PSGumshoe

2.0.4

DirectoryService/Get-DSGpo.ps1

                                <#

.Synopsis

   Get GPO objects.

.DESCRIPTION

   Get all GPO objects or those that match the specified properties.

.EXAMPLE

   PS C:\> Get-DSGpo -ModifiedAfter (Get-Date).AddMonths(-1)

   Find all GPO Objects mofied in the last 30 days. 

.EXAMPLE

   PS C:\> Get-DSGpo -ModifiedAfter (Get-Date).AddMonths(-1) -UserExtension "*35378EAC-683F-11D2-A89A-00C04FBBCFA2*"

   Find GPOs with the specified User Extension GUID.

#>

function Get-DSGpo

{

    [CmdletBinding()]

    Param

    (

         # Domain controller.

        [Parameter(ParameterSetName = 'Remote',

                   Mandatory = $true)]

        [string]

        $ComputerName,

        # Credentials to use connection.

        [Parameter(ParameterSetName = 'Remote',

                   Mandatory = $true)]

        [Parameter(ParameterSetName = 'Alternate',

                   Mandatory = $true)]

        [Management.Automation.PSCredential]

        [Management.Automation.CredentialAttribute()]

        $Credential = [Management.Automation.PSCredential]::Empty,

        [Parameter(Mandatory=$false,

        HelpMessage="Maximum number of Objects to pull from AD, limit is 1,000 .")]

        [int]$Limit = 1000,

        [Parameter(Mandatory=$false)]

        [string]

        $searchRoot,

        [Parameter(Mandatory=$false)]

        [int]

        $PageSize = 100,

        [Parameter(Mandatory=$false,

                   HelpMessage="scope of a search as either a base, one-level, or subtree search, default is subtree.")]

        [ValidateSet("Subtree","OneLevel","Base")]

        [string]

        $SearchScope = "Subtree",

        [Parameter(Mandatory=$false,

                   HelpMessage="Specifies the available options for examining security information of a directory object")]

        [ValidateSet("None","Dacl","Group","Owner","Sacl")]

        [string[]]

        $SecurityMask = "None",

        [Parameter(Mandatory=$false,

                   HelpMessage="Date to search for GPO mofied on or after this date.")]

        [datetime]

        $ModifiedAfter,

        [Parameter(Mandatory=$false,

                   HelpMessage="Date to search for GPO mofied on or before this date.")]

        [datetime]

        $ModifiedBefore,

        [Parameter(Mandatory=$false,

                   HelpMessage="Date to search for GPO created on or after this date.")]

        [datetime]

        $CreatedAfter,

        [Parameter(Mandatory=$false,

                   HelpMessage="Date to search for GPO created on or after this date.")]

        [datetime]

        $CreatedBefore,

        [Parameter(Mandatory=$false,

                   HelpMessage="Name of GPO to match search on.")]

        [ValidateNotNullOrEmpty()]

        [SupportsWildcards()]

        [string]

        $Name,

        [Parameter(Mandatory=$false,

                   HelpMessage="Display name of the GPO to match search on.")]

        [ValidateNotNullOrEmpty()]

        [SupportsWildcards()]

        [string]

        $DisplayName,

        # User extension GUIDs to filter on."

        [Parameter(Mandatory=$false)]

        [string[]]

        $UserExtension,

        # Machine extension GUIDs to filter on."

        [Parameter(Mandatory=$false)]

        [string[]]

        $MachineExtension

    )

    Begin

    {

        $gpoFilter = '(objectClass=groupPolicyContainer)'

        $TempFilter = ""

        # Filter for modification time

        if ($ModifiedAfter -and $ModifiedBefore)

        {

            $TempFilter = "$($TempFilter)(whenChanged>=$($ModifiedAfter.ToString('yyyyMMddhhmmss.sZ')))(whenChanged<=$($ModifiedBefore.ToString('yyyyMMddhhmmss.sZ')))"

        }

        elseif ($ModifiedAfter)

        {

            $TempFilter = "$($TempFilter)(whenChanged>=$($ModifiedAfter.ToString('yyyyMMddhhmmss.sZ')))"

        }

        elseif ($ModifiedBefore)

        {

            $TempFilter = "$($TempFilter)(whenChanged<=$($ModifiedBefore.ToString('yyyyMMddhhmmss.sZ')))"

        }

        # Fileter for creation time

        if ($CreatedAfter -and $CreatedBefore)

        {

            $TempFilter = "$($TempFilter)(whencreated>=$($CreatedAfter.ToString('yyyyMMddhhmmss.sZ')))(whencreated<=$($CreatedBefore.ToString('yyyyMMddhhmmss.sZ')))"

        }

        elseif ($CreatedAfter)

        {

            $TempFilter = "$($TempFilter)(whencreated>=$($CreatedAfter.ToString('yyyyMMddhhmmss.sZ')))"

        }

        elseif ($CreatedBefore)

        {

            $TempFilter = "$($TempFilter)(whencreated<=$($CreatedBefore.ToString('yyyyMMddhhmmss.sZ')))"

        }

        if ($Name)

        {

            $TempFilter = "$($TempFilter)(name=$($Name))"

        }

        if ($DisplayName)

        {

            $TempFilter = "$($TempFilter)(displayname=$($DisplayName))"

        }

        # Filter on User Extension GUID.

        if ($UserExtension) {

            $initialFilter = ''

            foreach ($uext in $UserExtension) {

                $initialFilter += "(gpcuserextensionnames=*$($uext)*)"

            }

            $TempFilter += "(|$($initialFilter))"

        }

        # Filter on Machine Extension Filter.

        if ($MachineExtension) {

            $initialFilter = ''

            foreach ($uext in $MachineExtension) {

                $initialFilter += "(gpcmachineextensionnames=*$($uext)*)"

            }

            $TempFilter += "(|$($initialFilter))"

        }

        $GpoGuidRef = @{

            '{b05566ac-fe9c-4368-be01-7a4cbb6cba11}' = 'WindowsFirewall'

            '{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}' = 'Wireless Group Policy'

            '{16be69fa-4209-4250-88cb-716cf41954e0}' = 'Central Access Policy Configuration'

            '{346193F5-F2FD-4DBD-860C-B88843475FD3}' = 'ConfigMgr User State Management Extension'

            '{426031c0-0b47-4852-b0ca-ac3d37bfcb39}' = 'QoS Packet Scheduler'

            '{4bcd6cde-777b-48b6-9804-43568e23545d}' = 'Remote Desktop USB Redirection'

            '{4d968b55-cac2-4ff5-983f-0a54603781a3}' = 'Work Folders'

            '{728EE579-943C-4519-9EF7-AB56765798ED}' = 'Group Policy Data Sources'

            '{7933F41E-56F8-41d6-A31C-4148A711EE93}' = 'Windows Search Group Policy Extension'

            '{BA649533-0AAC-4E04-B9BC-4DBAE0325B12}' = 'Windows To Go Startup Options'

            '{C34B2751-1CF4-44F5-9262-C3FC39666591}' = 'Windows To Go Hibernate Options'

            '{c6dc5466-785a-11d2-84d0-00c04fb169f7}' = 'Software Installation (appmgmts.dll)'

            '{e437bc1c-aa7d-11d2-a382-00c04f991e27}' = 'IP Security'

            '{fbf687e6-f063-4d9f-9f4f-fd9a26acdd5f}' = 'CP (gptext.dll)'

            '{D76B9641-3288-4f75-942D-087DE603E3EA}' = 'AdmPwd (LAPS)'

            '{40B6664F-4972-11D1-A7CA-0000F87571E3}' = 'Scripts (Startup/Shutdown)'

            '{00000000-0000-0000-0000-000000000000}' = 'Core GPO Engine'

            '{0E28E245-9368-4853-AD84-6DA3BA35BB75}' = 'Preference CSE GUID Environment Variables'

            '{0F6B957D-509E-11D1-A7CC-0000F87571E3}' = 'Tool Extension GUID (Computer Policy Settings)'

            '{0F6B957E-509E-11D1-A7CC-0000F87571E3}' = 'Tool Extension GUID (User Policy Settings) Restrict Run'

            '{1612b55c-243c-48dd-a449-ffc097b19776}' = 'Preference Tool CSE GUID Data Sources'

            '{17D89FEC-5C44-4972-B12D-241CAEF74509}' = 'Preference CSE GUID Local users and groups'

            '{1A6364EB-776B-4120-ADE1-B63A406A76B5}' = 'Preference CSE GUID Devices'

            '{1b767e9a-7be4-4d35-85c1-2e174a7ba951}' = 'Preference Tool CSE GUID Devices'

            '{25537BA6-77A8-11D2-9B6C-0000F8080861}' = 'Folder Redirection'

            '{2EA1A81B-48E5-45E9-8BB7-A6E3AC170006}' = 'Preference Tool CSE GUID Drives'

            '{3060E8CE-7020-11D2-842D-00C04FA372D4}' = 'Remote Installation Services'

            '{35141B6B-498A-4CC7-AD59-CEF93D89B2CE}' = 'Preference Tool CSE GUID Environment Variables'

