Translating between a GPO GUID to Names could be a challenge before PowerShell! For me, I would always rely on the GPMC Script Pack. While these scripts are still useful, PowerShell has made a Group Policy Administrator’s life much easier! How easy? One CMDLET easy! Let’s find out how…
Will SYSVOL translate a GPO GUID to NAME?
A GPO GUID, or Global Unique Identifier, is a specific ID assigned to every Group Policy Object. You can see SYSVOL contents of every GPO by browsing to: \\TEST.local\SYSVOL\TEST.local\Policies\{0A6F58A7-E2B7-46E2-8DC9-527EB1BC85F
You should see a folder like this:
Unfortunately for us, SYSVOL does not contain the common (or Display) name for our GPO. To find that, you will need to look in AD.
Will AD translate a GPO GUID to NAME?
Open up Active Directory Users and Computers (ADUC) look in the System Container. Browse to Policies and you should see the GUID for every GPO in your domain. If you don’t see System, you will need to modify ADUC. Right click on any GUID and select properties; then select the Attribute Editor Tab. Look for the displayName attribute.
That is better! We can at least see the English name. But this still isn’t ideal… you wants to click this much to get a name!
Will PowerShell translate a GPO GUID to Name?
Yes! The CMDLET name is Get-GPO and the parameter needed is -guid. It is part of the GroupPolicy module.
EX: Get-GPO -GUID “{AD7E3746-7135-496B-A1F5-B5B11871F96F}”
When you run that command, you will get the DisplayName, domain, owner, GUID, and GPO Status. Because WMI filters and the Description are stored in AD as well, you will see those additional settings. Further, Get-GPO will grab the Creation and Last Modification time. This makes Get-GPO a great candidate for Do-It-Yourself Group Policy Logging.
Now that you’ve read through 300 words to find out that one command, what do you think? I mean, what do you think about PowerShell!
Joeseph,
Just found your site…I was searching for a GPO to GUID translation and found your example.
Thank you for the post.
Rob
No problem at all! Thank you for the kind comment!
You can also check the GUID of the GPO by using the GP Object Editor and right clicking on the policy file (at the top of the tree, eg. “Default Domain Policy [DC.CONTOSO.COM] Policy”) and select properties. The Unique Name field is the GUID. Now you can use commands like Get-GPO -guid 3a768eea-cbda-4926-a82d-831cb89092aa.
Will deleting the .ADM files keep my older Windows XP workstations from getting their policy settings in any way?
Your XP clients won’t even know that you deleted them. All clients have a local copy of the administrative templates which they use.
Just be sure that any administrative machine running the GPMC is using Windows Vista or above.