Find Group Policy Objects with specific keywords using PowerShell

When conducting assessments of Active Directory Group Policy objects, it can be time-consuming to manually check each forest and domain individually. Fortunately, we can use PowerShell to automate this process and simplify the analysis of Group Policy objects across multiple forests and domains. This can help us to quickly and efficiently identify and analyze Group Policy objects and gain insights into their configuration.

We can use two different commands for that purpose:

• Get-GPO
• Get-GPOReport

Get-GPO allows us to retrieve all the Group Policy Objects from our environment. The Get-GPOReports command allows querying the GPO content in an XML format.

If the content is in XML format, then we can use the Contains method or -match operator.

Putting all these together, we can create a script like that.

Param(
    [Parameter(Mandatory=$True,HelpMessage = "Please speficy keyword for GPO search")]
        $KeyWord
)

$GPOs = Get-GPO -All
foreach($GPO in $GPOs){
    Write-Output -InputObject "**** Processing $($GPO.DisplayName) GPO"
    $GPOData = Get-GPOReport -Name $GPO.DisplayName -ReportType Xml
    If($GPOData.Contains($KeyWord)){
        Write-Output -InputObject "-------- We found something in $($GPO.DisplayName) Group Policy"
    }
    Else{
        #Write-Output -InputObject "--- We didnt find anything. Please try again with a different Keyword"
    }
    
}

Script output

Check out my GitHub page and click subscribe to get the latest news to your inbox.

Active-Directory/Find-GPOWithSpecificKeyWords.ps1 at master · Kaidja/Active-Directory

Active Directory. Contribute to Kaidja/Active-Directory development by creating an account on GitHub.

GitHubKaidja