Using Powershell to generate Group Policies migration table (from GPO backup)

Hello world,

In this post, I will provide a little extra information about the Powershell script used to generate Migration table.  If you remember, we have discussed in this previous post how to generate migration table using powershell script. In this specific case, we had access to the source domain.  The script was retrieving the list of the GPOs from the current domain.

However, it can happen that you get only the GPO Backup files but no migration table.  In this case,  you can still generate a migration table by using the GPO Backup files as source  to retrieve the list of the GPO.  You can use the GPMC tool or you can user powershell and gpmmgmt com object to generate the migration table.  If you want to use a GUI interface, you can start the Migration table edito and select the option Populate from Backup  (see screenshot below)

 

Click on the picture for better resolution 

 

The Powershell Script

As mentioned earlier, you can always use the GPMC tool to generate the migration table and update it as required. In my case, I had to automate the process. We have developped a script that replicate Active Directory GPO structure between domains.  Sometimes, the migration table was there sometimes not.  Again, because there is no native cmdlet to generate migration table in Powershell V2.0 (and the GPO Module), we will have to use again the gpmgmt com object.

The script is really similar to the previous one.  We have simply to change the source from which the migration table will be generated.  In the previous script, we were connecting to the current domain.  In this version of the script, we need to specify the location of the Backup files.

Note : In order to have the script running, you will need to have the GPMC tool loaded on the machine where your will be running the script.

Here is the “modified” script that can be used to generate migration table from backup of GPOs.

Download Script

 

Download the sample script

 

Final Notes

And voila !  Using this post and the previous one, you should be able to generate via script a migration table. This is only the begin of your journey. Remember that you still need to update the migration table in order to reflect the target domain.  This can be automated if you know exactly what you need to update.  This might be the topic of another post.

I hope that this post will be useful to somebody given that when I was searching for such information few information was available.

Till next Time

See ya

References :

Leave a Reply