Export and import (GPO)

Export and import (GPO)

2 September 2021 0 By Rached Chader

Thank you for reading this post, don't forget to subscribe!

Contenus masquer
1 GPMC
1.1 Backup
1.2 Restore
1.3 Import
2 PowerShell
3 Bonus

There are two ways to export and import GPOs: you can use the Group Policy Management Console (GPMC) or you can use PowerShell.

GPMC

Backup

  • Open GPMC
  • Go to the Group Policy Object container
  • Right click on the GPO in question and select Save.
  • Follow the dialogs that appear and save the GPO wherever you want on the computer.

Note that you need to go down to the Group Policy Object container. Right-clicking on the links to GPOs from any organizational unit will not give you the correct menu.

The folder where you save the GPOs contains subfolders that contain the GPO files and settings. Subfolders are named after GUIDs that uniquely identify the instance of the backup.

If you make another backup of the same GPO in the same folder, the created subfolder will have a different GUID. In these subfolders, you can double-click a file called bkupInfo.xml to see the details of the GPO that was backed up.

Restore

Open GPMC

  • Right click on the Group Policy Object container and select Manage Backups.
  • In the dialog box that appears, set the path to the folder containing the backed up GPOs, and then select the GPO you want to restore.

Note that you can only restore GPOs to the same domain from  which they were backed up, no domain with the same name, but the same domain .

Import

To work around this problem, you can  import  GPOs. To do this, go down to the Group Policy Object container:

  • Create a new GPO
  • Right click on the GPO and select Import Configurations.
  • Follow the dialog box that appears to indicate the path of the folder containing your saved GPOs
  • Select the desired GPO and import.

The difference between import and restore is that the former does not preserve security settings and does not restore GPO links.

PowerShell

  • You need to import the Group Policy module
Import-Module grouppolicy
  • To display the list of GPOs type the following command:
get-gpo -all | fl DisplayName,Id,GpoStatus
  • Results
PS C:\Users\Administrateur> get-gpo -all | fl DisplayName,Id,GpoStatus


DisplayName : Default Domain Policy
Id          : 31b2f340-016d-11d2-945f-00c04fb984f9
GpoStatus   : AllSettingsEnabled

DisplayName : Default Domain Controllers Policy
Id          : 6ac1786c-016f-11d2-945f-00c04fb984f9
GpoStatus   : AllSettingsEnabled

DisplayName : MapNetworkDrive
Id          : aec1e92a-c377-4570-932f-25899eb8c340
GpoStatus   : AllSettingsEnabled

DisplayName : Printers
Id          : a66076f2-966e-4556-af94-b09f2363348f
GpoStatus   : AllSettingsEnabled
  • To back up a GPO type the following command:
Backup-GPO -Name "Default Domain Policy" -Path C:\Users\Administrateur\Desktop\chader
  • Results
PS C:\Users\Administrateur> Backup-GPO -Name "Default Domain Policy" -Path C:\Users\Administrateur\Desktop\chader


DisplayName     : Default Domain Policy
GpoId           : 31b2f340-016d-11d2-945f-00c04fb984f9
Id              : 6db54c5e-3f15-4585-9fe2-c82c0bfe1094
BackupDirectory : C:\Users\Administrateur\Desktop\chader
CreationTime    : 02/09/2021 10:15:56
DomainName      : CHADER.COM
Comment         :
  • To restore a GPO type the following command:
Restore-GPO -Name "Default Domain Policy" -Path C:\Users\Administrateur\Desktop\chader
  • Results
PS C:\Users\Administrateur> Restore-GPO -Name "Default Domain Policy" -Path C:\Users\Administrateur\Desktop\chader


