5.11. Linking a GPO to an OU

Problem

You want to apply the settings in a GPO to the users and/or computers within an OU, also known as linking the GPO to the OU.

Solution

Using a graphical user interface

  1. Open the Group Policy Management (GPMC) snap-in.

  2. Expand Forest in the left pane.

  3. Expand Domain and navigate down to the OU in the domain you want to link the GPO to.

  4. Right-click on the OU and select either Create and Link a GPO Here (if the GPO does not already exist) or Link an Existing GPO (if you have already created the GPO).

Using VBScript

' This code links a GPO to an OU in the specified domain
' ------ SCRIPT CONFIGURATION ------
strDomainDN = "<DomainDN>"   ' e.g. dc=rallencorp,dc=com
strGPO      = "<GPOName>"    ' e.g. WorkstationsGPO
strOUDN     = "<OrgUnitDN>" ' e.g. ou=Workstations,dc=rallencorp,dc=com ' ------ END CONFIGURATION --------- strBaseDN = "<LDAP://cn=policies,cn=system,dc=" & strDomainDN & ">;" strFilter = "(&(objectcategory=grouppolicycontainer)" & _ "(objectclass=grouppolicycontainer)" & _ "(displayname=" & strGPO & "));" strAttrs = "ADsPath;" strScope = "OneLevel" set objConn = CreateObject("ADODB.Connection") objConn.Provider = "ADsDSOObject" objConn.Open "Active Directory Provider" set objRS = objConn.Execute(strBaseDN & strFilter & strAttrs & strScope) if objRS.EOF <> TRUE then objRS.MoveFirst end if if objRS.RecordCount = 1 then strGPOADsPath = objRS.Fields(0).Value WScript.Echo "GPO Found: " & strGPOADsPath elseif objRS.RecordCount = 0 then WScript.Echo "Did not founding ...

Get Active Directory Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial