Article ID: 248392 - Last Review: February 28, 2007 - Revision: 3.4

Scripting the addition of Group Policy links

View products that this article applies to.
This article was previously published under Q248392

On This Page

Expand all | Collapse all

SUMMARY

Administrators may need a way of automating the modification of the Group Policy objects (GPOs) that apply to a given site, domain, or organizational unit. This article contains a sample Visual Basic script that, when run on a computer that is a member of a domain, displays the list of available GPOs and allows the user to manually add a GPO link. You should consider the sample script in this article only a guide as to what can be accomplished. You should modify it to meet your specific needs.

Portions of this script rely on IADsTools, a Component Object Model (COM) object that can be used for many functions, including the one described in this article to enumerate GPOs. IADsTools is included with the Windows 2000 Support tools, which are located in the Support\Tools folder on the Microsoft Windows 2000 Professional or Server CD-ROMs. Detailed information about the function parameters for IADsTools is located in the Windows 2000 Support Tools documentation.
Back to the top

MORE INFORMATION

Warning A malformed Group Policy Link (GPLink) attribute can cause problems. For additional information about a related issue, click the following article number to view the article in the Microsoft Knowledge Base:
870997  (http://support.microsoft.com/kb/870997/ ) Windows XP and Windows 2000 clients that share a single organizational unit stop responding or spontaneously restart


To use this script, follow these steps.
  1. Copy the text listed later in this article and paste it into Notepad.
  2. Replace "ServerName" with the name of the computer holding the primary domain controller (PDC) Flexible Single Master Operations (FSMO) role for the domain. Replace "DC=MyDomain,DC=Com" with the distinguished name (DN) of your domain in the "SET SDOU=GetObject("LDAP://ServerName/DC=MyDomain,DC=Com")" line.
  3. Replace "MyDomain.com" and "ServerName" with the fully qualified domain name (FQDN) of the domain and the name of the server in the "Result=DLL.GetGPOs("MyDomain.com","ServerName")" line.
  4. Search for the "DLL.GetDefaultNamingContext("ServerName")" string and replace "ServerName" with the name of the server used in the previous two steps.
  5. Save the file as Gpollink.vbs.
  6. At a command prompt, type cscript gpollink.vbs.
The script first enumerates the GPOs in the domain and displays those as output in the command prompt window. It then displays the site, domain, or organizational unit that is the target of the operation (that is, which Active Directory container will be modified to contain a new Group Policy link). The information in this sample script is static. A dialog box then prompts the user for the friendly name of the GPO to add a link for. If it is successful, the following message is displayed in the command prompt window:
Successfully added a link to this SDOU for the GPO (Policy Name)
Back to the top

Notes

  • This script always adds the new GPO to the top of the priority list.
  • If the same friendly name is repeated across multiple GPOs, only the first in the list of enumerated GPOs is used.
Back to the top

Sample Script

'GPOLLINK.VBS
'Purpose:  adds a Group Policy link to an existing Site, Domain, or OU 
'Syntax:  (from a command prompt) CSCRIPT GPOLLINK.VBS

'NOTE:  if you modify this script and pass variables to the IADSTOOLS functions, these variables
'must be typed when you pass them in.  Please see "Programs -> Windows 2000 Support Tools -> Tools Help"
'for more information

'in case the gpLink attribute isn't populated, continue anyway
On Error Resume Next

'the IADSTOOLS com object that ships with the Support Tools has many
'functions that make it easier to retrieve data stored in the DS

'instance the object
Set DLL=CreateObject("iadstools.dcfunctions")

'bind to the Site, Domain, or OU (SDOU) that you want to manage the links on
'specify the PDC name when doing this
Set SDOU=GetObject("LDAP://ServerName/dc=MyDomain,dc=com")

'call the IADSTOOLS function to enumerate the Group Policy Objects (GPOs)
Result=DLL.GetGPOs("MyDomain.com","ServerName")

'if a positive number of GPOs is returned, then list them
if result > 0 then
	'we found gpos in the list
	for i=1 to result
		'print them out to the display
		wscript.echo DLL.gponame(i)
		wscript.echo "     " & dll.gpoguid(i)
	next
else
	'we didn't find any - none to display
	wscript.echo "No GPOs were found."
end if

'again, if a positive number of GPOs is returned, than we can
'offer the user the option of linking a GPO to the selected SDOU
if Result > 0 then
	'display the SDOU we will be modifying just in case it is incorrect before they
	'make any modification
	wscript.echo ""
	wscript.echo "The SDOU you will be modifying is:"
	wscript.echo "     " & SDOU.adspath

	'ask the user for the textual name of the existing GPO to add
	askGUID=inputbox("Enter the name of the GPO to add (case is not important):")

	'if they hit cancel or entered nothing, exit
	if askGUID="" then
		'do nothing
	else
		'cycle through the GPOs we got back from IADSTOOLS and find the GPO the user
		'entered
		for i=1 to result
			'we drop both items being compared to lower case to rule out case
			if lcase(DLL.gponame(i))=lcase(askGUID) then
				'we found a match.  Determine the links that already exist, if any
				currentGPLIST=SDOU.get("gpLink")

				'construct a new link to add to the existing links
				currentGPLIST=currentGPLIST & "[LDAP://CN=" & DLL.gpoguid(i) & ",CN=Policies,CN=System," & DLL.getdefaultnamingcontext("ServerName") & ";0]"

				'write the new list back to the gpLink attribute on the SDOU
				SDOU.put "gpLink",currentGPLIST

				'commit the change
				SDOU.SetInfo

				'tell the user we completed successfully
				wscript.echo ""
				wscript.echo "Successfully added a link to this SDOU for the GPO (" & DLL.gponame(i) & ")"

				'only process the first one we come to that has the correct name
				Exit For
			end if
		next
	end if
end if
Back to the top

REFERENCES

For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
870997  (http://support.microsoft.com/kb/870997/ ) Windows XP and Windows 2000 clients that share a single organizational unit stop responding or spontaneously restart
Back to the top
APPLIES TO
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
Back to the top
Keywords: 
kbenv kbinfo KB248392
Back to the top
 

Get Help Now

Contact a support professional by E-mail, Online, or Phone

Article Translations

 

Related Support Centers