Recipe 9.12 Creating a GPO Link to an OU

Previous page
Table of content
Next page

9.12.1 Problem

You want to apply the GPO settings to the users and/or computers in an OU. This is called linking a GPO to an OU.

9.12.2 Solution

9.12.2.1 Using a graphical user interface

  1. Open the GPMC snap-in.

  2. In the left pane, expand the Forest container, expand the Domains container, and browse to the target domain.

  3. Right-click on the OU you want to link and Link an Existing GPO.

  4. Select from the list of available GPOs and click OK.
9.12.2.2 Using VBScript
' This code links a GPO to an OU ' ------ SCRIPT CONFIGURATION ------ strGPO     = "<GPOName>"        ' e.g. Sales GPO strDomain  = "<DomainDNSName>"  ' e.g. rallencorp.com strOU      = "<OrgUnitDN>"      ' e.g. ou=Sales,dc=rallencorp,dc=com intLinkPos = -1 ' set this to the position the GPO evaluated at                 ' a value of -1 signifies appending it to the end of the list ' ------ END CONFIGURATION --------- set objGPM = CreateObject("GPMgmt.GPM") set objGPMConstants = objGPM.GetConstants( )    ' Initialize the Domain object set objGPMDomain = objGPM.GetDomain(strDomain, "", objGPMConstants.UseAnyDC) ' Find the specified GPO set objGPMSearchCriteria = objGPM.CreateSearchCriteria objGPMSearchCriteria.Add objGPMConstants.SearchPropertyGPODisplayName,  objGPMConstants.SearchOpEquals, cstr(strGPO) set objGPOList = objGPMDomain.SearchGPOs(objGPMSearchCriteria) if objGPOList.Count = 0 then    WScript.Echo "Did not find GPO: " & strGPO    WScript.Echo "Exiting."    WScript.Quit elseif objGPOList.Count > 1 then    WScript.Echo "Found more than one matching GPO. Count: " & _                 objGPOList.Count    WScript.Echo "Exiting."    WScript.Quit else    WScript.Echo "Found GPO: " & objGPOList.Item(1).DisplayName end if ' Find the specified OU set objSOM = objGPMDomain.GetSOM(strOU) if IsNull(objSOM) then    WScript.Echo "Did not find OU: " & strOU    WScript.Echo "Exiting."    WScript.Quit else    WScript.Echo "Found OU: " & objSOM.Name end if on error resume next set objGPMLink = objSOM.CreateGPOLink( intLinkPos, objGPOList.Item(1) ) if Err.Number <> 0 then    WScript.Echo "There was an error creating the GPO link."    WScript.Echo "Error: " & Err.Description else            WScript.Echo "Sucessfully linked GPO to OU" end if

9.12.3 Discussion

Linking a GPO is the process whereby you assign a SOM, which can be an OU, site, or domain. The solutions show how to link a GPO to an OU, but they could be easily modified to link to a site or domain.

See Recipe 5.11 for details on how to link an OU by modifying the gpLink attribute, instead of using the GPMC interface.

9.12.3.1 Using VBScript

To link a GPO, I first have to find the target GPO. I use a GPMSearchCriteria object to find the GPO that is equal to the display name of the GPO specified in the configuration section. I use an if elseif else conditional statement to ensure that only one GPO is returned. If zero or more than are are returned, I abort the script. If only one GPO was returned, I instantiate a GPMSOM object by passing the name of the OU to be linked to the GPMDomain.GetSOM method. Once I instantiate this object, I can call GPMSOM.CreateGPOLink to create a GPO link to the OU.

9.12.4 See Also

MS KB 248392 (Scripting the Addition of Group Policy Links) and MSDN: GPMSOM.CreateGPOLink


Previous page
Table of content
Next page
Active Directory Cookbook
Active Directory Cookbook, 3rd Edition
ISBN: 0596521103
EAN: 2147483647
Year: 2006
Pages: 456
Authors: Laura E. Hunter, Robbie Allen
BUY ON AMAZON
Absolute Beginner[ap]s Guide to Project Management
The Complete Cisco VPN Configuration Guide
Data Structures and Algorithms in Java
What is Lean Six Sigma
Quantitative Methods in Project Management
Digital Character Animation 3 (No. 3)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy