UMRA – Get GPO’s on OU’s

6:22 PM / Comments (0) / by Tech Admin

If you haven’t already download the free trail version of User Management Resource Administrator here > Download

If you want to learn the basics on how to connect to UMRA with its COM object, please see my original post on “Basics of UMRA COM”.


UMRA – Get GPO’s on OU’s

Just recently I was tasked with creating a client a web portal that helped delegate out Active Directory tasks, to over 19 different schools. Each school will have 4 different Roll Bases Access Types, and 2 more additional groups that were considered “Super Users”. In total, this UMRA based web portal was no easy task, and would be quite difficult if we didn’t utilize the power of UMRA’s ability to get data from Active Directory and process it rather quickly. However, with UMRA I was able to gather critical Active Directory information needed to get me the information on the users account quickly, and accuratly everytime. The only major part of this web portal that was very tricky and hard to do was Getting GPO’s that were on selected OU’s. This sounds like an easy task, however it’s not, it required 3-4 linked UMRA projects, and 1 VB Script. I thought this below script was very powerful, and worked great with UMRA’s ability to get data from Active Directory quickly. There are multiple ways that you can get something like this to work, even a fully UMRA scripted way, that I was able to get working after I found the below VBScript online.


UMRA – Get GPO's On OU Tips

When creating a solution like this there are few tips and tricks that will help you along the way. First when obtaining all the Group Policies on a specific OU, you will need to put these GPO's into a UMRA Datatable. Form this table, you will loop through, and add the GPO ID's to an additional table. Here is the trick, this table will have just the Long ID's of the GPO's and not the names, so you will need to do a 2nd loop, to loop through the GPO's ID's and get the Names of the GPO's, Here is an example of what the tables look like when you run your loops. This should give you a better idea of how to create such a script.

Table 1 - OU's
testplace.local/myou/secondlvelou
>This table will pass each record to a second UMRA script that will now get all the GPO ID's for the passed in OU.

Table 2 - GPO ID's
{31B2F340-016D-11D2-945F-00C04FB984F9}
>This table will take the table of GPO ID's and send them to a third UMRA project that will get the name for the associated GPO ID that was passed.

Table 3 - GPO ID's Names
Laptop Security Room 105
>This table will be your finished tabled, it will contain a complete list of GPO's by name, that were on the OU passed in. You can now display this table in a UMRA - Delegation Form or Display it out with UMRA - Automation COM Object on a webpage.

Below is the VB Script that does a bulk of the work if you use the VB Script method, please feel free to use this script…I found it very handy.

VBSCRIPT:

On Error Resume Next

Set objContainer = GetObject
_
("LDPA://YOU OU DN")

strGpLink =
objContainer.Get("gPLink")
intGpOptions =
objContainer.Get("gPOptions")

If strGpLink <> " "
Then
arrGpLinkItems =
Split(strGpLink,"]")
For i = UBound(arrGPLinkItems) to
LBound(arrGpLinkItems) + 1 Step -1

arrGPLink =
Split(arrGpLinkItems(i-1),";")

strDNGPLink = Mid(arrGPLink(0),9)

Response.write GetGPOName
Select
Case arrGPLink(1)
Case
0

Response.write "No Override is cleared and the GPO is
enabled."
Case
1

Response.write "No Override is cleared and the GPO is
disabled."
Case
2

Response.write "No Override is checked and the GPO is
enabled."
Case
3

Response.write "No Override is checked and the GPO is
disabled."
End Select

Next
Response.write VbCrLf
End If

If
intGpOptions = 1 Then
Response.write "Block Policy
Inheritance is checked."
Else
Response.write "Block
Policy Inheritance is not checked."
End If

Function
GetGPOName
Set objConnection =
CreateObject("ADODB.Connection")
objConnection.Open
"Provider=ADsDSOObject;"

Set
objCommand = CreateObject("ADODB.Command")

objCommand.ActiveConnection = objConnection


objCommand.CommandText = _

";;" &
_

"distinguishedName,displayName;onelevel"
Set objRecordSet
= objCommand.Execute

Do Until
objRecordSet.EOF
If
objRecordSet.Fields("distinguishedName") = strDNGPLink
Then

GetGPOName =
objRecordSet.Fields("displayName")

objConnection.Close

Exit Function
End
If
objRecordSet.MoveNext

Loop
objConnection.Close
End Function

Posted in:

Submit Article :- BlinkList + Blogmarks + Digg + Del.icio.us + Ekstreme Socializer + Feedmarker + Furl + Google Bookmarks + ma.gnolia + Netvouz + RawSugar + Reddit + Scuttle + Shadows + Simpy + Spurl + Technorati + Unalog + Wink

This entry was posted on 6:22 PM and is filed under . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

0 comments:

Post a Comment

 
-->