Restore Group Policy with PowerShell – 4sysops

As we speak, I’m sharing a PowerShell script that permits you to restore Group Policy from backups. My restore perform is a companion software to the Group Policy backup software I shared with 4sysops readers earlier this yr.

Mike Kanakos

Mike is a Home windows IT professional situated in the Analysis Triangle Park area of North Carolina with 13+ years of expertise as an admin and 20 years in the area. He focuses on Lively Directory, Azure AD, Group Policy, and automation by way of PowerShell. You’ll be able to comply with Mike’s weblog at or on Twitter at @MikeKanakos.

Newest posts by Mike Kanakos (see all)

As a fast refresher, the backup software I constructed saves Group Policy backups with easy-to-read folder names relatively than GUIDs as filenames, which is what you’d get from the default Backup-GPO cmdlet from Microsoft. When you’ve got numerous Group Policy Objects (GPOs) backed up with GUIDs, it’s not straightforward to determine which backup file is the one you want when it comes time to revive knowledge. My backup device solves that drawback.

Once you start using my backup device to back up Group Policy, the built-in Restore-GPO cmdlet won’t learn the backups my device creates. Why? The built-in cmdlet is on the lookout for information named as GUIDs, and my backup device renames the information to a special naming conference.

But worry not! My backup device makes backing up GPOs tremendous straightforward, and restoring GPOs with this companion software can also be an easy course of. Let me walk you thru the operation of the Restore-GroupPolicy perform. In case you are not familiar with my backup software, I like to recommend you go to my write-up first so you possibly can easily comply with alongside right here.

Backing up to restore ^

To point out off the restore process, I’ll begin by creating a new Group Policy. From there I’ll again it up, delete it, and eventually restore the coverage back to a website controller (DC) to show the end-to-end course of and how straightforward it is to do. So let’s get started by creating a GPO we will check with. We will do that from PowerShell like so:

After creating the GPO, we should always get a summary of the new GPO information, like so:

Here’s a quick screenshot to point out that the GPO now exists in my domain:

Creating a test GPO

Creating a check GPO

The subsequent step can be to back up this GPO utilizing the Backup-GroupPolicy cmdlet I talked about earlier on this article. The syntax for this cmdlet could be very simple. You might want to specify a path for the backup, the area identify, and the server to again up the info from. It will back up all GPOs to the path specified. The cmdlet will create a subfolder with immediately’s date and store the backups in that subfolder.

When the backup completes, we have now a folder that accommodates all of the GPO backups. Notice the backup of the Group Policy named “Dummy GPO for Testing” has a modified folder identify that consists of the friendly identify of the GPO and the actual backup ID of the GPO.

GPO backup confirmation

GPO backup confirmation

As soon as we’ve got a legitimate backup, we will go forward and delete the Dummy GPO. Again, we will do that by way of PowerShell.

Restore-GroupPolicy syntax ^

Restoring a GPO from backup with the Restore-Group-Policy cmdlet is an easy course of just like the backup course of we followed earlier. To perform a restore, we provide comparable info like we did throughout backup. We have to provide three pieces of data: the precise identify of the Group Policy backup, the situation of the backup, and the DC to perform the restore to. For our demonstration, the syntax is:

Once we execute the command, the cmdlet reaches out to the folder, reads the GPO backup, and initiates the restore course of. As soon as the process completes, it returns the abstract info.

Discover the time of GPO creation has changed to the time I ran the restore (approximately two and half hours after I ran the first backup). We now have our Dummy GPO restored to the SYSVOL folder on a DC without any problem, and it solely took one command to get again a working copy of the GPO. Lively Directory will then replicate that GPO to all the opposite DCs in my domain.

Restore-GroupPolicy code ^

The Restore-GroupPolicy cmdlet doesn’t have a bunch of complicated code. A lot of the code is creating some temp variables and then briefly renaming the file path to these variables. After creating the temp variables, it passes all the data to the built-in Group Policy cmdlets from Microsoft to do the actual GPO restore.

That’s the primary portion of the code for this script. Once I write scripts, I all the time favor to write down features as a result of they embrace help and examples, and in addition the code turns into moveable. The Restore-GroupPolicy cmdlet is a perform, so ensure you load it into reminiscence earlier than you try and run it. You will discover the complete script under. The newest versions of all of my scripts are all the time situated in my GitHub repo. I hope you discover this software and all of my others worthy additions to your sysadmin software package. Please reach out by way of the feedback part if in case you have any questions about this or any of my different scripts.

Be a part of the 4sysops PowerShell group!


Customers who have LIKED this submit:

  • avatar
  • avatar