The following sections provide the scriptable operations that can be carried out on the domain object.
Run the NQCreateOfflinePolicyContainerHierarchy.exe file to create a temporary copy of the settings information of all GPOs in the GP Repository. GPA automatically creates the offline policy container hierarchy when you add domains to the GP Repository. This only works for domains that have a trust relationship with the repository member domain.
To run the NQCreateOfflinePolicyContainerHierarchy.exe file, you should have Domain Admin permissions in the domain for which you want to create the offline policy container hierarchy.
The NQCreateOfflinePolicyContainerHierarchy.exe file displays a status report in the command prompt window as it runs. After execution, the NQCreateOfflinePolicyContainerHierarchy.exe file creates a log that lists the domains it successfully recreated and those domains it failed to recreate. The log displays the “ATTENTION REQUIRED” text next to the domain name of any domain the tool failed to recreate.
NQCreateOfflinePolicyContainerHierarchy /D:Domain_DNS_Name /S:Repository_Server /DB:DatabaseName
The following table describes the command-line parameters and variables.
Variable Name |
Replace With |
---|---|
/D: Domain_DNS_Name |
DNS name of the evaluation domain, such as abc.xyz. If you specify the domain name, then GPA creates the offline policy container hierarchy for only that domain. If you do not specify the domain name, then GPA creates an offline policy container hierarchy for each domain in the GP Repository (optional). |
/S: Repository_Server |
Name of the Microsoft SQL Server where you have installed the GP Repository. The default value, period (.), indicates the local Microsoft SQL Server. |
/DB: DatabaseName |
Name of the GP Repository database. The default value of the GP Repository database name is GPO_REPOSITORY. If the database name is different, specify the correct database name (optional, if you specify the domain name). |
/? |
Command-line Help for the tool. |
NQCreateOfflinePolicyContainerHierarchy /D:ABC.com /S:ABCSQLServer /DB:ABCDatabaseName
Create a new category.
DomainObject.CreateCategory "CategoryName"
The following code creates a domain‑level category in the GP Repository.
Dim oGPRroot, oCategory, oDomain Set oGPRroot = Wscript.CreateObject("faGPRRoot.faGPRRoot") oGPRroot.ConnectTo("DRIVER={ODBC Driver 13 for SQL Server};SERVER="<SQL Server Instance Name>";Trusted_Connection=Yes;DATABASE=GPO_REPOSITORY;") Set oDomain = oGPRroot.GetObject("FAGPR://DC=NetIQLabs,DC=com") oDomain.CreateCategory "Software Policies"
DomainObject.CreateCategory("CategoryName")
The following code creates a domain‑level category in the GP Repository.
public static void CreateCategory() { IfaGPRRoot oGPRroot = new faGPRRoot(); oGPRroot.ConnectTo("Provider=SQLOLEDB.1;Integrated Security=SSPI;Initial Catalog=GPO_REPOSITORY;Data Source=GPA_SERVER;Use Procedure for Prepare=1;Auto Translate=True;Packet Size=4096;Workstation ID=GPA_SERVER;Use Encryption for Data=False;Tag with column collation when possible=False"); IfaGPRDomain oDomain = oGPRroot.GetObject("FAGPR://DC=MYDOMAIN,DC=LAB"); oDomain.CreateCategory("NewCategory"); Console.WriteLine("Category created"); Console.ReadKey(); }
Delete a domain from GP Repository. This operation would delete all GPOs under various categories and subcategories in the domain. This operation requires all GPOs in the domain to be checked in.
DomainObject.Delete
The following code deletes a domain from the GP Repository.
Dim oGPRroot, oCategory, oDomain Set oGPRroot = Wscript.CreateObject("faGPRRoot.faGPRRoot") oGPRroot.ConnectTo("DRIVER={ODBC Driver 13 for SQL Server};SERVER="<SQL Server Instance Name>";Trusted_Connection=Yes;DATABASE=GPO_REPOSITORY;") Set oDomain = oGPRroot.GetObject("FAGPR://DC=NetIQLabs,DC=com") oDomain.Delete
DomainObject.Delete()
The following code deletes a domain from the GP Repository.
public static void DeleteDomain() { string sDomainSource = "FAGPR://DC=MYTARGETDOMAIN,DC=LAB"; IfaGPRRoot oGPRroot = new faGPRRoot(); oGPRroot.ConnectTo("Provider=SQLOLEDB.1;Integrated Security=SSPI;Initial Catalog=GPO_REPOSITORY;Data Source=GPA_SERVER;Use Procedure for Prepare=1;Auto Translate=True;Packet Size=4096;Workstation ID=GPA_SERVER;Use Encryption for Data=False;Tag with column collation when possible=False"); IfaGPRDomain2 oDomain = oGPRroot.GetObject(sDomainSource); oDomain.Delete(); Console.WriteLine("Domain deleted"); Console.ReadKey(); }
Enumerates AD Links defined in the domain map for the specified domain.
StringArrayOfLinks = DomainObject.EnumerateADLinks()
The following code allows you to enumerate the AD links defined in the domain map.
