How to Backup, Import and Link GPOs using PowerShell

Ever had to import a GPO on a Windows Server Core Domain Controller without any graphical user interface like the Group Policy Management Console?

This easy step-by-step tutorial helps you to master the task of backing up, importing and linking Group Policy Objects (GPOs) using PowerShell on the command line.

List all Group Policy Objects

List all GPOs to get the exact name of the GPO you want to backup:

1
Get-GPO -All | ft DisplayName
1
2
3
4
5
DisplayName                                                                                                                                                                          
-----------                                                                                                                                                                          
Default Domain Policy                                                                                                                                                                
Default Domain Controllers Policy                                                                                                                                                    
Demo GPO v1.0

Backing up a GPO

A GPO backup can be done with a single command:

1
Backup-GPO -Name "Demo GPO v1.0" -Path "C:\_temp\gpo"
1
2
3
4
5
6
7
DisplayName     : Demo GPO v1.0
GpoId           : a88eb35e-e705-4000-ac57-9e4ea533c54c
Id              : cbd43014-95bf-472f-9f37-2f6512be9d31
BackupDirectory : C:\_temp\gpo
CreationTime    : 13.09.2018 15:10:27
DomainName      : pwsh.ch
Comment         :

Remember the backup id for further use.
The backup id is the name of the folder of the backed up GPO as you can see with the Get-ChildItem cmdlet:

1
Get-ChildItem -Path "C:\_temp\gpo"
1
2
3
Mode                LastWriteTime     Length Name                                                                                                                                    
----                -------------     ------ ----                                                                                                                                    
d----        13.09.2018     15:10            {CBD43014-95BF-472F-9F37-2F6512BE9D31}

Importing a GPO

In order to import a backed up GPO, we need to create an empty GPO first to use it as the target GPO during the import:

1
New-GPO -Name "Demo GPO v1.0 - Imported"
1
2
3
4
5
6
7
8
9
10
11
DisplayName      : Demo GPO v1.0 - Imported
DomainName       : pwsh.ch
Owner            : PWSH\Domain Admins
Id               : ab8f89b2-b991-43cf-b3d2-3b7239004715
GpoStatus        : AllSettingsEnabled
Description      : 
CreationTime     : 13.09.2018 15:51:49
ModificationTime : 13.09.2018 15:51:49
UserVersion      : AD Version: 0, SysVol Version: 0
ComputerVersion  : AD Version: 0, SysVol Version: 0
WmiFilter        :

Now we are able to import our backed up GPO. To do so, we need the backup id I’ve mentioned before and the path to where the backup is stored.

1
Import-GPO -BackupId "cbd43014-95bf-472f-9f37-2f6512be9d31" -TargetName "Demo GPO v1.0 - Imported" -Path "C:\_temp\gpo"
1
2
3
4
5
6
7
8
9
10
11
DisplayName      : Demo GPO v1.0 - Imported
DomainName       : pwsh.ch
Owner            : PWSH\Domain Admins
Id               : ab8f89b2-b991-43cf-b3d2-3b7239004715
GpoStatus        : AllSettingsEnabled
Description      : 
CreationTime     : 13.09.2018 15:51:49
ModificationTime : 13.09.2018 15:56:50
UserVersion      : AD Version: 1, SysVol Version: 1
ComputerVersion  : AD Version: 1, SysVol Version: 1
WmiFilter        :

Linking a GPO

To make the newly imported GPO effective we need to link it to an Organizational Unit (OU). We want our GPLink to be enabled, enforced and the processing order set to 1.

1
New-GPLink -Target "OU=Admin,DC=pwsh,DC=ch" -Name "Demo GPO v1.0 - Imported" -LinkEnabled Yes -Enforced Yes -Order 1
1
2
3
4
5
6
GpoId       : ab8f89b2-b991-43cf-b3d2-3b7239004715
DisplayName : Demo GPO v1.0 - Imported
Enabled     : True
Enforced    : True
Target      : OU=Admin,DC=pwsh,DC=ch
Order       : 1

Alle done! Our GPO has been exported, imported and linked to an OU.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.