How to create or remove GPO links using PowerShell
This article compares the process of adding and removing a GPO link in Active Directory using PowerShell and ADManager Plus, a web-based AD, Office 365 and Exchange management and reporting tool.
While the PowerShell cmdlets that have to be used for this purpose, New-GPLink and Remove-GPLink, make it necessary to use multiple parameters to add or remove the link from an OU, site or domain, ADManager Plus lets you do these with purely GUI based actions, making it the easiest option among the two.
Windows PowerShell
Steps to add or remove a GPO link using PowerShell.
- Ensure you have the necessary permissions to perform these operations, and also to execute PowerShell scripts.
- To add a GPO link to an OU, site or domain, create the script using the New-GPLink cmdlet. To remove a GPO link from a container, create a script using the Remove-GPLink cmdlet.
- Execute the script from the PowerShell window.
Sample PowerShell scripts
- To create a GPO link
Copied
New-GPLink -Name "SimpleGPO" -Target "dc=Example, dc=com" -LinkEnabled Yes -Enforced Yes
Click to copy entire script
This will add link the GPO to the domain Example.com, and also enforce it.
- To remove a GPO link
Copied
Remove-GPLink -Name "SimpleGPO" -Target "dc=Example, dc=com"
Click to copy entire script
This will remove the GPO link established between the domain Example.com, and the GPO, SimpleGPO.
ADManager Plus
To add or remove a GPO link,
- Select the Manage GPO Links in GPO Management.
- Click the Link GPOs option, select the required domain, OUs or sites, select the desired GPOs, and click Link GPOs. To remove GPO links, select the desired domain/site, select the GPOs whose links you wish to remove, and select Remove Links from the options in Manage Links.
Screenshot
» Start 30-day Free Trial
Limitations of using PowerShell to add a new GPO link or remove a GPO link
- You will not be able to create a new GPO link or remove one using PowerShell if you do not have enough privileges in AD to either add or remove GPO links, or execute the script. With ADManager Plus, users privileges in native AD doesn't have to be elevated to enable user AD accounts.
- To specify the target OUs, sites, and domain, the script has to be modified accordingly. ADManager Plus on the other hand, allows you to select all the desired target containers, right from the GUI, with just mouse-clicks, making it far easier and simpler to create a GPO.
- You must know how to run the scripts from the PowerShell window. ADManager Plus is purely GUI-based, allowing you to perform all management and reporting actions with just mouse clicks from its web-based console.
- Even a misplaced hyphen, or a typo in the LDAP names will lead to errors. As all actions in ADManager Plus are GUI-driven, there is no need to write scripts, eliminating the chances of errors.