After you have used GPA to back up a GPO, you have several ways to return the GPO to the Active Directory environment:
Use the Restore feature, in which you can restore GPO settings, Active Directory links, and security settings individually or all together.
Use the Import feature, in which you can import only the GPO settings of a backed up GPO into an existing GPO.
The key difference between these two methods is that importing a GPO requires that another GPO already exist, whereas restoring a GPO does not require that another GPO be present in the Active Directory environment.
To write a Visual Basic script or method for importing backed up policies:
In Notepad, create the following script:
dim x , a
set x = CreateObject("GPExplorer.PolicyManager.1")
REM ***** RestorePolicy(GPO LDAP path, Backup folder path,
REM ***** Domain, DestDC, options)
x.RestorePolicy "LDAP://DomainController/CN={ImportGUID},CN=Policies,CN=System,DC=Domain","BackupFolder\{BackupGUID}","Domain","DomainController", Options
set x = nothing
or
Create the following C# method:
public static void Import()
{
string sGPOPath = "LDAP://DomainController/CN={ImportGUID},CN=Policies,CN=System,DC=Domain";
string sPath = "BackupFolder/{BackupGUID}";
string sDomainController = "DomainController";
string sDomain = "Domain";
long sReserved = 0;
IfaExplorerRoot oEXPRroot = new PolicyManager();
oEXPRroot.RestorePolicy(sGPOPath, sPath, sDomain, sDomainController, sReserved);
Console.WriteLine("GPO imported successfully");
Console.ReadKey();
}Modify the variables as follows:
Type the name of the primary domain controller of the domain. Provide the full computer name, which has the actual computer name along with the domain to which it belongs. You can find the full name on the Network Identification tab of the Property page of My Computer.
Type the GUID number that corresponds to the GPO into which you want to import the backed up GPO.
Type the name of the domain to which the GPO belongs.
Type the path and the name of the backup folder from which you are going to import the GPO.
Type the GUID number that corresponds to the GPO you want to import.
Specify 0.
When you are finished, your script should look similar to the following example:
REM ****** Import (use RestorePolicy) ************************
dim x , a
set x = CreateObject("GPExplorer.PolicyManager.1")
REM ***** RestorePolicy(GPO LDAP path, Backup folder path,
REM ***** Domain, DestDC, options)
x.RestorePolicy "LDAP://chld-dc-01.chld.prnt.net/CN={FC53832A-7AB2-4100-A971-C3AEB48A645D},CN=Policies,CN=System,DC=CHLD,DC=PRNT,DC=net", "C:\GPO Backups\{79ED2956-3F25-43B4-AD8C-513CB850731A}", "chld.prnt.net","chld-dc-01.chld.prnt.net",0
set x = nothing
Wscript.Echo "Import Completed"
REM ********************************************************
or
Your method should look similar to the following example:
public static void Import()
{
string sGPOPath = "LDAP://MYDOMAIN.LAB/CN={04835D24-7FAC-4B7B-B677-419E598593B0},CN=Policies,CN=System,DC=MYDOMAIN,DC=LAB";
string sPath = "C://Folder/{AA968F38-B89D-4688-B766-4B7A4D5CD5C2}/";
string sDomainController = "MYDOMAINCONTROLLER.MYDOMAIN.LAB";
string sDomain = "MYDOMAIN.LAB";
long sReserved = 0;
IfaExplorerRoot oEXPRroot = new PolicyManager();
oEXPRroot.RestorePolicy(sGPOPath, sPath, sDomain, sDomainController, sReserved);
Console.WriteLine("GPO imported successfully");
Console.ReadKey();
}To import multiple GPOs, copy the x.RestorePolicy line, for Visual Basic scripts, or the sGPOPath line, for C# methods, as many times as necessary, modifying only the ImportGUID and BackupGUID.
Save the file with any suitable name, and an extension of .vbs for Visual Basic scripts, to the location of your choice (for example, importGPOs.vbs), or compile the solution, then execute the executable build.