PowerShell Code

DCDIAG Collection and Review

View-only PowerShell code for review.

<#
.SYNOPSIS
    This script will unlink the specified LAPS GPO from all OUs in the parent domain.
.DESCRIPTION
    This script exports the GPO report for the specified LAPS GPO, parses the XML to find all linked OUs, and then unlinks the GPO from each OU in the specified domain.
.EXAMPLE
    .\Remove-LAPSGPLink.ps1
    This command runs the script to remove the LAPS GPO link from all OUs in the specified domain. To use this script, you'll need to enter your domain name below.
.INPUTS
    None. This script does not accept any input objects.
.OUTPUTS
    None. This script does not produce any output objects.
.NOTES
    This script requires the GroupPolicy module and appropriate permissions to modify GPO links in each domain. To run on other domains, 
    simply change the $Domain variable to the target domain name and the -Target location in Remove-GPLink at the bottom line of this script 
    with the targeted domain.
    Examples:
    -Target "DC=somedomainname,DC=net" -Domain "somedomainname.net"
    -Target "DC=anotherdomainname,DC=net" -Domain "anotherdomainname.net"
    -Target "DC=andonemoredomainname,DC=com" -Domain "andonemoredomainname.com"
#>

Import-Module GroupPolicy

$GPOName = "YourGPOName-LAPS" #Change this to the name of your actual GPO
$Domain  = "somedomainname.net" #Change target domain for each domain this will run on.

# Export the GPO report
$xmlPath = "C:\Temp\GPOReport.xml"
Get-GPOReport -Name $GPOName -Domain $Domain -ReportType XML | Out-File $xmlPath

# Parse the XML
[xml]$gpoReport = Get-Content $xmlPath
$links = $gpoReport.GPO.LinksTo

if ($links.Count -eq 0) {
    Write-Host "No links found for $GPOName in $Domain."
} 
else {
    foreach ($link in $links) {
        $target = $link.SOMPath
        Write-Host "Unlinking $GPOName from $target in $Domain..."
        #Remove-GPLink -Name $GPOName -Target $target -Domain $Domain -Confirm:$false
	    Remove-GPLink -Name "YourGPOName-LAPS" -Target "DC=somedomainname,DC=net" -Domain "somedomainname.net" -Confirm:$false

    }
}