To get a list of OUs and the status of GPO inheritance:
1 |
Get-ADOrganizationalUnit -SearchBase "OU=Servers,DC=domain,DC=tld" -Filter * | ft DistinguishedName,@{Name="Inheritance";Expression={(Get-GPInheritance$_.DistinguishedName).GpoInheritanceBlocked}} -Autosize |
To get a list of OUs that have GPO inheritance blocked:
1 |
Get-ADOrganizationalUnit -SearchBase "OU=Servers,DC=domain,DC=tld" -Filter * | ?{(Get-GPInheritance $_.DistinguishedName).GpoInheritanceBlocked -eq "Yes"} | ft DistinguishedName |
To get a list of OUs that have GPO inheritance blocked and a don’t have a particular GPO applied to them directly:
1 |
Get-ADOrganizationalUnit -SearchBase "OU=Servers,DC=domain,DC=tld" -Filter * | ?{(Get-GPInheritance $_.DistinguishedName).GpoInheritanceBlocked -eq "Yes"} | ft DistinguishedName,@{Name="Linked?";Expression={if (((Get-GPInheritance $_.DistinguishedName).GpoLinks | select DisplayName) -match "GPO I am Interested In") { "Yes" } else { "No" }}} -AutoSize |
There’s probably a better way to do this, but this is the best I could come up with …