PI Services

Le blog des collaborateurs de PI Services

Powershell : Change the owner of my GPO

Pour faire suite au précédent articles Powershell : Who's the owner of my AD objects et Powershell : Change the owner of my AD objects voici comment trouver les GPO dont le propriétaire n'est pas "Domain Admins" et les modifier.

# Get Domain
$Domain = Get-ADDomain | select -ExpandProperty NetBIOSName

# Get all GPO
$AllGPO = Get-GPO -All
$AllADGPO = Get-ADObject -Filter {(ObjectClass -eq "groupPolicyContainer")} -Properties displayName

# Filter GPO that are not owned by Domain Admins
$NoGood = $AllGPO.Where({$_.owner -ne "$Domain\Domain Admins"})

# Change owner of all invalid GPO
$NoGood | select -First 1 | foreach {
    $DisplayName = $_.DisplayName
    $Id = $_.ID
    $Guid = $Id.Guid

    $CurrentGpo = $AllADGPO.Where({$_.DisplayName -eq $DisplayName})
    Write-Host $CurrentGpo
    Write-Host $DisplayName -ForegroundColor Magenta
    $adsiTarget = [adsi]"LDAP://$($CurrentGpo.DistinguishedName)"
    $idRef = New-Object System.Security.Principal.NTAccount("$Domain", "Domain Admins")
    $DisplayName = $null
    $Id = $null



Ajouter un commentaire