Powershell : List all GPO's modified in the last x days

byartic6 -
0

This is a script that will query all the group policy objects that have been modified in the last number of days to see which ones are being worked on and which ones are not, usually in a corporate environment you will get legacy group policy's that have not been touched in weeks or months.

I recent blogged about leaning up unlinked GPOs that are not linked, and this idea came about as sometimes people will work on GPO's linked to a OU and the development stops but the GPO remains active on a linked OU usually something like "Test" or "Testing" - this logic can then be built into other scripts.

# Import the Group Policy module
Import-Module GroupPolicy

# Get the current date and time
$currentDate = Get-Date

# Calculate the date 7 days ago
$lastWeekDate = $currentDate.AddDays(-7)

# Get all GPOs in the domain
$allGPOs = Get-GPO -All

# Filter GPOs modified in the last 7 days
$modifiedGPOs = $allGPOs | Where-Object { $_.ModificationTime -ge $lastWeekDate }

# Output the list of modified GPOs
$modifiedGPOs | Select-Object DisplayName, ModificationTime

This is what it looks like when you run it with the 7 day default which you can change as required:


Output to CSV

If you would rather have this exported as a CSV file then you can add this section to the last line of the script:

| Export-Csv -Path "ModifiedGPOs.csv" -NoTypeInformation

That should look like this:

$modifiedGPOs | Select-Object DisplayName, ModificationTime | Export-Csv -Path "ModifiedGPOs.csv" -NoTypeInformation

Export Modified GPO to Text file

If you would like the modified GPOs outputted to a text file:

# Import the Group Policy module
Import-Module GroupPolicy

# Get the current date and time
$currentDate = Get-Date

# Calculate the date 7 days ago
$lastWeekDate = $currentDate.AddDays(-2)

# Get all GPOs in the domain
$allGPOs = Get-GPO -All

# Filter GPOs modified in the last 7 days
$modifiedGPOs = $allGPOs | Where-Object { $_.ModificationTime -ge $lastWeekDate }

# Output the list of modified GPOs
$results = $modifiedGPOs | Select-Object DisplayName, ModificationTime

# Specify the path for the output text file
$outputFile = "<file_path>\CheckModifiedGPOs.txt"

# Export the results to the text file
$results | Out-File -FilePath $outputFile

Tags

You may like these posts

Previous Post Next Post

نموذج الاتصال