Microsoft KB Archive/248392

= Scripting the addition of Group Policy links =

Article ID: 248392

Article Last Modified on 2/28/2007

-

APPLIES TO


 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server

-



This article was previously published under Q248392





SUMMARY
Administrators may need a way of automating the modification of the Group Policy objects (GPOs) that apply to a given site, domain, or organizational unit. This article contains a sample Visual Basic script that, when run on a computer that is a member of a domain, displays the list of available GPOs and allows the user to manually add a GPO link. You should consider the sample script in this article only a guide as to what can be accomplished. You should modify it to meet your specific needs.

Portions of this script rely on IADsTools, a Component Object Model (COM) object that can be used for many functions, including the one described in this article to enumerate GPOs. IADsTools is included with the Windows 2000 Support tools, which are located in the Support\Tools folder on the Microsoft Windows 2000 Professional or Server CD-ROMs. Detailed information about the function parameters for IADsTools is located in the Windows 2000 Support Tools documentation.



MORE INFORMATION
Warning A malformed Group Policy Link (GPLink) attribute can cause problems. For additional information about a related issue, click the following article number to view the article in the Microsoft Knowledge Base:

870997 Windows XP and Windows 2000 clients that share a single organizational unit stop responding or spontaneously restart

To use this script, follow these steps.
 * 1) Copy the text listed later in this article and paste it into Notepad.
 * 2) Replace "ServerName" with the name of the computer holding the primary domain controller (PDC) Flexible Single Master Operations (FSMO) role for the domain. Replace "DC=MyDomain,DC=Com" with the distinguished name (DN) of your domain in the "SET SDOU=GetObject("LDAP://ServerName/DC=MyDomain,DC=Com")" line.
 * 3) Replace "MyDomain.com" and "ServerName" with the fully qualified domain name (FQDN) of the domain and the name of the server in the "Result=DLL.GetGPOs("MyDomain.com","ServerName")" line.
 * 4) Search for the "DLL.GetDefaultNamingContext("ServerName")" string and replace "ServerName" with the name of the server used in the previous two steps.
 * 5) Save the file as Gpollink.vbs.
 * 6) At a command prompt, type cscript gpollink.vbs.

The script first enumerates the GPOs in the domain and displays those as output in the command prompt window. It then displays the site, domain, or organizational unit that is the target of the operation (that is, which Active Directory container will be modified to contain a new Group Policy link). The information in this sample script is static. A dialog box then prompts the user for the friendly name of the GPO to add a link for. If it is successful, the following message is displayed in the command prompt window:

Successfully added a link to this SDOU for the GPO (Policy Name)

Sample Script
'GPOLLINK.VBS 'Purpose: adds a Group Policy link to an existing Site, Domain, or OU 'Syntax:  (from a command prompt) CSCRIPT GPOLLINK.VBS

'NOTE: if you modify this script and pass variables to the IADSTOOLS functions, these variables 'must be typed when you pass them in. Please see "Programs -> Windows 2000 Support Tools -> Tools Help" 'for more information

'in case the gpLink attribute isn't populated, continue anyway On Error Resume Next

'the IADSTOOLS com object that ships with the Support Tools has many 'functions that make it easier to retrieve data stored in the DS

'instance the object Set DLL=CreateObject("iadstools.dcfunctions")

'bind to the Site, Domain, or OU (SDOU) that you want to manage the links on 'specify the PDC name when doing this Set SDOU=GetObject("LDAP://ServerName/dc=MyDomain,dc=com")

'call the IADSTOOLS function to enumerate the Group Policy Objects (GPOs) Result=DLL.GetGPOs("MyDomain.com","ServerName")

'if a positive number of GPOs is returned, then list them if result > 0 then 'we found gpos in the list for i=1 to result 'print them out to the display wscript.echo DLL.gponame(i) wscript.echo "    " & dll.gpoguid(i) next else 'we didn't find any - none to display wscript.echo "No GPOs were found." end if

'again, if a positive number of GPOs is returned, than we can 'offer the user the option of linking a GPO to the selected SDOU if Result > 0 then 'display the SDOU we will be modifying just in case it is incorrect before they 'make any modification wscript.echo "" wscript.echo "The SDOU you will be modifying is:" wscript.echo "    " & SDOU.adspath

'ask the user for the textual name of the existing GPO to add askGUID=inputbox("Enter the name of the GPO to add (case is not important):")

'if they hit cancel or entered nothing, exit if askGUID="" then 'do nothing else 'cycle through the GPOs we got back from IADSTOOLS and find the GPO the user 'entered for i=1 to result 'we drop both items being compared to lower case to rule out case if lcase(DLL.gponame(i))=lcase(askGUID) then 'we found a match. Determine the links that already exist, if any currentGPLIST=SDOU.get("gpLink")

'construct a new link to add to the existing links currentGPLIST=currentGPLIST & "[LDAP://CN=" & DLL.gpoguid(i) & ",CN=Policies,CN=System," & DLL.getdefaultnamingcontext("ServerName") & ";0]"

'write the new list back to the gpLink attribute on the SDOU SDOU.put "gpLink",currentGPLIST

'commit the change SDOU.SetInfo

'tell the user we completed successfully wscript.echo "" wscript.echo "Successfully added a link to this SDOU for the GPO (" & DLL.gponame(i) & ")"

'only process the first one we come to that has the correct name Exit For end if       next end if end if