Dim oGPRroot, oDomainSource, oDomainTarget, aLinks, strPath Set oGPRroot = Wscript.CreateObject("faGPRRoot.faGPRRoot") oGPRroot.ConnectTo("DRIVER={ODBC Driver 13 for SQL Server};SERVER="<SQL Server Instance Name>";Trusted_Connection=Yes;DATABASE=GPO_REPOSITORY;") Set oDomainSource = oGPRroot.GetObject("FAGPR://DC=NetIQLabs,DC=com") Set oDomainTarget = oGPRroot.GetObject("FAGPR://DC=Test,DC=NetIQLabs,DC=com") aLinks = oDomainSource.EnumerateADLinks() For each strPath in aLinks wscript.echo strPath Next
ObjectArrayOfLinks = DomainObject.EnumerateADLinks()
The following code allows you to enumerate the AD links defined in the domain map.
public static void EnumerateADLinks() { string sDomainSource = "FAGPR://DC=MYDOMAIN,DC=LAB"; IfaGPRRoot oGPRroot = new faGPRRoot(); oGPRroot.ConnectTo("Provider=SQLOLEDB.1;Integrated Security=SSPI;Initial Catalog=GPO_REPOSITORY;Data Source=GPA_SERVER;Use Procedure for Prepare=1;Auto Translate=True;Packet Size=4096;Workstation ID=GPA_SERVER;Use Encryption for Data=False;Tag with column collation when possible=False"); IfaGPRDomain2 oDomain = oGPRroot.GetObject(sDomainSource); object[] obj = oDomain.EnumerateADLinks(); foreach (object ob in obj) { Console.WriteLine(ob.ToString()); } Console.ReadKey(); }
Enumerate the categories under a node for a domain.
For Each "Category" in "Domain" [. . . perform operations . . .] Next
The following code prints all domain‑level category names for all existing domains in the GP Repository.
Dim oGPRroot, oCategory, oDomain Set oGPRroot = Wscript.CreateObject("faGPRRoot.faGPRRoot") oGPRroot.ConnectTo("DRIVER={ODBC Driver 13 for SQL Server};SERVER="<SQL Server Instance Name>";Trusted_Connection=Yes;DATABASE=GPO_REPOSITORY;") For Each oDomain in oGPRroot Wscript.Echo oDomain.Name For Each oCategory in oDomain Wscript.Echo oCategory.Name Next Next
foreach (Category in Domain) { [. . . perform operations . . .] }
The following code prints all domain‑level category names for all existing domains in the GP Repository.
public static void EnumerateCategories() { string sDomainSource = "FAGPR://DC=MYDOMAIN,DC=LAB"; IfaGPRRoot oGPRroot = new faGPRRoot(); oGPRroot.ConnectTo("Provider=SQLOLEDB.1;Integrated Security=SSPI;Initial Catalog=GPO_REPOSITORY;Data Source=GPA_SERVER;Use Procedure for Prepare=1;Auto Translate=True;Packet Size=4096;Workstation ID=GPA_SERVER;Use Encryption for Data=False;Tag with column collation when possible=False"); IfaGPRDomain2 oDomain = oGPRroot.GetObject(sDomainSource); object[] obj = oDomain.EnumerateADLinks(); foreach (IfaGPRDomain gprDomain in oGPRroot) { Console.WriteLine(gprDomain.Name); foreach (IfaGPRCategory gprCategory in gprDomain) { Console.WriteLine(gprCategory.Name); } } Console.ReadKey(); }
Enumerates the GPOs in the domain map.
ArrayOfGPOCNStrings = TargetDomainObject.EnumerateGPOMap(SourceDomainObject)
The following code enumerates the GPOs in the domain map.
Dim oGPRroot, oDomainSource, oDomainTarget, aGPOs, strGPO Set oGPRroot = Wscript.CreateObject("faGPRRoot.faGPRRoot") oGPRroot.ConnectTo("DRIVER={ODBC Driver 13 for SQL Server};SERVER="<SQL Server Instance Name>";Trusted_Connection=Yes;DATABASE=GPO_REPOSITORY;") Set oDomainSource = oGPRroot.GetObject("FAGPR://DC=NetIQLabs,DC=com") Set oDomainTarget = oGPRroot.GetObject("FAGPR://DC=Test,DC=NetIQLabs,DC=com") aGPOs = oDomainTarget.EnumerateGPOMap(oDomainSource) For each strGPO in aGPOs wscript.echo Next
ObjectArrayOfGPOCN = TargetDomainObject.EnumerateGPOMap(SourceDomainObject)
The following code enumerates the GPOs in the domain map.
public static void EnumerateGPOMap() { string sDomainSource = "FAGPR://DC=MYDOMAIN,DC=LAB"; string sDomainTarget = "FAGPR://DC=MYDOMAIN,DC=LAB"; IfaGPRRoot oGPRroot = new faGPRRoot(); oGPRroot.ConnectTo("Provider=SQLOLEDB.1;Integrated Security=SSPI;Initial Catalog=GPO_REPOSITORY;Data Source=GPA_SERVER;Use Procedure for Prepare=1;Auto Translate=True;Packet Size=4096;Workstation ID=GPA_SERVER;Use Encryption for Data=False;Tag with column collation when possible=False"); IfaGPRDomain2 oDomain = oGPRroot.GetObject(sDomainSource); IfaGPRDomain2 otarget = oGPRroot.GetObject(sDomainTarget); object[] obj = otarget.EnumerateGPOMap(oDomain); foreach (object gprDomain in obj) { Console.WriteLine(gprDomain.ToString()); } Console.ReadKey(); }
Enumerates the accounts in the domain map.
arrayOfUserStrings = Domain.EnumerateUsers()
The following code allows you to enumerate the accounts in the domain map.
