am glad to help


  • Nice piece of code, I like your code. Here is a different approach to do the same. When setting properties for the DirectorySearcher you can actually do it at creation by specifying the property parameter. Have a look at how that looks when you code it, no functional difference but just a different way of coding it:

    $Searcher = New-Object -TypeName System.DirectoryServices.DirectorySearcherv -Property @{
    SearchRoot = "LDAP://DC=Domain,DC=Domain,DC=net"
    SearchScope = "subtree"
    Filter = "(objectClass=organizationalUnit)"
    $Searcher.PropertiesToLoad.Add('Distinguishedname') | Out-Null
    $OU = $Searcher.FindAll() | % {-join $}

    Also I prefer using foreach-object instead of your notation for selecting the distinguished name, because your notation will only work in PowerShell v3 and up.

  • Thanks. Nice I didn't think to do it that way.

    Didn't know that about foreach only working in PS in v3. I just started learning PS about a year ago. But that is good to know.