Edit group policies

techsavy · May 27, 2019, 7:09am

I have many group policies. I want to find a setting in all my gpos and then edit the same setting in all the gpo’s using powershell.

Specifically, I have Restricted Group settings defined in multiple GPO’s.I want to find all the policies with restricted group settings defined which have the group “Account Operators” added as MemberOf and remove this group from MemberOf. If there are other groups added to the MemberOf apart from “Account Operators”, I want to leave them as it is and only remove the “Account Operators” group. So far I have something like this:

Get-GPO -All |
ForEach-Object{
[xml]$xml = $_ | Get-GPOReport -ReportType Xml
if($xml.GPO.Computer.ExtensionData.Extension.RestrictedGroups){
if($xml.GPO.Computer.ExtensionData.Extension.RestrictedGroups.MemberOf.Name.‘#text’ -like “Account”)
{

}

postanote · May 27, 2019, 6:37pm

Where are you trying to do this?

Remember that if you have many DC’s / BDC’s, this will just be set back to where it was on the normal replication schedule. So, unless you force replication, on this change, you end up in a catch 22.

Unless, you are saying you are doing this in the PDC, potentially.

Anyway, I’d suggest replacing -like ‘Account’ with -match ‘Account’, then just use the Remove-ADGroupMember cmdlet to deal with that last part.

OK, took back my later part of the response, but you specifically said you want to remove the group, hence my original response. So, you are just trying to truncate the entry from the policy / the XML file.

Use the XML cmdlets to find the node you need to hit and replace the entry string.

Removing XML Elements using PowerShell
http://jon.netdork.net/2013/01/09/removing-xml-elements-using-powershell

techsavy · May 28, 2019, 5:17am

This is not an AD group. This is a group policy setting. It would not be as simple as running the Remove-ADGroupMember command.

I think we would first need to update the xml file and remove the “Account Operators” from the memberof in the xml file and import back the xml file

to that particular gpo. However I am not sure how to do this.

techsavy · May 30, 2019, 7:10am

Anyone can help with this?

techsavy · June 3, 2019, 11:58pm

Would appreciate any assistance on the above requirement?

techsavy · June 14, 2019, 7:09am

Any ideas on this issue?

Topic		Replies	Views
GPO or Powershell to remove all source Domain members after migration PowerShell Help	3	160	October 11, 2018
Group Policy PowerShell Help	1	170	November 6, 2018
Remove OU Member from Groups PowerShell Help	0	193	December 31, 2011
Removing specific groups from AD users PowerShell Help	0	158	December 31, 2011
Remove all member of a OU from all Groups PowerShell Help	0	168	December 31, 2011

Edit group policies

Related Topics