Backing up and restoring GPOs

As with any piece of data in your organization, it is a good idea to keep backups of your GPOs. Keeping these backups separately from a full Domain Controller or full Active Directory backup can be advantageous, as it enables a quicker restore of individual GPOs in the event of an accidental deletion. Or perhaps you updated a GPO, but the change you made is now causing problems and you want to roll that policy back to make sure it is configured the way that it was yesterday. Whatever your reason for backing up and restoring GPOs, let's take a look at a couple of ways to accomplish each task. We will use the Group Policy Management Console to perform these functions, and will also figure out how to do the same backup and restores via PowerShell.

Getting ready

We are going to perform these tasks from a Windows Server 2016 domain controller in our environment. We will utilize both the Group Policy Management Console and the PowerShell command line.

How to do it…

There is a GPO in our domain called Map Network Drives. First, we will use Group Policy Management Console to back up and restore this GPO:

  1. From the Tools menu of Server Manager, open up the Group Policy Management Console.
  2. Navigate to Forest | Domains | Your Domain Name | Group Policy Objects.
  3. If you want to back up a single GPO, you simply right-click on the specific GPO and choose Back Up…. Otherwise, it is probably more useful for us to back up the whole set of GPOs. To accomplish that, right-click on the Group Policy Objects folder and then choose Back Up All….

    How to do it…

  4. Specify a location where you want the backups to be saved and a description for the backup set. Then click Back Up.

    How to do it…

  5. Once the backup process is complete, you should see the status of how many GPOs were successfully backed up.

    How to do it…

Now let's try accomplishing the same full GPO backup, but this time using PowerShell:

  1. Open an administrative PowerShell prompt.
  2. Use the following command:
    Backup-GPO -Path C:GPO_Backups_PowerShell -All
    

    How to do it…

Now that we have two full backup sets of the GPOs, let's try to restore the GPO called Map Network Drives.

  1. Navigate back inside the Group Policy Management Console and find the Group Policy Objects folder. The same location that we used to back up a minute ago.
  2. Right-click on the Map Network Drives GPO and choose Restore from Backup….

    How to do it…

  3. Click Next and specify the folder where your backup files are stored. Then click Next again.
  4. As long as a backup copy of the Map Network Drives GPO exists in that folder, you will see it in the wizard. Select that GPO and click Next.

    How to do it…

  5. Click Finish and the GPO will be restored to its previous state.

Now we will restore the same Map Network Drives GPO, but using PowerShell as follows:

  1. Head back to your administrative PowerShell prompt.
  2. Use the following command to restore the previous version of this GPO from the backup we created earlier:
    Restore-GPO -Name "Map Network Drives" -Path
          C:GPO_Backups_PowerShell
    

    How to do it…

    Tip

    Rather than typing out the name of the GPO in this command, you could instead specify the GUID of the policy. This number is generally a lot longer than the name, however, and so I tend to see admins preferring to utilize the name of the policy. For example, the GUID of our Map Network Drives GPO is 77eed750-de8e-44e9-9649-96cab2f2abdc.

How it works…

Backing up and restoring GPOs is going to be a regular task for anybody administering Active Directory and Group Policy. In this recipe, we walked through each process, using a couple of different tools for each procedure. Group Policy Management Console is nice because it is graphically interfaced, and it is easy to look at the options available to you. PowerShell is often preferred, however, because it can be automated (think scheduled backups). It also facilitates remote execution of these commands from another machine inside the network.

See also

Here are some links for more extensive information about the PowerShell cmdlets we used today:

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.118.20.148