How to get GPOs list from a domain using PowerShell
This article explains how to use PowerShell to get GPO report for the specified domain. It explains how to use Get-GPO and GetGPOReport cmdlets. It also lists the steps to get GPO report using ADManager Plus, a unified Active Directory, Office 365 and Exchange management and reporting tool, to demonstrate how it simplifies GPO reporting.
Steps to get GPO report using PowerShell.
- Ensure you have the necessary permissions to perform this action, and also to execute PowerShell scripts.
- Create the script using the Get-GPO or Get-GPOReport based on your preferences, and execute it in the PowerShell window.
- Sample script for obtaining the NTFS report:
A sample PowerShell script to get GPO list
Click to copy entire script
Get-GPO -All -Domain "marketing.example.com"
This cmdlet will list all GPOs from the domain marketing.example.com
Get-GPOReport -Name "Privileged Access Control" -ReportType HTML -Path "D:\GPODetails.html"
This cmdlet fetches all the details of the Privileged Access Control GPO, and stores it in HTML format in the specified location.
To get GPO report:
- Launch the All GPOs & Linked AD Objects report from GPO Report under Reports tab.
- Select the desired domain, and click Generate. Choose CSV from Export as option.
» Start 30-day Free Trial
Limitations of using PowerShell to get GPO report.
- You will not be able to generate this report using PowerShell if you do not have sufficient permissions. With ADManager Plus, users privileges in native AD or Exchange doesn't have to be elevated, and they can be allowed to do this operation only in specific OUs or domains.
- If you wish to get GPO report in any format other than HTML or XML, or if you wish to get this report for only a specific GPO, you will have to either modify the script to add additional parameters, use workarounds or create a new script. With ADManager Plus though, exporting to multiple formats, or getting the report for only specific GPOs is offered as a built-in option that's available by default.
- You must know how to run the scripts from the PowerShell window. ADManager Plus is purely GUI-based, allowing you to perform all management and reporting actions with just mouse clicks from its web-based console.
- Even a misplaced hyphen, a typo in the LDAP names or lack of sufficient permission to configure any of the attributes used in the script will lead to errors. As all actions in ADManager Plus are GUI-driven, there is no need to write scripts, eliminating the chances of errors.
Review GPO configuration with built-in reports from ADManager Plus.
Get 30-day free trial.