Dim oGPRroot, oDomain Dim aUsers Dim strUser Set oGPRroot = Wscript.CreateObject("faGPRRoot.faGPRRoot") oGPRroot.ConnectTo("DRIVER={ODBC Driver 13 for SQL Server};SERVER="<SQL Server Instance Name>";Trusted_Connection=Yes;DATABASE=GPO_REPOSITORY;") Set oDomain = oGPRroot.GetObject("FAGPR://DC=NetIQLabs,DC=coml") aUsers = oDomain.EnumerateUsers() For each strUser in aUsers wscript.echo strUser Next
ObjectArrayOfUsers = Domain.EnumerateUsers()
The following code allows you to enumerate the accounts in the domain map.
public static void EnumerateUsers() { string sDomainSource = "FAGPR://DC=MYDOMAIN,DC=LAB"; IfaGPRRoot oGPRroot = new faGPRRoot(); oGPRroot.ConnectTo("Provider=SQLOLEDB.1;Integrated Security=SSPI;Initial Catalog=GPO_REPOSITORY;Data Source=GPA_SERVER;Use Procedure for Prepare=1;Auto Translate=True;Packet Size=4096;Workstation ID=GPA_SERVER;Use Encryption for Data=False;Tag with column collation when possible=False"); IfaGPRDomain2 oDomain = oGPRroot.GetObject(sDomainSource); object[] obj = oDomain.EnumerateUsers(); foreach (object ob in obj) { Console.WriteLine(ob.ToString()); } Console.ReadKey(); }
Retrieves AD Link mapping information from the domain map.
StrADLinkPath = DomainObject.GetMappedADLink("DomainObject", "DCName")
The following code allows you to enumerate the AD links of the OU in the domain map with the corresponding AD Link mapping information of the OU in the specified domain.
Dim oGPRroot, oDomainSource, oDomainTarget, aLinks, strPath, strMappedPath Set oGPRroot = Wscript.CreateObject("faGPRRoot.faGPRRoot") oGPRroot.ConnectTo("DRIVER={ODBC Driver 13 for SQL Server};SERVER="<SQL Server Instance Name>";Trusted_Connection=Yes;DATABASE=GPO_REPOSITORY;") Set oDomainSource = oGPRroot.GetObject("FAGPR://DC=NetIQLabs,DC=com") Set oDomainTarget = oGPRroot.GetObject("FAGPR://DC=Test,DC=NetIQLabs,DC=com") aLinks = oDomainSource.EnumerateADLinks() For each strPath in aLinks strMappedPath = oDomainTarget.GetMappedADLink (oDomainSource,strPath) wscript.echo strPath & " --> " & strMappedPath Next
StrADLinkPath = DomainObject.GetMappedADLink("DomainObject", "DCName")
The following code allows you to enumerate the AD links of the OU in the domain map with the corresponding AD Link mapping information of the OU in the specified domain.
public static void GetADLinkMap() { string sDomainSource = "FAGPR://DC=MYDOMAIN,DC=LAB"; IfaGPRRoot oGPRroot = new faGPRRoot(); oGPRroot.ConnectTo("Provider=SQLOLEDB.1;Integrated Security=SSPI;Initial Catalog=GPO_REPOSITORY;Data Source=GPA_SERVER;Use Procedure for Prepare=1;Auto Translate=True;Packet Size=4096;Workstation ID=GPA_SERVER;Use Encryption for Data=False;Tag with column collation when possible=False"); IfaGPRDomain2 oDomainsource = oGPRroot.GetObject(sDomainSource); IfaGPRDomain2 oDomaintarget = oGPRroot.GetObject("FAGPR://DC=MYTARGETDOMAIN,DC=LAB"); object[] aLinks = oDomainsource.EnumerateADLinks(); foreach (object ob in aLinks) { if (oDomaintarget.GetMappedADLink(oDomainsource, ob.ToString()) != null) { Console.WriteLine(ob.ToString() + " --- >" + oDomaintarget.GetMappedADLink(oDomainsource, ob.ToString())); } else { Console.WriteLine(ob.ToString() + " --- > AD link is not mapped in the Target Domain"); } } Console.ReadKey(); }
Retrieves GPO mapping information from the domain map.
GPOCNString = TargetDomainObject.GetMappedGPO(SourceDomainObject, "SourceGPO_CN_NAME")
The following code retrieves GPO mapping information from the domain map.
Dim oGPRroot, oDomainSource, oDomainTarget, aGPOs, strGPO, strMappedGpo Set oGPRroot = Wscript.CreateObject("faGPRRoot.faGPRRoot") oGPRroot.ConnectTo("DRIVER={ODBC Driver 13 for SQL Server};SERVER="<SQL Server Instance Name>";Trusted_Connection=Yes;DATABASE=GPO_REPOSITORY;") Set oDomainSource = oGPRroot.GetObject("FAGPR://DC=NetIQLabs,DC=com") Set oDomainTarget = oGPRroot.GetObject("FAGPR://DC=Test,DC=NetIQLabs,DC=com") aGPOs = oDomainTarget.EnumerateGPOMap(oDomainSource) For each strGPO in aGPOs strMappedGpo = oDomainTarget.GetMappedGPO (oDomainSource,strGPO) wscript.echo strGPO & " --> " & strMappedGpo Next
GPOCNString = TargetDomainObject.GetMappedGPO(SourceDomainObject, "SourceGPO_CN_NAME")
The following code retrieves GPO mapping information from the domain map.
public static void GetMappedGPO() { string sDomainSource = "FAGPR://DC=MYDOMAIN,DC=LAB"; IfaGPRRoot oGPRroot = new faGPRRoot(); oGPRroot.ConnectTo("Provider=SQLOLEDB.1;Integrated Security=SSPI;Initial Catalog=GPO_REPOSITORY;Data Source=GPA_SERVER;Use Procedure for Prepare=1;Auto Translate=True;Packet Size=4096;Workstation ID=GPA_SERVER;Use Encryption for Data=False;Tag with column collation when possible=False"); IfaGPRDomain2 oDomainsource = oGPRroot.GetObject(sDomainSource); IfaGPRDomain2 oDomaintarget = oGPRroot.GetObject("FAGPR://DC=MYTARGETDOMAIN,DC=LAB"); object[] aGPOs = oDomaintarget.EnumerateGPOMap(oDomainsource); foreach (object ob in aGPOs) { if (oDomaintarget.GetMappedGPO(oDomainsource, ob.ToString()) != null) { Console.WriteLine(ob.ToString() + " --- >" + oDomaintarget.GetMappedGPO(oDomainsource, ob.ToString())); } else { Console.WriteLine(ob.ToString() + " --- > GPO is not mapped in the Target Domain"); } } Console.ReadKey(); }
Returns the domain mapping for a specified account and domain.
MappedUserString = TargetDomainObject.GetMappedUser(SourceDomainObject, "Source_UserName")
The following code allows you to enumerate the accounts in the domain map with the corresponding mapping account for the specified domain.
Dim oGPRroot, oDomainSource, oDomainTarget Set oGPRroot = Wscript.CreateObject("faGPRRoot.faGPRRoot") oGPRroot.ConnectTo("DRIVER={ODBC Driver 13 for SQL Server};SERVER="<SQL Server Instance Name>";Trusted_Connection=Yes;DATABASE=GPO_REPOSITORY;") Set oDomainSource = oGPRroot.GetObject("FAGPR://DC=NetIQLabs,DC=com") Set oDomainTarget = oGPRroot.GetObject("FAGPR://DC=Test,DC=NetIQLabs,DC=com") aUsers = oDomainSource.EnumerateUsers() For each strUser in aUsers strMappedUser = oDomainTarget.GetMappedUser (oDomainSource,strUser) wscript.echo strUser & " --> " & strMappedUser Next
MappedUserString = TargetDomainObject.GetMappedUser(SourceDomainObject, "Source_UserName")
The following code allows you to enumerate the accounts in the domain map with the corresponding mapping account for the specified domain.
public static void GetMappedUser() { IfaGPRRoot oGPRroot = new faGPRRoot(); oGPRroot.ConnectTo("Provider=SQLOLEDB.1;Integrated Security=SSPI;Initial Catalog=GPO_REPOSITORY;Data Source=GPA_SERVER;Use Procedure for Prepare=1;Auto Translate=True;Packet Size=4096;Workstation ID=GPA_SERVER;Use Encryption for Data=False;Tag with column collation when possible=False"); IfaGPRDomain2 oDomainsource = oGPRroot.GetObject("FAGPR://DC=MYDOMAIN,DC=LAB"); IfaGPRDomain2 oDomaintarget = oGPRroot.GetObject("FAGPR://DC=MYTARGETDOMAIN,DC=LAB"); object[] aUsers = oDomainsource.EnumerateUsers(); foreach (object ob in aUsers) { Console.WriteLine(ob.ToString() + " --- >" + oDomaintarget.GetMappedUser(oDomainsource, ob.ToString())); } Console.ReadKey(); }
The Offline Mirror process imports GPOs from an Active Directory domain into the GP Repository and synchronizes link order based on AD or the GP Repository, also called creating an offline mirror. The command-line interface uses a template you save using the Offline Mirror wizard that defines the options on AD containers to process. This only works for domains that have a trust relationship with the repository member domain.
