-
Get-GPOBackupAndReports PowerShell Script V1.00
May 1, 2018
Some of you know that I do a lot of work with Active Directory and Group Policy (GPO). I needed a script that would:
- Backup all GPOs in a domain
- Give me HTML and XML reports for all those GPOs
- Zip up the backups and reports
- If specified, email me a copy of the Zip files.
It didn’t take long to create the script but the testing took a long time to verify all the script parameters and emailing multiple attachments in a single email.
You can use this script to backup and get reports for the GPOs in a customer’s domain BEFORE you start either cleaning up or deleting GPOs.
Here is the script in action.
Since very few of you read the help text (based on all the emails I get where the answer is in the help text), here is the script’s full help text.
NAME
C:\PSScript\Get-GPOBackupAndReports.ps1SYNOPSIS
Creates a Backup and Reports for all Group Policies in the current Active Directory domain.SYNTAX
C:\PSScript\Get-GPOBackupAndReports.ps1 [-ADDomain <String>] [-ComputerName <String>] [-Folder <String>] [-Dev] [-ScriptInfo] [-Log] [<CommonParameters>]C:\PSScript\Get-GPOBackupAndReports.ps1 [-ADDomain <String>] [-ComputerName <String>] [-Folder <String>] -SmtpServer <String> [-SmtpPort <Int32>] [-UseSSL] -From <String> -To <String> [-Dev] [-ScriptInfo] [-Log] [<CommonParameters>]
DESCRIPTION
Creates a Backup and HTML and XML Reports for all Group Policies in the current Active Directory domain.This script requires at least PowerShell version 3 but runs best in version 5.
This script requires at least one domain controller running Windows Server 2008 R2.
This script outputs Text, XML and HTML files.
You do NOT have to run this script on a domain controller, and it is best if you didn’t.
This script was developed and run from a Windows 10 domain-joined VM.
This script requires Domain Admin rights and an elevated PowerShell session.
To run the script from a workstation, RSAT is required.
Remote Server Administration Tools for Windows 7 with Service Pack 1 (SP1)
Remote Server Administration Tools for Windows 8
Remote Server Administration Tools for Windows 8.1
Remote Server Administration Tools for Windows 10
PARAMETERS
-ADDomain <String>
Specifies an Active Directory domain object by providing one of the following
property values. The identifier in parentheses is the LDAP display name for the attribute. All values are for the domainDNS object that represents the domain.Distinguished Name
Example: DC=tullahoma,DC=corp,DC=labaddomain,DC=com
GUID (objectGUID)
Example: b9fa5fbd-4334-4a98-85f1-3a3a44069fc6
Security Identifier (objectSid)
Example: S-1-5-21-3643273344-1505409314-3732760578
DNS domain name
Example: tullahoma.corp.labaddomain.com
NetBIOS domain name
Example: Tullahoma
Default value is $Env:USERDNSDOMAIN
Required? false
Position? named
Default value $Env:USERDNSDOMAIN
Accept pipeline input? false
Accept wildcard characters? false-ComputerName <String>
Specifies which domain controller to use to run the script against.
ComputerName can be entered as the NetBIOS name, FQDN, localhost or IP Address.
If entered as localhost, the actual computer name is determined and used.
If entered as an IP address, an attempt is made to determine and use the actual computer name.This parameter has an alias of ServerName.
Default value is $Env:USERDNSDOMAINRequired? false
Position? named
Default value $Env:USERDNSDOMAIN
Accept pipeline input? false
Accept wildcard characters? false-Folder <String>
Specifies the optional output folder to save the output report.The folder specified must already exist.
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false-SmtpServer <String>
Specifies the optional email server to send the output report.Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false-SmtpPort <Int32>
Specifies the SMTP port.
The default is 25.Required? false
Position? named
Default value 25
Accept pipeline input? false
Accept wildcard characters? false-UseSSL [<SwitchParameter>]
Specifies whether to use SSL for the SmtpServer.
The default is False.Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false-From <String>
Specifies the username for the From email address.
