Monday, July 11, 2011

Find all OU's and what GPO's are linked to them

I made a script using SED and ADFIND to find all OU's and what GPO's were linked to them:

adfind -b DC=ccs,DC=corp -f "(&(objectCategory=organizationalUnit)(gPLink=*))" cn gplink -csv -csvdelim : > gplinks.txt
adfind -b DC=ccs,DC=corp -f "(&(objectCategory=groupPolicyContainer)(cn=*))" cn displayName -nodn -csv > gpnames.txt
sed -i "s/\"//g" gpnames.txt
sed -i "s/\[LDAP:\/\/..=//g" gplinks.txt
sed -r -i "s/..=.olicies,..=.ystem,DC=ccs,DC=corp\\;.\]//g" gplinks.txt

for /f "tokens=1-2 delims=," %A IN ('type "gpnames.txt"') DO sed -i "s/%A/%B/g" "gplinks.txt"
del sed* /q


Love it :)

To expand on the above, here is a batch file that will find all empty OU's and what GPO's are linked to them:

:This script requires SED.txt and ADFIND.exe

:Goes through every OU and finds every GPO linked to it
adfind -b DC=ccs,DC=corp -f "(&(objectCategory=organizationalUnit)(gPLink=*))" cn gplink -csv -csvdelim : > gplinks.txt
:Goes through every GPO and finds it's common name
adfind -b DC=ccs,DC=corp -f "(&(objectCategory=groupPolicyContainer)(cn=*))" cn displayName -nodn -csv > gpnames.txt

:run some text clean up commands. Deletes double-quotes
sed -i "s/\"//g" gpnames.txt
:run some text clean up commands. Deletes [LDAP://
sed -i "s/\[LDAP:\/\/..=//g" gplinks.txt
:run some text clean up commands.
sed -r -i "s/..=.olicies,..=.ystem,DC=ccs,DC=corp\\;.\]//g" gplinks.txt
pause
:repalces the LDAP GUID name in gplinks.txt with the actual name
for /f "tokens=1-2 delims=," %%A IN ('type "gpnames.txt"') DO sed -i "s/%%A/%%B/g" "gplinks.txt"
sed -i "s/\"//g" gplinks.txt

:Finds all empty OU's
@Echo Off
SETLOCAL EnableDelayedExpansion

IF EXIST EmptyOUs.txt DEL /F /Q EmptyOUs.txt
SET OUQry=DSQuery OU -Name * -Limit 0
FOR /F "delims=#" %%o IN ('%OUQry%') Do (
Echo Processing: %%o
DSQuery * %%o -Limit 0 | Find "CN=" >NUL
IF ERRORLEVEL 1 Echo %%o>>EmptyOUs.txt
)
Echo.
Echo Search Complete! Check 'EmptyOUs.txt' file.
Echo.
ENDLOCAL
sed -i "s/\"//g" EmptyOUs.txt


:if gplinks OU is equal to an OU in EmptyOU then replace the OU with EMPTY:OU
for /f "tokens=1-10 delims=:" %%A IN ('type gplinks.txt') DO (
for /f "tokens=*" %%a IN ('type EmptyOUs.txt') DO (
if /I %%A equ %%a sed -i "s/%%A/EMPTY:%%A/g" gplinks.txt
)
)
del sed* /q

1 comment:

  1. Anonymous9:14 AM

    I can't get the sed commands to work in this script. they just create the temp files but don't actually merge the content.

    ReplyDelete