You can use the Offline Mirror command-line tool, located in the \Bin folder under the product installation path, to configure the update process to run during off‑peak hours using a Microsoft Windows scheduled task.
NOTE:If you are running GPA on a 64‑bit platform, you need to run the Offline Mirror tool using a 32‑bit command prompt window. On a 64‑bit computer, you can access the 32‑bit command prompt window from the %WINDIR%\SysWOW64 folder.
You can also create an offline mirror from the GPA Console using the Offline Mirror wizard by selecting a GP Repository domain and clicking Run Offline Mirror from the Action menu. For more information, see Section 5.4.2, Importing All GPOs Linked to Any AD Container in an AD Domain (Creating an Offline Mirror).
C:\Program Files\NetIQ\Group Policy Administrator\Bin\"NetIQ GPA Offline Mirror.exe"
[/F:"C:\MyNewTemplate.xml]"
The following table describes the command‑line parameters and variables.
Variable name |
Replace with |
/F:Offine_Mirror_Template.xml |
Specifies the path to the .xml offline mirror template file, which loads and runs the offline mirror import and sync link order processes from the command-line window. Use quotation marks if the path or file name includes spaces. |
/? or /h |
Displays command-line help for this tool. |
NOTE:When you do not specify any parameters, the tool opens and runs the Offline Mirror wizard and closes the command prompt window.
"NetIQ GPA Offline Mirror Wizard.exe"/F:"%USERPROFILE%\My Documents\Offline Mirror Input.xml"
The Offline Mirror tool displays a status report in the command prompt window as it runs, similar to the following example. All of the information in the command line window is also written to a log found in the %appdata% path of the user running the tool. The import process may take some time for domains with a large number of OUs and GPOs.
NetIQ GPA Offline Mirror (c) 2011 NetIQ Corporation. File Path:C:\Users\Administrator.GPDOM300\Desktop\OMW Sample Import.xml Offline mirror process started Import in progress... Percentage Completed:0 Import started for container:: LDAP://HOUDVGP106V.GPDOM300.lab/DC=GPDOM300,DC=lab Importing GPO: Default Domain Policy GPO Default Domain Policy exists in the GP Repository. The version of GPO Default Domain Policy in AD is newer than the version in the GP Repository. GPO imported successfully: Default Domain Policy Import Completed for container:: LDAP://HOUDVGP106V.GPDOM300.lab/DC=GPDOM300,DC=lab Percentage Completed:100 Import operation completed for SyncID: 62a2066e-c3ca-43cd-af35-16ae7edb20f3 Completed successfully without any errors and total AD objects synced: 1
Read the Name property of a domain.
DomainObject.Name
The following code allows you to print all domain names in the GP Repository.
Dim oGPRroot, oDomain Set oGPRroot = Wscript.CreateObject("faGPRRoot.faGPRRoot") oGPRroot.ConnectTo("DRIVER={ODBC Driver 13 for SQL Server};SERVER="<SQL Server Instance Name>";Trusted_Connection=Yes;DATABASE=GPO_REPOSITORY;") For Each oDomain in oGPRroot Wscript.Echo oDomain.Name Next
DomainObject.Name
The following code allows you to print all domain names in the GP Repository.
public static void ReadDomainName() { IfaGPRRoot oGPRroot = new faGPRRoot(); oGPRroot.ConnectTo("Provider=SQLOLEDB.1;Integrated Security=SSPI;Initial Catalog=GPO_REPOSITORY;Data Source=GPA_SERVER;Use Procedure for Prepare=1;Auto Translate=True;Packet Size=4096;Workstation ID=GPA_SERVER;Use Encryption for Data=False;Tag with column collation when possible=False"); foreach (IfaGPRDomain gprDomain in oGPRroot) { Console.WriteLine(gprDomain.Name); } Console.ReadKey(); }
Sets mapping information in the domain map for the specified AD Link.
TargetDomainObject.SetADLinkMap SourceDomainObject, "Source Domain OU Path", "Target Domain OU Path"
The following code allows you to map an AD Link from an OU in the source domain, Org1.com, to a target AD Link in an OU with the same name and path in Test.Org1.com.
Dim oGPRroot, oDomainSource, oDomainTarget Set oGPRroot = Wscript.CreateObject("faGPRRoot.faGPRRoot") oGPRroot.ConnectTo("DRIVER={ODBC Driver 13 for SQL Server};SERVER="<SQL Server Instance Name>";Trusted_Connection=Yes;DATABASE=GPO_REPOSITORY;") Set oDomainSource = oGPRroot.GetObject("FAGPR://DC=Org1,DC=com") Set oDomainTarget = oGPRroot.GetObject("FAGPR://DC=Test,DC=Org1,DC=com") oDomainTarget.SetADLinkMap oDomainSource, "LDAP://OU=Houston,DC=Org1,DC=com", "LDAP://OU=Houston,OU=USA,DC=Test,DC=Org1,DC=com"
TargetDomainObject.SetADLinkMap(SourceDomainObject, "Source Domain OU Path", "Target Domain OU Path")
The following code allows you to map an AD Link from an OU in the source domain, MyDomain.Lab, to a target AD Link in an OU with the same name and path in MyTargetDomain.Lab.
