PowerShell Code
DCDIAG Collection and Review
View-only PowerShell code for review.
<#
.SYNOPSIS
This script will unlink the specified LAPS GPO from all OUs in the parent domain.
.DESCRIPTION
This script exports the GPO report for the specified LAPS GPO, parses the XML to find all linked OUs, and then unlinks the GPO from each OU in the specified domain.
.EXAMPLE
.\Remove-LAPSGPLink.ps1
This command runs the script to remove the LAPS GPO link from all OUs in the specified domain. To use this script, you'll need to enter your domain name below.
.INPUTS
None. This script does not accept any input objects.
.OUTPUTS
None. This script does not produce any output objects.
.NOTES
This script requires the GroupPolicy module and appropriate permissions to modify GPO links in each domain. To run on other domains,
simply change the $Domain variable to the target domain name and the -Target location in Remove-GPLink at the bottom line of this script
with the targeted domain.
Examples:
-Target "DC=somedomainname,DC=net" -Domain "somedomainname.net"
-Target "DC=anotherdomainname,DC=net" -Domain "anotherdomainname.net"
-Target "DC=andonemoredomainname,DC=com" -Domain "andonemoredomainname.com"
#>
Import-Module GroupPolicy
$GPOName = "YourGPOName-LAPS" #Change this to the name of your actual GPO
$Domain = "somedomainname.net" #Change target domain for each domain this will run on.
# Export the GPO report
$xmlPath = "C:\Temp\GPOReport.xml"
Get-GPOReport -Name $GPOName -Domain $Domain -ReportType XML | Out-File $xmlPath
# Parse the XML
[xml]$gpoReport = Get-Content $xmlPath
$links = $gpoReport.GPO.LinksTo
if ($links.Count -eq 0) {
Write-Host "No links found for $GPOName in $Domain."
}
else {
foreach ($link in $links) {
$target = $link.SOMPath
Write-Host "Unlinking $GPOName from $target in $Domain..."
#Remove-GPLink -Name $GPOName -Target $target -Domain $Domain -Confirm:$false
Remove-GPLink -Name "YourGPOName-LAPS" -Target "DC=somedomainname,DC=net" -Domain "somedomainname.net" -Confirm:$false
}
}