            '{35378EAC-683F-11D2-A89A-00C04FBBCFA2}' = 'Registry Settings'

            '{3610EDA5-77EF-11D2-8DC5-00C04FA31A66}' = 'Microsoft Disk Quota'

            '{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}' = 'Preference CSE GUID Network Options'

            '{3BAE7E51-E3F4-41D0-853D-9BB9FD47605F}' = 'Preference Tool CSE GUID Files'

            '{3BFAE46A-7F3A-467B-8CEA-6AA34DC71F53}' = 'Preference Tool CSE GUID Folder Options'

            '{3EC4E9D3-714D-471F-88DC-4DD4471AAB47}' = 'Preference Tool CSE GUID Folders'

            '{40B66650-4972-11D1-A7CA-0000F87571E3}' = 'Scripts (Logon/Logoff) Run Restriction'

            '{42B5FAAE-6536-11d2-AE5A-0000F87571E3}' = 'ProcessScriptsGroupPolicy'

            '{47BA4403-1AA0-47F6-BDC5-298F96D1C2E3}' = 'Print Policy in PolicyMaker'

            '{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}' = 'Internet Explorer Zonemapping'

            '{516FC620-5D34-4B08-8165-6A06B623EDEB}' = 'Preference Tool CSE GUID Ini Files'

            '{53D6AB1D-2488-11D1-A28C-00C04FB94F17}' = 'Certificates Run Restriction'

            '{5794DAFD-BE60-433f-88A2-1A31939AC01F}' = 'Preference CSE GUID Drives'

            '{5C935941-A954-4F7C-B507-885941ECE5C4}' = 'Preference Tool CSE GUID Internet Settings'

            '{6232C319-91AC-4931-9385-E70C2B099F0E}' = 'Preference CSE GUID Folders'

            '{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}' = 'Preference CSE GUID Network Shares'

            '{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}' = 'Preference CSE GUID Files'

            '{74EE6C03-5363-4554-B161-627540339CAB}' = 'Preference CSE GUID Ini Files'

            '{79F92669-4224-476c-9C5C-6EFB4D87DF4A}' = 'Preference Tool CSE GUID Local users and groups'

            '{7B849a69-220F-451E-B3FE-2CB811AF94AE}' = 'Internet Explorer User Accelerators/PolicyMaker'

            '{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}' = 'Computer Restricted Groups'

            '{827D319E-6EAC-11D2-A4EA-00C04F79F83A}' = 'Security'

            '{88E729D6-BDC1-11D1-BD2A-00C04FB9603F}' = 'Folder Redirection'

            '{8A28E2C5-8D06-49A4-A08C-632DAA493E17}' = 'Deployed Printer Connections'

            '{91FBB303-0CD5-4055-BF42-E512A681B325}' = 'Preference CSE GUID Services'

            '{942A8E4F-A261-11D1-A760-00C04FB9603F}' = 'Software Installation (Computers)'

            '{949FB894-E883-42C6-88C1-29169720E8CA}' = 'Preference Tool CSE GUID Network Options'

            '{9AD2BAFE-63B4-4883-A08C-C3C6196BCAFD}' = 'Preference Tool CSE GUID Power Options'

            '{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}' = 'Internet Explorer Maintenance policy processing'

            '{A3F3E39B-5D83-4940-B954-28315B82F0A8}' = 'Preference CSE GUID Folder Options'

            '{A8C42CEA-CDB8-4388-97F4-5831F933DA84}' = 'Preference Tool CSE GUID Printers'

            '{AADCED64-746C-4633-A97C-D61349046527}' = 'Preference CSE GUID Scheduled Tasks'

            '{B087BE9D-ED37-454f-AF9C-04291E351182}' = 'Preference CSE GUID Registry'

            '{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}' = 'EFS Recovery'

            '{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}' = '802.3 Group Policy'

            '{B9CCA4DE-E2B9-4CBD-BF7D-11B6EBFBDDF7}' = 'Preference Tool CSE GUID Regional Options'

            '{BACF5C8A-A3C7-11D1-A760-00C04FB9603F}' = 'Software Installation (Users) Run Restriction'

            '{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}' = 'Preference CSE GUID Printers'

            '{BEE07A6A-EC9F-4659-B8C9-0B1937907C83}' = 'Preference Tool CSE GUID Registry'

            '{BFCBBEB0-9DF4-4c0c-A728-434EA66A0373}' = 'Preference Tool CSE GUID Network Shares'

            '{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}' = 'Preference CSE GUID Shortcuts'

            '{C631DF4C-088F-4156-B058-4375F0853CD8}' = 'Microsoft Offline Files'

