It is time to get rid of the Group Policy clutter! For anyone that has attempted a Group Policy cleanup, you will know how daunting that clutter can be. Today, we are going to tackle the first step in that process. We are going to quickly find all unlinked GPOs in our domain and delete any that aren’t needed!
And just to make sure we don’t shoot ourselves in the foot, we are going to script a backup for every GPO that we delete. All of this with just a 6 line script!
Our Finding Unlinked GPOs with PowerShell Script
Get-GPO -All | Sort-Object displayname | Where-Object { If ( $_ | Get-GPOReport -ReportType XML | Select-String -NotMatch "<LinksTo>" ) { Backup-GPO -name $_.DisplayName -path C:\Users\Public\GPOBackups $_.DisplayName | Out-File .\UnLinkedGPOS.txt -Append $_.Displayname | remove-gpo -Confirm }}
This script relies on the Group Policy module. If you are running Windows 7 or above (and have the RSAT tools installed), you should have every cmdlet needed to run this script.
To start, we get a list of every GPO in the domain by using the Get-GPO cmdlet. We then take this list and generate a GPOReport for that GPO. By using Select-String, we can filter out GPOs without any links. Before deleting anything, we use the backup-gpo cmdlet to save a copy of our GPO to C:\Users\Public\GPOBackups.
For our records, we also use the Out-File cmdlet to generate a text file of any GPO that is unlinked. Finally, we use the remove-gpo cmdlet to delete the GPO. The -confirm switch prompts us to confirm each deletion. This gives us a chance to review the GPO before actually deleting it.
This wraps up a very short (but effective) post on Group Policy cleanup. If you have any questions, comments, or improvements – just drop a note in the comments section!
Be very careful! If the GPO links to a site instead of an OU, it will also be deleted by this script!!!
Very true Bill! I need to revise this a bit. Sorry for any issues!
not sure if the filtering isn’t accurate, this returns all my GPO’s? Is this correct “Select-String -NotMatch “<LinksTo>” )”
Copy the script once more and try it again. I had to reimport the script – the formatting engine stripped some characters out when I updated this post last night.
That’s a very nicely done and easy script. Thanks.
Thank you David! I really appreciate the feedback. I was surprised to find 83 unlinked GPOs in our environment yesterday. It is amazing what accumulates over a few months.
Can anybody beat 83?
I know this is an old thread, but I wanted to post that we have 242 unlinked GPOs!
Holy crap! That is a ton of unused GPOs!