If SmtpServer is used, this is a required parameter.Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false-To <String>
Specifies the username for the To email address.
If SmtpServer is used, this is a required parameter.Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false-Dev [<SwitchParameter>]
Clears errors at the beginning of the script.
Outputs all errors to a text file at the end of the script.This is used when the script developer requests more troubleshooting data.
The text file is placed in the same folder from where the script is run.This parameter is disabled by default.
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false-ScriptInfo [<SwitchParameter>]
Outputs information about the script to a text file.
The text file is placed in the same folder from where the script is run.This parameter is disabled by default.
This parameter has an alias of SI.Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false-Log [<SwitchParameter>]
Generates a log file for troubleshooting.Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).INPUTS
None. You cannot pipe objects to this script.OUTPUTS
No objects are output from this script.NOTES
NAME: Get-GPOBackupAndReports.ps1
VERSION: 1.00
AUTHOR: Carl Webster
LASTEDIT: May 1, 2018————————– EXAMPLE 1 ————————–
PS C:\PSScript >.\Get-GPOBackupAndReports.ps1
ComputerName = $Env:USERDNSDOMAIN
ADDomain = $Env:USERDNSDOMAIN
Folder = $pwd————————– EXAMPLE 2 ————————–
PS C:\PSScript >.\Get-GPOBackupAndReports.ps1 -ComputerName PDCeDC
ComputerName = PDCeDC
ADDomain = $Env:USERDNSDOMAIN
Folder = $pwd————————– EXAMPLE 3 ————————–
PS C:\PSScript >.\Get-GPOBackupAndReports.ps1 -ComputerName ChildPDCeDC -ADDomain ChildDomain.com
Assuming the script is run from the parent domain.
ComputerName = ChildPDCeDC
ADDomain = ChildDomain.com
Folder = $pwd————————– EXAMPLE 4 ————————–
PS C:\PSScript >.\Get-GPOBackupAndReports.ps1 -ComputerName ChildPDCeDC -ADDomain ChildDomain.com -Folder c:\GPOReports
Assuming the script is run from the parent domain.
ComputerName = ChildPDCeDC
ADDomain = ChildDomain.com
Folder = C:\GPOReports (C:\GPOReports must already exist)————————– EXAMPLE 5 ————————–
PS C:\PSScript >.\Get-GPOBackupAndReports.ps1 -SmtpServer mail.domain.tld -From XDAdmin@domain.tld -To ITGroup@domain.tld
The script will use the email server mail.domain.tld, sending from XDAdmin@domain.tld, sending to ITGroup@domain.tld.
The script will use the default SMTP port 25 and will not use SSL.
If the current user’s credentials are not valid to send email,
the user will be prompted to enter valid credentials.————————– EXAMPLE 6 ————————–
PS C:\PSScript >.\Get-GPOBackupAndReports.ps1 -SmtpServer smtp.office365.com -SmtpPort 587 -UseSSL -From Webster@CarlWebster.com -To ITGroup@CarlWebster.com
The script will use the email server smtp.office365.com on port 587 using SSL, sending from webster@carlwebster.com, sending to ITGroup@carlwebster.com.
If the current user’s credentials are not valid to send email,
the user will be prompted to enter valid credentials.RELATED LINKS
You can always find the most current script by going to https://www.carlwebster.com/where-to-get-copies-of-the-documentation-scripts/
Thanks
Webster
2 Responses to “Get-GPOBackupAndReports PowerShell Script V1.00”
May 22, 2018 at 7:46 am
Hi,
When I run the script in elevated session, I get the below error:
GetGpoBackupAndReports : Backup was not successful. Script will now end.
At E:\scripts\Repository\Carl-Webster\AllCurrentScriptFiles\Get-GPOBackupAndReports.ps1:765 char:1
+ GetGpoBackupAndReports
+ ~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,GetGpoBackupAndReports
How to resolve this?
June 1, 2018 at 11:11 am
I will update the script to show the list of GPOs being backed up. You probably have a bad/corrupt GPO or a GPO where the permissions are messed up.
Webster