Recipe 9.18 Restoring a GPO

9.18.1 Problem

You want to restore a GPO.

9.18.2 Solution

9.18.2.1 Using a graphical user interface
  1. Open the GPMC snap-in.

  2. In the left pane, expand the Forest container, expand the Domains container, browse to the domain of the GPO you want to back up, and expand the Group Policy Objects container.

  3. Right-click on the GPO you want to restore, and select Restore from Backup.

  4. Click Next.

  5. Select the backup folder location and click Next.

  6. Select the backup you want to restore and click Next.

  7. Click Finish.

  8. You will see the restore status window. After it completes, click OK to close the window.

9.18.2.2 Using a command-line interface
> restoregpo.wsf "<BackupFolder>" "<GPOName>"
9.18.2.3 Using VBScript
' This code restores a GPO from a back up. ' ------ SCRIPT CONFIGURATION ------ strGPO      = "<GPOName>"       ' e.g. Sales Users GPO strDomain   = "<DomainDNSName>" ' e.g. rallencorp.com strLocation = "<BackupFolder>"  ' e.g. c:\GPMC Backups strBackupID = "<BackupGUID>"    ' e.g. {85CA37AC-0DB3-442B-98E8-537291D26ED3} ' ------ END CONFIGURATION --------- set objGPM = CreateObject("GPMgmt.GPM") set objGPMConstants = objGPM.GetConstants( )    ' Initialize the Domain object set objGPMDomain = objGPM.GetDomain(strDomain, "", objGPMConstants.UseAnyDC) ' Make sure backup location and ID are valid set objGPMBackupDir = objGPM.GetBackupDir(strLocation) set objGPMBackup = objGPMBackupDir.GetBackup(strBackupID) WScript.Echo "Backup found:" WScript.Echo "  ID: " & objGPMBackup.ID WScript.Echo "  Timestamp: " & objGPMBackup.TimeStamp WScript.Echo "  GPO ID: " & objGPMBackup.GPOID WScript.Echo "  GPO Name: " & objGPMBackup.GPODisplayName WScript.Echo "  Comment: " & objGPMBackup.Comment WScript.Echo  ' Perform restore set objGPMResult = objGPMDomain.RestoreGPO(objGPMBackup, _                                            objGPMConstants.DoNotValidateDC) ' This will throw an exception if there were any errors ' during the actual operation. on error resume next objGPMResult.OverallStatus( ) if objGPMResult.Status.Count > 0 then    WScript.Echo "Status message(s): " & objGPMResult.Status.Count    for i = 1 to objGPMResult.Status.Count       WScript.Echo objGPMResult.Status.Item(i).Message    next    WScript.Echo vbCrLf end if ' Print result if Err.Number <> 0 then    WScript.Echo "Error restoring GPO " & objGPMBackup.GPODisplayName    WScript.Echo "Error: " & Err.Description else     WScript.Echo "Restore successful."    WScript.Echo "GPO '" & objGPMBackup.GPODisplayName & _                 "' has been restored." end if

9.18.3 Discussion

To restore a GPO using GPMC, you first need a valid backup of the GPO. The procedure for backing up a GPO is described in Recipe 9.17. You can then restore the GPO, even if the GPO has been deleted. To restore a deleted GPO, use the following steps:

  1. Right-click on the Group Policy Objects container in the target domain and select Manage Backups.

  2. Highlight the GPO you want to restore and click the Restore Button

  3. Click Yes to confirm.

  4. Click OK after the restore completes.

If you don't have a valid backup of the GPO, but you do have another GPO that is identical or similar to the one you want to restore (perhaps in another forest), you can copy that GPO to replace the one you want to restore. See Recipe 9.3 for more on copying GPOs.

9.18.3.1 Using VBScript

To restore a GPO, I have to first get a handle to the backup I am going to restore from. This is done by instantiating an object to the backup location with GPM.GetBackupDir, and then calling GPMBackupDir.GetBackup with the GUID of the backup to be restored. If you need to programmatically search for the backup ID, you can use the GPMBackup.SearchBackups method to find the most recent backup or a backup with a particular display name.

After I obtain a GPMBackup object, I call the GPMDomain.RestoreGPO method. The first parameter is the GPMBackup object that represents the backup to restore. The second parameter is a validation flag, and I use the constant that causes the restore to not be validated against a domain controller.

9.18.4 See Also

Recipe 9.3 for copying a GPO, Recipe Recipe 9.17 for backing up a GPO, and MSDN: GPMDomain.RestoreGPO



Active Directory Cookbook
Active Directory Cookbook, 3rd Edition
ISBN: 0596521103
EAN: 2147483647
Year: 2006
Pages: 456

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net