The Microsoft Management Console (MMC) Group Policy Management Console (GPMC) snap-in is an exceptionally helpful new tool in Windows Server 2003. GPMC lets you perform most Group Policy Object (GPO)—related tasks from one interface. Even better, GPMC installs several COM objects that you can use to automate most of these tasks. In "Scripting Group Policy Objects" (October 2003, http://www.winscriptingsolutions.com, InstantDoc ID 39856), I discussed how to get started using these objects. That article, as well as the other resources I've listed in "Related Resources," page 2, can teach you the basics of how to automate policy-based tasks. With the basics under your belt, you're ready to start using GPMC's COM objects for bigger and better tasks, such as programmatically searching for GPOs, finding all the Scope of Management (SOM) objects for a GPO, and finding all the SOM objects in an Active Directory (AD) tree.
A Simple Search for All GPOs
To use the scripts in "Scripting Group Policy Objects," you must know the globally unique identifier (GUID) of the GPO to which you want to connect in AD. The parts of the GPO that AD stores have a distinguished name (DN) such as cn={myguid}, cn=policies, cn=system, dc=mydomain, dc=mycorp, dc=com, where {myguid} is the GUID. In theory, using the GUID isn't a problem because GPOs tend to change little after administrators have set them up. But what if you don't want to hard-code the GUID in the script? Or what if you want to find out which GPOs exist in AD or which GPOs are linked to a specific SOM object? In such cases, you can automate searches within GPMC. . . .
Register