            '{CAB54552-DEEA-4691-817E-ED4A4D1AFC72}' = 'Preference Tool CSE GUID Scheduled Tasks'

            '{CC5746A9-9B74-4be5-AE2E-64379C86E0E4}' = 'Preference Tool CSE GUID Services'

            '{cdeafc3d-948d-49dd-ab12-e578ba4af7aa}' = 'TCPIP'

            '{CEFFA6E2-E3BD-421B-852C-6F6A79A59BC1}' = 'Preference Tool CSE GUID Shortcuts'

            '{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}' = 'Internet Explorer Machine Accelerators'

            '{CF848D48-888D-4F45-B530-6A201E62A605}' = 'Preference Tool CSE GUID Start Menu'

            '{D02B1F72-3407-48AE-BA88-E8213C6761F1}' = 'Tool Extension GUID (Computer Policy Settings)'

            '{D02B1F73-3407-48AE-BA88-E8213C6761F1}' = 'Tool Extension GUID (User Policy Settings)'

            '{E47248BA-94CC-49C4-BBB5-9EB7F05183D0}' = 'Preference CSE GUID Internet Settings'

            '{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}' = 'Preference CSE GUID Start Menu'

            '{E5094040-C46C-4115-B030-04FB2E545B00}' = 'Preference CSE GUID Regional Options'

            '{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}' = 'Preference CSE GUID Power Options'

            '{F0DB2806-FD46-45B7-81BD-AA3744B32765}' = 'Policy Maker'

            '{F17E8B5B-78F2-49A6-8933-7B767EDA5B41}' = 'Policy Maker'

            '{F27A6DA8-D22B-4179-A042-3D715F9E75B5}' = 'Policy Maker'

            '{f3ccc681-b74c-4060-9f26-cd84525dca2a}' = 'Audit Policy Configuration'

            '{F581DAE7-8064-444A-AEB3-1875662A61CE}' = 'Policy Maker'

            '{F648C781-42C9-4ED4-BB24-AEB8853701D0}' = 'Policy Maker'

            '{F6E72D5A-6ED3-43D9-9710-4440455F6934}' = 'Policy Maker'

            '{F9C77450-3A41-477E-9310-9ACD617BD9E3}' = 'Group Policy Applications'

            '{FB2CA36D-0B40-4307-821B-A13B252DE56C}' = 'Enterprise QoS'

            '{FC715823-C5FB-11D1-9EEF-00A0C90347FF}' = 'Internet Explorer Maintenance Extension protocol'

            '{FD2D917B-6519-4BF7-8403-456C0C64312F}' = 'Policy Maker'

            '{FFC64763-70D2-45BC-8DEE-7ACAF1BA7F89}' = 'Policy Maker'

            '{53D6AB1B-2488-11D1-A28C-00C04FB94F17}' = 'EFS Policy'

            '{0F3F3735-573D-9804-99E4-AB2A69BA5FD4}' = 'Computer Policy Setting'

        }

        $gpoFilter = "(&$($gpoFilter)$($TempFilter))"

    }

    Process

    {

        write-verbose -message "Executing search with filter $gpoFilter"

        switch ($PSCmdlet.ParameterSetName) {

            'Remote' { 

                if ($searchRoot) {

                    $objSearcher = Get-DSDirectorySearcher -ComputerName $ComputerName -SearchRoot $searchRoot -Credential $Credential -Filter $gpoFilter

                } else {

                    $objSearcher = Get-DSDirectorySearcher -ComputerName $ComputerName -Credential $Credential -Filter $gpoFilter

                }

             }

            'Alternate' {

                $objSearcher = Get-DSDirectorySearcher -Credential $Credential -Filter $gpoFilter

            }

            'Current' {

                $objSearcher = Get-DSDirectorySearcher -Filter $gpoFilter

            }

            Default {}

        }

        $objSearcher.SizeLimit = $Limit

        $objSearcher.PageSize = $PageSize

        $objSearcher.SearchScope = $SearchScope

        $objSearcher.SecurityMasks = [System.DirectoryServices.SecurityMasks]$SecurityMask

        $objSearcher.findall() | ForEach-Object -Process {

            $objProps = [ordered]@{}

            foreach ($prop in ($_.Properties.PropertyNames | Sort-Object))

            {

                if ($prop -eq 'objectguid') {

                    $objProps['Guid'] = [guid]$_.properties."$($prop)"[0]

                } else {

                    $objProps[$prop] = $_.properties."$($prop)"[0]

                }

            }

            $gpopObj = [PSCustomObject]$objProps

            $gpopObj

        }

    }

    End

    {

    }

}