Recipe 9.17 Backing Up a GPO

Previous page
Table of content
Next page

9.17.1 Problem

You want to back up a GPO.

9.17.2 Solution

9.17.2.1 Using a graphical user interface

  1. Open the GPMC snap-in.

  2. In the left pane, expand the Forest container, expand the Domains container, browse to the domain of the GPO you want to back up, and expand the Group Policy Objects container.

  3. Right-click on the GPO you want to back up, and select Back Up.

  4. For Location, enter the folder path to store the backup files.

  5. For Description, enter a descriptive name for the backup.

  6. Click the Back Up button.

  7. You will see a progress bar and status message that indicates if the back up was successful.

  8. Click OK to exit.
9.17.2.2 Using a command-line interface
> backupgpo.wsf "<GPOName>" "<BackupFolder>" /comment:"<BackupComment>"
9.17.2.3 Using VBScript
' This code backs up a GPO to the specified backup location. ' ------ SCRIPT CONFIGURATION ------ strGPO      = "<GPOName>"        ' e.g. Default Domain Policy strDomain   = "<DomainDNSName>"  ' e.g. rallencorp.com strLocation = "<BackupFolder>"   ' e.g. c:\GPMC Backups strComment  = "<BackupComment>"  ' e.g. Default Domain Policy Weekly ' ------ END CONFIGURATION --------- set objGPM = CreateObject("GPMgmt.GPM") set objGPMConstants = objGPM.GetConstants( )    ' Initialize the Domain object set objGPMDomain = objGPM.GetDomain(strDomain, "", objGPMConstants.UseAnyDC) ' Find the GPO you want to back up set objGPMSearchCriteria = objGPM.CreateSearchCriteria objGPMSearchCriteria.Add objGPMConstants.SearchPropertyGPODisplayName, _                          objGPMConstants.SearchOpEquals, cstr(strGPO) set objGPOList = objGPMDomain.SearchGPOs(objGPMSearchCriteria) if objGPOList.Count = 0 then    WScript.Echo "Did not find GPO: " & strGPO    WScript.Echo "Exiting."    WScript.Quit elseif objGPOList.Count > 1 then    WScript.Echo "Found more than one matching GPO. Count: " & _                 objGPOList.Count    WScript.Echo "Exiting."    WScript.Quit else    WScript.Echo "Found GPO: " & objGPOList.Item(1).DisplayName End if ' Kick off the backup On Error Resume Next set objGPMResult = objGPOList.Item(1).Backup(strLocation, strComment) ' Call the OverallStatus method on the GPMResult.  ' This will throw an exception if there were any  ' errors during the actual operation. objGPMResult.OverallStatus( ) if objGPMResult.Status.Count > 0 then    WScript.Echo "Status messages:" & objGPMResult.Status.Count    for i = 1 to objGPMResult.Status.Count    WScript.Echo objGPMResult.Status.Item(i).Message    next    WScript.Echo vbCrLf end if ' Print the results if Err.Number <> 0 then    WScript.Echo "The backup failed."    WScript.Echo "Attempted to backup GPO '" & strGPO & "' to location " & strLocation    WScript.Echo "Error: " & err.description else            set objGPMBackup = objGPMResult.Result    WScript.Echo "Backup completed successfully."    WScript.Echo "GPO ID: "  & objGPMBackup.GPOID    WScript.Echo "Timestamp: " & objGPMBackup.TimeStamp    WScript.Echo "Backup ID: " & objGPMBackup.ID end if

9.17.3 Discussion

The GPMC provides a way to back up individual (or all) GPOs. A GPO backup consists of a set of folders and files that catalog the GPO settings, filters and links, and is created in the backup location you specify. You can back up a GPO to a local drive or over the network to a file server. Restoring a GPO is just as easy and is described in Recipe 9.18.

Prior to GPMC, the only way to back up GPOs was by backing up the System State on a domain controller. The System State includes Active Directory and SYSVOL (both components are needed to completely back up a GPO). To restore a GPO using this method, you'd have to boot into DS Restore mode and perform an authoritative restore of the GPO(s) you were interested in. Needless to say, the GPMC method is significantly easier.

A good practice is to back up your GPO backups. Since all the back-up information is captured in a series of files, you can back up that information to media, which provides two levels of restore capability. You could restore the last backup taken, which could be stored on a domain controller or file server, or you could go to tape and restore a previous version.

In the folder you specify to store the GPO backups is a list of folders that have GUIDs for names. This does not make it very easy to distinguish which backups are for which GPOs. A quick way to find that out is to use the querybackuplocation.wsf script. This will list each of the folder GUID names and the corresponding GPO it is for:

> querybackuplocation.wsf "c:\gpmc backups"
9.17.3.1 Using VBScript

I use a GPMSearchCriteria object to find the GPO that is equal to the display name of the GPO specified in the configuration section. I use an if elseif else conditional statement to ensure that only one GPO is returned. If none or more than one is returned, I abort the script. If only one is returned, I call the GPMGPO.Backup method to back up the GPO. The first parameter is the directory to store the GPO backup files, and the second parameter is a comment that can be stored with the back up. This comment may come in handy later for doing searches against the backups on a server, so you may want to think about what to put for it.

9.17.4 See Also

Recipe 9.18 for restoring a GPO and MSDN: GPMGPO.Backup


Previous page
Table of content
Next page
Active Directory Cookbook
Active Directory Cookbook, 3rd Edition
ISBN: 0596521103
EAN: 2147483647
Year: 2006
Pages: 456
Authors: Laura E. Hunter, Robbie Allen
BUY ON AMAZON
Inside Network Security Assessment: Guarding Your IT Infrastructure
Kanban Made Simple: Demystifying and Applying Toyotas Legendary Manufacturing Process
Excel Scientific and Engineering Cookbook (Cookbooks (OReilly))
Data Structures and Algorithms in Java
Microsoft Visual Basic .NET Programmers Cookbook (Pro-Developer)
Digital Character Animation 3 (No. 3)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy