Find and Delete Unliked GPOs

Find and Delete Unliked GPOs

Cleaning up Unlinked GPOs using PowerShell

Unlinked GPO's, otherwise called orphaned GPOs are not linked to any Active Directory sites, domains, or organizational units (OUs). To minimize management overhead, these unlinked GPO's should be deleted as they take up considerable space in the Domain Controllers due to replication. Besides this, a cluttered AD environment is difficult to maintain and leads to administrative confusion.
 
Fortunately, administrators can use PowerShell scripts to spot and delete unlinked GPO's easily. The following script will do the trick.

 

  1. Import-Module GroupPolicy
  2. $backupPath="C:\Users\jeffrl-p\Desktop\Backup_GPO"

  4. if (-Not(Test-Path -Path $backupPath)) { mkdir $backupPath }

  6. Get-GPO -All | Sort-Object displayname | Where-Object { If ( $_ | Get-GPOReport -ReportType XML | Select-String -NotMatch "<LinksTo>" )     

  8. {
  9.    $backupReportPath = $backupPath + "" + $_.DisplayName + ".html"
  10.    Backup-GPO -Name $_.DisplayName -Path $backupPath
  11.    Get-GPOReport -Name $_.DisplayName -ReportType Html -Path $backupReportPath
  12.    $_.DisplayName | Out-File $backupPath + "UnLinked_GPO_List.txt" -Append
  13.    $_.Displayname | remove-gpo -Confirm
  14.    }
  15. }

    • Related Articles

    • PowerShell: Find and Delete Empty Groups in Active Directory

      Cleanup Empty AD Groups with PowerShell Administrators turn to groups to grant a set of users permissions and access rights to resources. However, once the work is done and the resources are no longer needed, the users are removed from the group, ...

    • How to Find and Delete Inactive User Accounts in Windows Active Directory

      Finding and Deleting Obselete User Accounts Stale user accounts in Active Directory are a significant security risk since they could be used by an attacker or a former employee to wreak havoc in your Windows environment. In addition to the security ...

    • How to Update GPOs on Remote Computers

      Updating GPOs On Remote Computers Group Policy Objects can be added or modified by the administrator according to the requirements of the organization. Generally, the time taken for a new Group Policy Object (GPO) to be applied is between 90 and 120 ...

    • How to Backup and Restore Group Policy Objects (GPOs)

      Backing Up and Restoring Group Policy Objects GPO's are crucial in maintaining an organization's security outlook. Therefore, it is pivotal to take backups of the GPOs to mitigate any negative effects caused by accidental deletion or modification. ...

    • A Step-by-Step Guide to delete files and folders using PowerShell

      Introduction PowerShell is a versatile scripting language and command-line interface used extensively for automating administrative tasks in Windows. Deleting files and folders is a common task that can be accomplished efficiently using PowerShell. ...