14

I'm monitoring ad logs, when someone modify an AD Object, I could see a log, but only the GUID of that Group Policy was provided in the line.

So given an GUID of a Group Policy, is it possible to get the name that was displayed in gpmc.msc? (I mean to use LDAP protocol to get that)

daisy
  • 747
  • 4
  • 14
  • 30

5 Answers5

18

You can use PowerShell's Get-GPO cmdlet for this. It contains a -GUID switch, which is what you want to use here. You also need to have the AD Commandline Tools from RSAT installed so that you have access to the Group Policy module. If you use the AD module, you have this installed already.

The example in the linked article is:

Import-Module GroupPolicy
Get-GPO -Guid 31a09564-cd4a-4520-98fa-446a2af23b4b -Domain sales.contoso.com
MDMarra
  • 100,734
  • 32
  • 197
  • 329
10

LDAP? That guid is an attribute on an object in Active Directory, so yes you can query for it: 

(&(objectCategory=groupPolicyContainer)(name={D45A4D0F-77BE-4116-9F5B-CF96E81D2DDC}))

LDAP query example

You can also search for that value in the Group Policy Management Console:

enter image description here

Greg Askew
  • 35,880
  • 5
  • 54
  • 82
  • 1
    Yep, this works great with `dsquery` as well: `dsquery * -filter "(objectCategory=groupPolicyContainer)" -attr displayName objectGUID -limit 0` – jscott Dec 27 '12 at 19:38
3

Sure. Open Group Policy Management. Navigate to a GPO. Click on the Details tab for that GPO. Look at the Unique ID property.

gpo

Ryan Ries
  • 55,481
  • 10
  • 142
  • 199
  • -1 because while that will work nobody wants to look at every item in an attempt to find the name for that GUID. – John Gardeniers Dec 27 '12 at 22:01
  • 1
    It's useful information. It's not the most efficient way to find a single specific GUID in a domain, but there are situations in which this could be helpful, especially if you already suspect a specific GPO, or if you are looking to cross-reference a specific GPO in a gpresult, for instance. – Daniel Sep 25 '16 at 00:42
2

This script allows you to enumerate all the GPOs in your Active Directory domain and get their names, GUIDs and SIDs.

$gpolist = Get-QADObject -Type groupPolicyContainer
foreach ($objResult in $gpolist) {
    Write-Host $objResult.name ";" $objResult.GUID ";" $objResult.displayname
}

And moreover you can refer these links also.

http://techibee.com/group-policies/resolve-gpo-guid-to-gpo-name/169

http://www.howtonetworking.com/grouppolicy/grouppolicy3.htm

Hope it helps for you.

jscott
  • 24,484
  • 8
  • 79
  • 100
Richard Wilson
  • 262
  • 1
  • 2
  • 1
    You should note that this requires the Qwest AD cmdlets and link to them. People that don't know will read this and wonder why it doesn't work on their machine. – MDMarra Dec 27 '12 at 12:19
  • You may find the `Format-Table` or `ConvertTo-Csv` cmdlets easier to work with than manually formatting with `Write-Host`. – jscott Dec 27 '12 at 19:42
0

This simple PowerShell will export a list of all your domain GPOs with GUID to a .csv.

Get-GPO -All internal.example.com | Export-CSV C:\somefolder\file.csv
Paul
  • 3,037
  • 6
  • 27
  • 40
user227141
  • 1