Active Directory GPO Reports

 


GPO Reports


 

 

All GPOs Report

 

This provides the list of all Group Policy Objects present in the Active Directory.

 

How it works: The report is generated by querying the LDAP for all objectClass set to groupPolicyContainer i.e. "objectClass=groupPolicyContainer".

 

To view the report, click AD Reports- -> GPO Reports  - -> All GPOs and Linked objects - -> Select domain and click generate

 

 

Recently created GPOs Report

 

This provides the list of Group Policy Objects and Active directory objects linked to it, that are recently created in the past "n" days.

 

How it works: The report is generated by querying the LDAP for createTimeStamp set to more than or equal to SpecifiedTime i.e. "createTimeStamp>=SpecifiedTime".

 

To view the report, select the domain, enter the number of days and click Generate.

 

 

 

Recently modified GPOs Report

 

This provides the list of Group Policy Objects and Active directory objects linked to it, that are recently modified in the past "n" days.

 

How it works: The report is generated by querying the LDAP for modifyTimeStamp set to more than or equal to SpecifiedTime i.e. "modifyTimeStamp>=SpecifiedTime".

 

To view the report, select the domain, enter the number of days and click Generate.

 

 

 

 

 

Disabled GPOs Report

 

This provides the list of all disabled GPO's. Both the computer configuration and user configuration settings are disabled.
 

How it works: The report is generated by querying the LDAP for all objectClass set to groupPolicyContainer and with a flag value 3 i.e. "objectClass=groupPolicyContainer" with flag=3.

 

To view the report, select the domain and click Generate.

 

 

 

Unused GPOs Report

 

This provides the list of Group Policy Objects that are not used since they are linked to a GPO.

 

How it works: The report is generated by querying the LDAP for all GPO's that are not linked to any other objects in the domain and reiterating the search to all GPO's.

 

To view the report, select the domain and click Generate.

 

 

Frequently modified computer settings GPOs Report

 

This provides the list of Group Policy Objects with frequently modified computer settings.

 

How it works:: The report is generated by querying the LDAP for attribute versionNumber; as the computer settings are modified the version number also changes.

 

To view the report, select the domain, enter the number of GPOs and click Generate.

 

 

 

 

Frequently Modified user Settings GPOs Report

 

This provides the list of Group Policy Objects with frequently modified user settings.

 

How it works: The report is generated by querying the LDAP for attribute versionNumber; as the user settings are modified the version number also changes.

 

To view the report, select the domain, enter the number of GPOs and click Generate.

 

 

 

Domain Linked GPOs Report

 

This provides the list of Group Policy Objects that are linked to domains.

 

How it works: The report is generated by querying the LDAP for all GPO's that are linked to any domain object by reiterating the search to all GPO's.

 

To view the report, select the domain and click Generate.

 

 

 

OU linked GPOs Report

 

This provides the list of Group Policy Objects that are linked to organizational units.

 

How it works: The report is generated by querying the LDAP for all GPO's that are linked to any domain object by reiterating the search to all GPO's.

 

To view the report, select the domain and click Generate.

 

 

 

Site linked GPOs Report

 

This provides the list of Group Policy Objects that are linked to any site.

 

How it works: The report is generated by querying the LDAP for all GPO's that are linked to any site by reiterating the search to all GPO's.

 

To view the report, select the domain and click Generate.

 

 

 

GPO blocked inheritance container Report

 

This provides the list of Group Policy Objects that are blocked from inheritance from their parent objects.

 

To view the report, select the domain and click Generate.

 

 

 

Computer settings disabled GPOs Report

 

This provides the list of Group Policy Objects with computer settings disabled.

 

How it works: The report is generated by querying the LDAP for objectClass set to groupPolicyContainer with a flag value 3 or 2 i.e. "objectClass=groupPolicyContainer" (|(flags=3)(flags=2)).

 

To view the report, select the domain and click Generate.

 

 

 

User settings disabled GPOs Report

 

This provides the list of Group Policy Objects with user settings disabled.

 

How it works: The report is generated by querying the LDAP for "objectClass" set to groupPolicyContainer with a flag value 3 or 1 i.e. "objectClass=groupPolicyContainer" (|(flags=3)(flags=1)).

 

To view the report, select the domain and click Generate.

 

Frequently modified GPOss Report

 

This provides the list of Group Policy Objects that are frequently modified.

 

How it works: The report is generated by querying the LDAP for attribute versionNumber; as the computer settings are modified the version number also changes.

 

To view the report, select the domain, enter the number of GPOs and click Generate.