The following sections provide the scriptable operations that can be carried out on the domain object.
Run the NQCreateOfflinePolicyContainerHierarchy.exe file to create a temporary copy of the settings information of all GPOs in the GP Repository. GPA automatically creates the offline policy container hierarchy when you add domains to the GP Repository. This only works for domains that have a trust relationship with the repository member domain.
To run the NQCreateOfflinePolicyContainerHierarchy.exe file, you should have Domain Admin permissions in the domain for which you want to create the offline policy container hierarchy.
The NQCreateOfflinePolicyContainerHierarchy.exe file displays a status report in the command prompt window as it runs. After execution, the NQCreateOfflinePolicyContainerHierarchy.exe file creates a log that lists the domains it successfully recreated and those domains it failed to recreate. The log displays the “ATTENTION REQUIRED” text next to the domain name of any domain the tool failed to recreate.
NQCreateOfflinePolicyContainerHierarchy /D:Domain_DNS_Name /S:Repository_Server /DB:DatabaseName
The following table describes the command-line parameters and variables.
|
Variable Name |
Replace With |
|---|---|
|
/D: Domain_DNS_Name |
DNS name of the evaluation domain, such as abc.xyz. If you specify the domain name, then GPA creates the offline policy container hierarchy for only that domain. If you do not specify the domain name, then GPA creates an offline policy container hierarchy for each domain in the GP Repository (optional). |
|
/S: Repository_Server |
Name of the Microsoft SQL Server where you have installed the GP Repository. The default value, period (.), indicates the local Microsoft SQL Server. |
|
/DB: DatabaseName |
Name of the GP Repository database. The default value of the GP Repository database name is GPO_REPOSITORY. If the database name is different, specify the correct database name (optional, if you specify the domain name). |
|
/? |
Command-line Help for the tool. |
NQCreateOfflinePolicyContainerHierarchy /D:ABC.com /S:ABCSQLServer /DB:ABCDatabaseName
Create a new category.
New-GPRCategory [-FAGPRPath] <String> [-Name] <String>
|
Parameter |
Value |
|---|---|
|
FAGPRPath |
The FAGPRPath of the new category. |
|
Name |
The name of the new category. |
The following sample creates a child category named “NewCategory” under the parent category “Desktop”.
NOTE:Before executing this cmdlet, run Set-GPRConnection to establish a connection to the GPA Repository database. See the PowerShell cmdlet sample for more information.
PS C:\>New-GPRCategory -FAGPRPath "FAGPR://CN=Desktop,DC=NetIQLabs,DC=com" -Name "NewCategory"
The following sample creates a Domain-level category named “NewCategory” on the domain “NetIQLabs.com”.
NOTE:Before executing this cmdlet, run Set-GPRConnection to establish a connection to the GPA Repository database. See the PowerShell cmdlet sample for more information.
PS C:\>New-GPRCategory -FAGPRPath "FAGPR://DC=NetIQLabs,DC=com" -Name "NewCategory"
Updates the target domain map for the source domain (the map to target domain from source domain). For each user in the source domain's map, this operation adds a map entry from the source account to the target account with the same account name (if any).
Set-GPRDefaultUserMap [-SourceDomain] <String> [-TargetDomain] <String>
|
Parameter |
Value |
|---|---|
|
SourceDomain |
The FAGPR path of the source domain. |
|
TargetDomain |
The FAGPR path of the target domain. |
The following sample maps each user account from the source domain, Org1.com, to the corresponding target account with the same name in Test.Org1.com.
PS C:\>Set-DefaultUserMap -SourceDomain "FAGPR://DC=Org1,DC=com" -TargetDomain "FAGPR://DC=Test,DC=Org1,DC=com"
Merges the settings from two GPOs into a new GPO in the same domain.
Merge-GPRGpo [-SourceFAGPRPath] <String[]> [-TargetFAGPRPath] <String> [[-TargetGPOName] <String>] [[DeleteAllSource] <SwitchParameter>]
|
Parameter |
Value |
|---|---|
|
SourceFAGPRPath |
The FAGPR paths of the source GPOs. |
|
TargetFAGPRPath |
The target category path where the new merged GPO will be created. |
|
TargetGPOName |
The name of the new GPO. |
|
DeleteAllSource (optional) |
Indicates whether to delete the source GPOs after the merge. You don't have to specify a value with this parameter. |
NOTE:Before executing this cmdlet, run Set-GPRConnection to establish a connection to the GPA Repository database. See the PowerShell cmdlet sample for more information.
The following sample merges two GPOs and creates a new GPO in the specified category.
PS C:\>Merge-GPRGpo -SourceFAGPRPath ("FAGPR://CN={6BE2D70A-46B5-4287-A88F-8C31C2E73586}, CN=cat, DC=gpdom150,DC=lab","FAGPR://CN={8674177A-6A00-4F89-8CDD-1C075E137572}, CN=cat, DC=gpdom150,DC=lab") -TargetFAGPRPath "FAGPR://CN=cat, DC=gpdom150,DC=lab" -TargetGPOName "MergedGPO1"
NOTE:Before executing this cmdlet, run Set-GPRConnection to establish a connection to the GPA Repository database. See the PowerShell cmdlet sample for more information.
The following sample merges two GPOs and creates a new GPO in the specified category. The example also deletes the source GPOs.
PS C:\>Merge-GPRGpo -SourceFAGPRPath ("FAGPR://CN={6BE2D70A-46B5-4287-A88F-8C31C2E73586}, CN=cat,DC=gpdom150,DC=lab","FAGPR://CN={8674177A-6A00-4F89-8CDD-1C075E137572}, CN=cat, DC=gpdom150,DC=lab") -TargetFAGPRPath "FAGPR://CN=cat, DC=gpdom150,DC=lab" -TargetGPOName "MergedGPO1" -DeleteAllSource
NOTE:Before executing this cmdlet, run Set-GPRConnection to establish a connection to the GPA Repository database. See the PowerShell cmdlet sample for more information.
The following sample merges two GPOs and creates a new GPO, overwriting one of the source GPOs.
PS C:\>Merge-GPRGpo -SourceFAGPRPath ("FAGPR://CN={6BE2D70A-46B5-4287-A88F-8C31C2E73586}, CN=cat,DC=gpdom150,DC=lab","FAGPR://CN={8674177A-6A00-4F89-8CDD-1C075E137572}, CN=cat, DC=gpdom150,DC=lab") -TargetFAGPRPath "FAGPR://CN={6BE2D70A-46B5-4287-A88F-8C31C2E73586}, CN=cat, DC=gpdom150,DC=lab"