Janik von Rotz

1 min read

Get unlinked GPOs with PowerShell

In terms of IT compliance having valid GPOs is essential. They must be update to date and the GPO directory should be free of any unlinked GPOs. Retrieving a list of unlinked GPOs in the management console is impossible. With PowerShell it is quite easy.

Take this function for example:


function Get-UnlinkedGPOs {

    Import-Module GroupPolicy
    $Report = @() 
    $GPOs = Get-GPO -All
    $GPOs | ForEach-Object { 

        $GPO = $_

	    Write-Progress -Activity "Get GPO settings" -status "Analyze GPO: $($GPO.DisplayName)" -percentComplete ([int]([array]::IndexOf($GPOs, $GPO)/$GPOs.Count*100))
        $GPOReport = ([XML]$($GPO | Get-GPOReport -ReportType Xml)).GPO

        If(($GPOReport.LinksTo -eq $null) -or (-not ($GPOReport.LinksTo | Where-Object{$_.Enabled -eq $true}))){
            $Report += $GPO
    If ($Report.Count -eq 0) {
        Wirte-Warning "No unlinked GPOs found" 
        return $Report

Make sure the group policy PowerShell module is installed.

Once the function is available in your shell you can things like: Get-UnlinkedGPOs | Select DisplayName, GpoStatus | Sort-Object DisplayName | Format-Table

Categories: scripting
Tags: compliance , group policy , powershell , reporting
Improve this page
Show statistic for this page