-
Notifications
You must be signed in to change notification settings - Fork 0
/
import-export-gplinks.ps1
143 lines (131 loc) · 4.82 KB
/
import-export-gplinks.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
param([String]$Mode,[String]$InputFile,[String]$OutputFile,[String]$LogFile)
if (($InputFile -and $OutputFile) -or ([String]::IsNullOrEmpty($InputFile) -and [String]::IsNullOrEmpty($OutputFile)))
{
write-host -ForegroundColor Red "Either InputFile or OutputFile must be specified and both cannot be specified together"
Write-Host -ForegroundColor Red "Exiting Script"
return
}
if ([String]::IsNullOrEmpty($LogFile))
{
$LogFile = "C:\GPOLinksLog.txt"
}
Set-Content $LogFile $NULL
Import-Module activedirectory
if ($InputFile)
{
$FileExists = Test-Path $InputFile
if ($FileExists -eq $false)
{
write-host -ForegroundColor Red "Input file does not exist"
Write-Host -ForegroundColor Red "Exiting Script"
return
}
$thisDomain = Get-ADDomain
$thisDomainDN = $thisDomain.DistinguishedName
$header = "objectDN","domainDN","Links"
$Links = $null
$Links = import-csv $InputFile -Delimiter "`t" -Header $header
if ($Links -eq $null)
{
write-host -ForegroundColor Red "No input was detected"
Write-Host -ForegroundColor Red "Exiting Script"
return
}
foreach ($Link in $Links)
{
$currentObject = $NULL
$Link.objectDN = $Link.objectDN -replace $Link.domainDN,$thisDomainDN
[Array]$objectLinks = $Link.Links.Split("`v")
$NewLink = $null
$currentDN = $Link.objectDN
add-content $LogFile "$currentDN was configured with the following links:"
foreach ($objectLink in $objectLinks)
{
$currentLink = $NULL
$linkName = $objectLink.TrimEnd("0","1","2")
$linkName = $linkName.TrimEnd(";")
if ($linkName)
{
add-content $LogFile $linkName
$currentLink = Get-ADObject -Filter {objectClass -eq "groupPolicyContainer" -and displayName -eq $linkName}
if ($currentLink -ne $NULL)
{
$NewLink = $NewLink + "[LDAP://" + $currentLink + ";" + $objectLink.Substring($objectLink.Length -1,1) + "]"
}
else
{
Add-Content $LogFile "Error: $linkname does not appear to exist in the destination domain. Please re-import it or create a new GPO with the same name."
}
}
}
try
{
$currentObject = Get-ADObject $Link.objectDN -Properties gpLink
$currentObject.gpLink = $NewLink
if ($NewLink)
{
Set-ADObject $Link.objectDN -Replace @{gpLink = $NewLink}
}
else
{
$currentObjectDN = $Link.objectDN
Add-Content $LogFile "Error: It appears none of the GPO's previously linked to '$currentObjectDN' exist. Please re-import the GPO's to the destination domain."
}
}
catch
{
$currentObjectDN = $Link.objectDN
add-content $LogFile "Error: $currentObjectDN does not exist. Create the object and try again."
}
if ($NewLink)
{
add-content $LogFile "gPLink will be set to: $NewLink"
}
else
{
Add-Content $LogFile "gPLink will not be modified on this object."
}
add-content $LogFile "---END---"
}
write-host -ForegroundColor Yellow "A log file has been saved at $LogFile"
}
else
{
set-content $OutputFile $null
$Links = $NULL
$thisDomain = Get-ADDomain
$thisDomainDN = $thisDomain.DistinguishedName
$thisDomainConfigurationPartition = "CN=Configuration," + $thisDomainDN
$Links = Get-ADObject -Filter {gpLink -LIKE "[*]"} -Properties gpLink
$Links += Get-ADObject -Filter {gpLink -LIKE "[*]"} -Searchbase $thisDomainConfigurationPartition -Properties gpLink
$NewLine = $null
if ($Links)
{
foreach ($Link in $Links)
{
$NewLine = $null
$LinkList = $Link.gpLink.Split('\[|\]')
foreach ($LinkItem in $LinkList)
{
if ($LinkItem)
{
$LinkSplit = $LinkItem.Split(";")
$LinkItem = $LinkItem.TrimStart("LDAP://")
$LinkItem = $LinkItem.TrimEnd(';0|;1|;2')
$LinkItem = get-adobject $LinkItem -Properties displayName
$NewLine = $NewLine + $LinkItem.DisplayName + ";" + $LinkSplit[1] + "`v"
}
}
$NewLine = $Link.DistinguishedName + "`t" + $thisDomainDN + "`t" + $NewLine
add-content $OutputFile $NewLine
}
write-host -ForegroundColor Yellow "The output file has been saved at $OutputFile"
}
else
{
write-host -ForegroundColor Red "No GPO Links exist in this domain"
write-host -ForegroundColor Red "Exiting script"
Set-Content $OutputFile $NULL
return
}
}