public static void SetADLinkMap() { string sDomainSource = "FAGPR://DC=Org1,DC=Com"; string sDomainTarget = "FAGPR://DC=Test,DC=Org1,DC=com"; IfaGPRRoot oGPRroot = new faGPRRoot(); oGPRroot.ConnectTo("DRIVER={ODBC Driver 13 for SQL Server};SERVER="<SQL Server Instance Name>";Trusted_Connection=Yes;DATABASE=GPO_REPOSITORY;"); IfaGPRDomain2 oDomainSrc = oGPRroot.GetObject(sDomainSource); IfaGPRDomain2 oDomainTgt = oGPRroot.GetObject(sDomainTarget); oDomainTgt.SetADLinkMap(oDomainSrc, "LDAP://OU=Bolivia,DDC=Org1,DC=Com", "LDAP://OU=USA,DC=Test,DC=Org1,DC=com"); Console.WriteLine("AD Link mapped successfully"); Console.ReadKey(); }
Populates the AD Links in the target domain's map from source domain with default information by mapping each source AD Link to an OU with the same name/path in the target domain.
TargetDomainObject.SetDefaultADLinkMap SourceDomainObject
The following code allows you to map each AD Link from an OU in the source domain, Org1.com, to the corresponding target AD Link in the OU with the same name and path in Test.Org1.com.
Dim oGPRroot, oDomainSource, oDomainTarget Set oGPRroot = Wscript.CreateObject("faGPRRoot.faGPRRoot") oGPRroot.ConnectTo("DRIVER={ODBC Driver 13 for SQL Server};SERVER="<SQL Server Instance Name>";Trusted_Connection=Yes;DATABASE=GPO_REPOSITORY;") Set oDomainSource = oGPRroot.GetObject("FAGPR://DC=Org1,DC=com") Set oDomainTarget = oGPRroot.GetObject("FAGPR://DC=Test,DC=Org1,DC=com") oDomainTarget.SetDefaultADLinkMap oDomainSource
TargetDomainObject.SetDefaultADLinkMap(SourceDomainObject)
The following code allows you to map each AD Link from an OU in the source domain, MyDomain.Lab, to the corresponding target AD Link in the OU with the same name and path in MyTargetDomain.Lab.
public static void SetDefaultADLinkMap() { string sDomainSource = "FAGPR://DC=MYDOMAIN,DC=LAB"; string sDomainTarget = "FAGPR://DC=MYTARGETDOMAIN,DC=LAB"; IfaGPRRoot oGPRroot = new faGPRRoot(); oGPRroot.ConnectTo("Provider=SQLOLEDB.1;Integrated Security=SSPI;Initial Catalog=GPO_REPOSITORY;Data Source=GPA_SERVER;Use Procedure for Prepare=1;Auto Translate=True;Packet Size=4096;Workstation ID=GPA_SERVER;Use Encryption for Data=False;Tag with column collation when possible=False"); IfaGPRDomain2 oDomainSrc = oGPRroot.GetObject(sDomainSource); IfaGPRDomain2 oDomainTgt = oGPRroot.GetObject(sDomainTarget); oDomainTgt.SetDefaultADLinkMap(oDomainSrc); Console.WriteLine("Default AD Link Map was mapped successfully"); Console.ReadKey(); }
Updates the target domain map for the source domain (the map to target domain from source domain). For each user in the source domain's map, this operation adds a map entry from the source account to the target account with the same account name (if any).
TargetDomainObject.SetDefaultUserMap SourceDomainObject
The following code allows you to map each user account from the source domain, Org1.com, to the corresponding target account with the same name in Test.Org1.com.
Dim oGPRroot, oDomainSource, oDomainTarget Set oGPRroot = Wscript.CreateObject("faGPRRoot.faGPRRoot") oGPRroot.ConnectTo("DRIVER={ODBC Driver 13 for SQL Server};SERVER="<SQL Server Instance Name>";Trusted_Connection=Yes;DATABASE=GPO_REPOSITORY;") Set oDomainSource = oGPRroot.GetObject("FAGPR://DC=Org1,DC=com") Set oDomainTarget = oGPRroot.GetObject("FAGPR://DC=Test,DC=Org1,DC=com") oDomainTarget.SetDefaultUserMap oDomainSource
TargetDomainObject.SetDefaultUserMap(SourceDomainObject)
The following code allows you to map each user account from the source domain, MyDomain.Lab, to the corresponding target account with the same name and path in MyTargetDomain.Lab.
public static void SetDefaultUserMap() { string sDomainSource = "FAGPR://DC=MYDOMAIN,DC=LAB"; string sDomainTarget = "FAGPR://DC=MYTARGETDOMAIN,DC=LAB"; IfaGPRRoot oGPRroot = new faGPRRoot(); oGPRroot.ConnectTo("Provider=SQLOLEDB.1;Integrated Security=SSPI;Initial Catalog=GPO_REPOSITORY;Data Source=GPA_SERVER;Use Procedure for Prepare=1;Auto Translate=True;Packet Size=4096;Workstation ID=GPA_SERVER;Use Encryption for Data=False;Tag with column collation when possible=False"); IfaGPRDomain2 oDomainSrc = oGPRroot.GetObject(sDomainSource); IfaGPRDomain2 oDomainTgt = oGPRroot.GetObject(sDomainTarget); oDomainTgt.SetDefaultUserMap(oDomainSrc); Console.WriteLine("Default User Map successful"); Console.ReadKey(); }
Set domain controller context. This DC would be the one used for subsequent Active Directory Operations, such as exporting a GPO. It is not a mandatory command. If not specified, the system selects any available domain controller. You must run the Set Domain Controller script as a local administrator.