DisplayName      : Default Domain Policy
DomainName       : CHADER.COM
Owner            : CHADER\Admins du domaine
Id               : 31b2f340-016d-11d2-945f-00c04fb984f9
GpoStatus        : AllSettingsEnabled
Description      : 
CreationTime     : 30/08/2021 10:41:36
ModificationTime : 01/09/2021 11:17:09
UserVersion      : Version AD : 2, Version SysVol : 2
ComputerVersion  : Version AD : 5, Version SysVol : 5
WmiFilter        :
  • To import a GPO, first create a GPO with the following command:
New-GPO "Template"
  • Results
PS C:\Users\Administrateur> New-GPO "Template"


DisplayName      : Template
DomainName       : CHADER.COM
Owner            : CHADER\Admins du domaine
Id               : 122c3a8f-ed29-4759-9e2c-c8077f8cc15d
GpoStatus        : AllSettingsEnabled
Description      : 
CreationTime     : 02/09/2021 10:21:28
ModificationTime : 02/09/2021 10:21:28
UserVersion      : Version AD : 0, Version SysVol : 0
ComputerVersion  : Version AD : 0, Version SysVol : 0
WmiFilter        :
  • Once the GPO is created, Import a GPO with the following command:
Import-GPO -BackupGpoName "default Domain Policy" -TargetName "Template" -Path C:\Users\Administrateur\Desktop\chader
  • Results
PS C:\Users\Administrateur> Import-GPO -BackupGpoName "default Domain Policy" -TargetName "template" -Path C:\Users\Administrateur\Desktop\chader


DisplayName      : Template
DomainName       : CHADER.COM
Owner            : CHADER\Admins du domaine
Id               : 122c3a8f-ed29-4759-9e2c-c8077f8cc15d
GpoStatus        : AllSettingsEnabled
Description      : 
CreationTime     : 02/09/2021 10:21:28
ModificationTime : 02/09/2021 10:26:04
UserVersion      : Version AD : 1, Version SysVol : 1
ComputerVersion  : Version AD : 1, Version SysVol : 1
WmiFilter        :
  • To delete a GPO type the following command:
remove-GPO "template"

Bonus

I give you a little bonus, generally during a domain controller migration with a change of drill bit, we want to recover the GPOs present on the source domain without creating them again, unfortunately the ADMT tool does not allow this to be done.

I am using the following script which mirrors the combination of the commands seen above in a loop, it will allow you to:

  • Back up all GPOs on the source domain
  • Export the full list of source domain GPOs
  • Creates Group Policy Objects from CSV
  • Import settings from GPOs

Note:

The copy of GPOs / CSV files will have to be done manually from the source domain to the destination domain.

# Source Domain Controller
# grouppolicy Module
Import-Module grouppolicy

# Backup all GPO 
Backup-GPO -All -Path C:\Users\Administrateur\Desktop\chader

# Export all GPO to CSV 
$ListGPO = Get-GPO -all | Select-Object DisplayName 
$ListGPO | Export-Csv -Path C:\Users\Administrateur\Desktop\chader\ListGPO.csv -NoTypeInformation -Encoding UTF8
# You can edit the CSV before Create / Import

# Target Domain Controller
# Create Gpo in new Domain Controller
$BGNS = Import-Csv -Path "C:\Users\Administrateur\Desktop\chader\ListGPO.csv" -encoding UTF8
foreach ($BGN in $BGNS)            
{            
	$GPO = $BGN.DisplayName
    New-GPO "$GPO"          
}

# Import Gpo in new Domain Controller
$BG = "C:\Users\Administrateur\Desktop\chader"
$BGNS = Import-Csv -Path "C:\Users\Administrateur\Desktop\chader\ListGPO.csv" -encoding UTF8
foreach ($BGN in $BGNS)            
{            
	$GPO = $BGN.DisplayName
    Import-GPO -BackupGpoName "$GPO" -TargetName "$GPO" -Path "$BG"
}

Views: 14017

CategoryActive Directory Group Policy Objects PowerShell Scriptings Windows 2008 Windows 2012 Windows 2016 Windows 2019 Windows servers
TagsActive Directory PowerShell System administration Windows servers

Leave a Reply

Your email address will not be published. Required fields are marked *