findorphanedGPOsInSYSVOL.wsf (3623B)
1 '//////////////////////////////////////////////////////////////////////////// 2 '// Copyright (c) Microsoft Corporation. All rights reserved 3 '// 4 '// Title: FindOrphanedGPOs.wsf 5 '// Author: jstatia@microsoft.com 6 '// Created: 01/2/2003 7 '// 8 '// Purpose: Finds All Orphaned GPO objects in Sysvol with no AD Source 9 '// and Prints them out 10 '//////////////////////////////////////////////////////////////////////////// 11 12 '////////////////////////////////////// 13 '/ Initialization 14 '///////////////////////////////////// 15 <job> 16 17 <script language="VBSCRIPT"> 18 Option Explicit 19 on error resume next 20 21 '/////////////////////////////////////// 22 '// Main script 23 '/////////////////////////////////////// 24 25 ''// Handle command line arguments 26 dim ArgumentList 27 dim szDomainName, szDomainSysvolPolicy,szFolder, szFullADPol, szObject, szBase, szADPol 28 dim fsoFILE, foPolicy, Folder 29 dim iCtr 30 dim ldapRoot 31 32 ProcessCommandLineArguments WScript.Arguments, ArgumentList 33 szDomainName = ArgumentList.Item("Domain") 34 35 szDomainSysvolPolicy = "\\" & szDomainName & "\sysvol\" & szDomainName & "\policies" 36 37 set fsoFile = CreateObject("Scripting.FileSystemObject") 38 39 set foPolicy = fsoFile.GetFolder(szDomainSysvolPolicy) 40 if err then 41 Show_Error(err) 42 end if 43 44 szBase = replace(szDomainName,".",",DC=") 45 szADPol = "CN=Policies,CN=System,DC=" & szBase 46 47 WScript.Echo "Policies Not In AD But Located in:" 48 WScript.Echo " " & szDomainSysvolPolicy 49 WScript.Echo "" 50 51 iCtr = 0 52 for each Folder in foPolicy.SubFolders 53 szBase = "CN=" & Folder.Name & "," & szADPol 54 szObject = "LDAP://" & szDomainName & "/" & szBase 55 Set ldapRoot = GetObject(szObject) 56 if err then 57 WScript.Echo " " & Folder.Name 58 iCtr = iCtr + 1 59 err.clear 60 end if 61 next 62 63 WScript.Echo "" 64 WScript.Echo "Total Orphaned GPO's: " & iCtr 65 66 67 '/////////////////////////////////////// 68 '// Function Definitions 69 '/////////////////////////////////////// 70 71 Public Sub Show_Error(e) 72 WScript.Echo "An Error Has Occured" 73 WScript.Echo "Error Number: " & e.number 74 WScript.Echo "Error Description: " & e.description 75 ' WScript.Quit(1) 76 End Sub 77 78 'Takes a WScript.Arguments object and returns a dictionary object 79 'containing the named arguments and values that were passed in 80 public Sub ProcessCommandLineArguments ( Arguments, Result) 81 dim szDomainName 82 83 szDomainName = "" 84 85 '// Check if this is cscript. If not, print an error and bail out 86 if instr(lcase(WScript.FullName),"wscript") <> 0 Then 87 WScript.Echo "You must use cscript.exe to execute this script." 88 WScript.Quit(1) 89 end if 90 if not IsObject(Result) then 91 set Result = CreateObject("Scripting.Dictionary") 92 end if 93 94 if Arguments.Named.Exists("Domain") Then 95 szDomainName = Arguments.Named("Domain") 96 End IF 97 98 '// Get the current domain if none was specified 99 if szDomainName = "" Then 100 szDomainName = GetDNSDomainForCurrentUser() 101 end If 102 103 Result.add "Domain", szDomainName 104 End Sub 105 106 </script> 107 108 <!-- Usage and command line argument information --> 109 <runtime> 110 111 <description> 112 Finds and prints all GPOs in SYSVOL with no corresponding Active Directory (AD) source. 113 These GPOs are usually referred to as orphaned GPOs. A GPO can become orphaned usually in two different ways: 1) if the 114 GPO is deleted directly through ADSI edit. 2) if the GPO was deleted by someone that had permissions to do so in AD, but not in Sysvol. 115 In this case, the AD portion of the GPO would be deleted but the SYSVOL portion of the GPO would be left behind. 116 </description> 117 118 <named name="Domain" helpstring="DNS name of domain" type="string" required="false" /> 119 120 <example> 121 Example: FindOrphanedGPOs.wsf /domain:Test.MyDomain.com 122 </example> 123 124 </runtime> 125 126 </job>