RootObject.SelectDomainDC "DomainName", "DCName"
The following code sets a domain controller context.
Dim oGPRroot, oCategory Set oGPRroot = Wscript.CreateObject("faGPRRoot.faGPRRoot") oGPRroot.ConnectTo("DRIVER={ODBC Driver 13 for SQL Server};SERVER="<SQL Server Instance Name>";Trusted_Connection=Yes;DATABASE=GPO_REPOSITORY;") oGPRroot.SelectDomainDC "RootDev2.Com","root2-ad-01.rootdev2.com"
RootObject.SelectDomainDC("DomainName", "DCName")
The following code sets a domain controller context.
public static void SetDomainController() { string sDomainSource = "MYDOMAIN.LAB"; string sDomainController = "MYDOMAINCONTROLLER.MYDOMAIN.LAB"; IfaGPRRoot oGPRroot = new faGPRRoot(); oGPRroot.ConnectTo("Provider=SQLOLEDB.1;Integrated Security=SSPI;Initial Catalog=GPO_REPOSITORY;Data Source=GPA_SERVER;Use Procedure for Prepare=1;Auto Translate=True;Packet Size=4096;Workstation ID=GPA_SERVER;Use Encryption for Data=False;Tag with column collation when possible=False"); oGPRroot.SelectDomainDC(sDomainSource, sDomainController); Console.WriteLine("Domain Controller was set correctly"); Console.ReadKey(); }
Sets mapping information for GPOs in the domain map. When you migrate GPOs from one domain to another domain, this method allows you map the source GPOs in one domain to the target GPOs in another domain.
TargetDomainObject.SetGPOMap SourceDomainObject, "Source_GPO_CN", "Target_GPO_CN"
The following code sets mapping information for GPOs in the domain map.
Dim oGPRroot, oDomainSource, oDomainTarget Set oGPRroot = WscriDRIVER={ODBC Driver 13 for SQL Server};SERVER="<SQL Server Instance Name>";Trusted_Connection=Yes;DATABASE=GPO_REPOSITORY;") Set oDomainSource = oGPRroot.GetObject("FAGPR://DC=NetIQLabs,DC=com") Set oDomainTarget = oGPRroot.GetObject("FAGPR://DC=Test,DC=NetIQLabs,DC=com") oDomainTarget.SetGPOMap oDomainSource, "{6E936ED3-00C8-4FE7-95A1- 803874AB7EA0}", "{8435AE6D-DED3-470C-B57C-66BB80B7DA8B}"
TargetDomainObject.SetGPOMap(SourceDomainObject, "Source_GPO_CN", "Target_GPO_CN")
The following code sets mapping information for GPOs in the domain map.
public static void SetGPOMap() { string sDomainSource = "FAGPR://DC=MYDOMAIN,DC=LAB"; string sDomainTarget = "FAGPR://DC=MYTARGETDOMAIN,DC=LAB"; IfaGPRRoot oGPRroot = new faGPRRoot(); oGPRroot.ConnectTo("Provider=SQLOLEDB.1;Integrated Security=SSPI;Initial Catalog=GPO_REPOSITORY;Data Source=GPA_SERVER;Use Procedure for Prepare=1;Auto Translate=True;Packet Size=4096;Workstation ID=GPA_SERVER;Use Encryption for Data=False;Tag with column collation when possible=False"); IfaGPRDomain2 oDomainSrc = oGPRroot.GetObject(sDomainSource); IfaGPRDomain2 oDomainTgt = oGPRroot.GetObject(sDomainTarget); oDomainTgt.SetGPOMap(oDomainSrc, "{C104C9C7-9355-4FEC-8824-22D7BF4797A9}", "{A71A3C86-53FD-43B3-AAB1-DC163CBC3EC9}"); Console.WriteLine("GPO was mapped successfully"); Console.ReadKey(); }
Adds an entry to the domain map.
TargetDomainObject.SetUserMap sourceDomainObject, "Source_Username", "Target_Username"
The following code allows you to map a user account from the source domain to a target account in the target domain.
