[ Team LiB ] |
Recipe 9.7 Importing Settings into a GPO9.7.1 ProblemYou want to import settings from one GPO to another. 9.7.2 Solution9.7.2.1 Using a graphical user interface
9.7.2.2 Using a command-line interface> importgpo.wsf "<GPOBackupLocation>" "<OrigGPOName>" "<NewGPOName>" 9.7.2.3 Using VBScript' This code imports the settings from a GPO that has been backed up into ' an existing GPO. ' ------ SCRIPT CONFIGURATION ------ strGPOImportTo = "<GPOName>" ' e.g. Sales GPO strDomain = "<DomainDNSName>" ' e.g. rallencorp.com strBackupLocation = "<BackupLocation>" ' e.g. c:\GPMC Backups ' GUID representing specific backup ' e.g.{3E53B39B-C29B-44FF-857B-8A84528804FF} strBackupID = "<BackupGUID>" ' ------ END CONFIGURATION --------- set objGPM = CreateObject("GPMgmt.GPM") set objGPMConstants = objGPM.GetConstants( ) ' Initialize the Domain object set objGPMDomain = objGPM.GetDomain(strDomain, "", objGPMConstants.UseAnyDC) ' Locate GPO backup set objGPMBackupDir = objGPM.GetBackupDir(strBackupLocation) set objGPMBackup = objGPMBackupDir.GetBackup(strBackupID) WScript.Echo "Backup found:" WScript.Echo " ID: " & objGPMBackup.ID WScript.Echo " Timestamp: " & objGPMBackup.TimeStamp WScript.Echo " GPO ID: " & objGPMBackup.GPOID WScript.Echo " GPO Name: " & objGPMBackup.GPODisplayName WScript.Echo " Comment: " & objGPMBackup.Comment WScript.Echo ' Find GPO to import into set objGPMSearchCriteria = objGPM.CreateSearchCriteria objGPMSearchCriteria.Add objGPMConstants.SearchPropertyGPODisplayName, _ objGPMConstants.SearchOpEquals, cstr(strGPOImportTo) set objGPOList = objGPMDomain.SearchGPOs(objGPMSearchCriteria) if objGPOList.Count = 0 then WScript.Echo "Did not find GPO: " & strGPO WScript.Echo "Exiting." WScript.Quit elseif objGPOList.Count > 1 then WScript.Echo "Found more than one matching GPO. Count: " & _ objGPOList.Count WScript.Echo "Exiting." WScript.Quit else WScript.Echo "Found GPO: " & objGPOList.Item(1).DisplayName end if ' Perform the import set objGPMResult = objGPOList.Item(1).Import(0,objGPMBackup) ' This will throw an exception if there were any errors ' during the actual operation. on error resume next objGPMResult.OverallStatus( ) if objGPMResult.Status.Count > 0 then WScript.Echo "Status message(s): " & objGPMResult.Status.Count for i = 1 to objGPMResult.Status.Count WScript.Echo objGPMResult.Status.Item(i).Message next WScript.Echo vbCrLf end if ' Print results if Err.Number <> 0 then WScript.Echo "Error importing GPO " & objGPMBackup.GPODisplayName WScript.Echo "Error: " & Err.Description else WScript.Echo "Import successful." WScript.Echo "GPO '" & objGPMBackup.GPODisplayName & _ "' has been imported into GPO '" & _ objGPOList.Item(1).DisplayName & "'" end if 9.7.3 DiscussionThe GPMC import function uses a back up of the source GPO to create the new "imported" GPO. This means you must first back up the source GPO using GPMC. You can then import the settings from that GPO into a new GPO, which may be in the same domain or a completely different forest. Importing a GPO is a great way to help facilitate transferring GPO settings from a test environment to production. Some properties of GPOs, such as security group filters or UNC paths, may vary slightly from domain to domain. In this case, you can use a GPMC migration table to help facilitate the transfer of those kinds of references to the target domain. For more information on migration tables, see the GPMC help file. 9.7.3.1 Using VBScriptTo import the settings of a backup, I have to first instantiate a GPMBackup object of the source backup by specifying the backup ID (a GUID) with the GPMBackupDir.GetBackup method. If you need to programmatically search for the backup ID, you can use the GPMBackup.SearchBackups method to find the most recent backup or a backup with a particular display name. Next, I instantiate a GPMGPO object of the GPO I'm importing into. To do this, I use a GPMSearchCriteria object to find the GPO that is equal to the display name of the GPO specified in the configuration section. I use an if elseif else conditional statement to ensure that only one GPO is returned. If zero or more than one are returned, I abort the script. If only one was returned, I use the GPMGPO.Import method to import the settings. The first parameter to the Import method is a flag that determines how security principals and UNC path mapping is done. I use 0, which is the default to not copy security settings. You can also use a migration table to do mappings if necessary. The second parameter is the GPMBackup object I instantiated earlier. The rest of the script performs some error handling and prints the results. 9.7.4 See AlsoRecipe 9.3 for copying a GPO, Recipe 9.17 for backing up a GPO, and MSDN: GPMGPO.Import |
[ Team LiB ] |