How to create a new group policy object (GPO) using PowerShell
This article compares the process of creating a new GPO in Active Directory using PowerShell and ADManager Plus, a unified Active Directory, Office 365 and Exchange management and reporting tool. This article also explains why ADManager Plus, with its completely GUI based options, is the easiest option among the two.
Windows PowerShell
Steps to create a new GPO using PowerShell.
- Ensure you have the necessary permissions to create a GPO, and also to execute PowerShell scripts.
- Create the script using the New-GPO cmdlet, and execute it in the PowerShell window.
A sample PowerShell script to create a new GPO
Copied
New-GPO -Name SimpleGPO
Click to copy entire script
This cmdlet will create a GPO named SimpleGPO in the domainwhich the user executing the script belongs to.
If you wish to link this GPO to a specific OU, domain or site, the script has to be modified by including the New-GPLink cmdlet.
ADManager Plus
To create a new GPO,
- Click the Create New GPO option in the Manage GPOs section of GPO Management, in Management tab.
- Enter a suitable name for the GPO. To link the GPO to the desired OUs, domain or sites, click the Link Now option, and select the desired target containers.
Screenshot
» Start 30-day Free Trial
Limitations of using PowerShell to create a new GPO
- You will not be able to create a new GPO using PowerShell if you do not have enough privileges in AD to either create the GPO or execute the script. With ADManager Plus, users privileges in native AD doesn't have to be elevated to enable user AD accounts.
- If you wish to link the GPO to different sites, domain or OUs, the script has to be modified by adding another cmdlet New-GPLink, which only increases the complexity. With ADManager Plus though, you can select all the desired target containers, right from the GUI, with just mouse-clicks, making it far easier and simpler to create a GPO.
- You must know how to run the scripts from the PowerShell window. ADManager Plus is purely GUI-based, allowing you to perform all management and reporting actions with just mouse clicks from its web-based console.
- Even a misplaced hyphen, or a typo in the LDAP names will lead to errors. As all actions in ADManager Plus are GUI-driven, there is no need to write scripts, eliminating the chances of errors.