Dim oGPRroot, oDomainSource, oDomainTarget Set oGPRroot = Wscript.CreateObject("faGPRRoot.faGPRRoot") oGPRroot.ConnectTo("DRIVER={ODBC Driver 13 for SQL Server};SERVER="<SQL Server Instance Name>";Trusted_Connection=Yes;DATABASE=GPO_REPOSITORY;") Set oDomainSource = oGPRroot.GetObject("FAGPR://DC=NetIQLabs,DC=com") Set oDomainTarget = oGPRroot.GetObject("FAGPR://DC=Test,DC=NetIQLabs,DC=com") oDomainTarget.SetUserMap oDomainSource ,"JSmith" ,"SmithJ"
TargetDomainObject.SetUserMap(sourceDomainObject, "Source_Username", "Target_Username")
The following code allows you to map a user account from the source domain to a target account in the target domain.
public static void SetUserMap() { string sDomainSource = "FAGPR://DC=MYDOMAIN,DC=LAB"; string sDomainTarget = "FAGPR://DC=MYTARGETDOMAIN,DC=LAB"; IfaGPRRoot oGPRroot = new faGPRRoot(); oGPRroot.ConnectTo("Provider=SQLOLEDB.1;Integrated Security=SSPI;Initial Catalog=GPO_REPOSITORY;Data Source=GPA_SERVER;Use Procedure for Prepare=1;Auto Translate=True;Packet Size=4096;Workstation ID=GPA_SERVER;Use Encryption for Data=False;Tag with column collation when possible=False"); IfaGPRDomain2 oDomainSrc = oGPRroot.GetObject(sDomainSource); IfaGPRDomain2 oDomainTgt = oGPRroot.GetObject(sDomainTarget); oDomainTgt.SetUserMap(oDomainSrc, "MYDOMAIN-LAB\JSmith", "MYTARGETDOMAIN-LAB\SmithJ"); Console.WriteLine("User account mapped successfully"); Console.ReadKey(); }
Merges the settings from two GPOs into a new GPO in the same domain.
DomainObject.MergeGpos SourceGPOs, TargetFAGPRPath, "TargetGPOName", DeleteSourceGPOsFlag
The following sample merges two GPOs and creates a new GPO in the specified category without deleting the source GPOs.
Dim arrSourceGpos, targetGPRPath, targetGPOName, oGPRroot, oDomain arrSourceGpos = Array("FAGPR://CN={9FCE1105-3661-404A-BB6D-0EAA8049BC93},CN=MYCAT,DC=MYDOMAIN,DC=LAB","FAGPR://CN={57DCB21E-30D0-4229-97B4-69F3B30E01BB},CN=MYCAT,DC=MYDOMAIN,DC=LAB") targetGPRPath = "FAGPR://CN=MYCAT, DC=MYDOMAIN,DC=LAB" targetGPOName = "MergedGPO" Set oGPRroot = Wscript.CreateObject("faGPRRoot.faGPRRoot") oGPRroot.ConnectTo("Provider=SQLOLEDB.1;Integrated Security=SSPI;Initial Catalog=GPO_REPOSITORY;Data Source=SQLSERVER;Use Procedure for Prepare=1;Auto Translate=True;Packet Size=4096;Workstation ID=GPACONSOLE;Use Encryption for Data=False;Tag with column collation when possible=False") Set oDomain = oGPRroot.GetObject("FAGPR://DC=MYDOMAIN,DC=LAB") Wscript.Echo "Ready to Merge GPOs" oDomain.MergeGpos arrSourceGpos, targetGPRPath, targetGPOName, false Wscript.Echo "Merge Successful"
DomainObject.MergeGpos(SourceGPOs, TargetFAGPRPath, TargetGPOName, DeleteSourceGPOsFlag)
The following sample merges two GPOs and creates a new GPO in the specified category.
public static void MergeGPOs () { try { IfaGPRRoot GprRoot = new faGPRRoot(); GprRoot.ConnectTo("Provider=SQLOLEDB.1;Integrated Security=SSPI;Initial Catalog=GPO_REPOSITORY;Data Source=SQLSERVER;Use Procedure for Prepare=1;Auto Translate=True;Packet Size=4096;Workstation ID=GPACONSOLE;Use Encryption for Data=False;Tag with column collation when possible=False"); IfaGPRDomain3 GprDomain = GprRoot.GetObject("FAGPR://DC=MYDOMAIN,DC=LAB"); List<string> sourceGpos = new List<string>(); sourceGpos.Add(("FAGPR://CN={9FCE1105-3661-404A-BB6D-0EAA8049BC93},CN=MYCAT,DC=MYDOMAIN,DC=LAB"); sourceGpos.Add("FAGPR://CN={57DCB21E-30D0-4229-97B4-69F3B30E01BB},CN=MYCAT,DC=MYDOMAIN,DC=LAB"); string targetGPRPath = "FAGPR://CN=MYCAT, DC=MYDOMAIN,DC=LAB"; string targetGPOName = "MergedGPO"; List<string> sourceGposToDelete = new List<string>(); Console.WriteLine("Ready to Merge GPOs"); GprDomain.MergeGpos(sourceGpos, targetGPRPath, targetGPOName, false); Console.WriteLine("Merge Successful"); } catch (Exception ex) { string msg = ex.Message; Console.WriteLine(msg); } Console.ReadLine() }