Quick Tip: Using PowerShell to generate a GPO report

Someone asked me today how to easily export a readable report of all GPOs applied to a system (they were performing a security audit and needed an easy to way to script this).  Of course, I immediately thought of PowerShell!  So, here’s how you can export a readable report of all GPOs applied to a system in question in PowerShell:

> Import-Module GroupPolicy
> Get-GPOReport -All -ReportType Html -Path AllGPOsReport.htm

Of course, you can also use Get-GPOReport to generate a report for a specific GPO and/or export as XML, if you prefer.

Finding an Active Directory User's SID using PowerShell

I sometimes need a quick and easy way of determining a user’s Active Directory SID (for example, when performing forensics on the Recycle Bin). Yes, there are ways to find out a SID in ADUC (check out how here) – but I think that utilizing PowerShell is more efficient in this case.

To find a user’s SID, within PowerShell run the following (replacing <domain> and <user> with the appropriate information for your query):

$objUser = New-Object System.Security.Principal.NTAccount(<domain>,<user>)
$strSID = $objUser.Translate([System.Security.Principal.SecurityIdentifier])
$strSID.Value

To further enhance efficiency, I’ve actually wrapped this into a parametrized PowerShell script, which you can feel free to download here.  Remember, that in order to get the script to run, you need to set your execution policy to “RemoteSigned” by running the following command:

Set-ExecutionPolicy RemoteSigned