C# linking group policy in AD

问题:

How do I set group policies in AD? I'm able to create my OU but i also need to attach group policy linking to it. So this is what i have so far.

 string strOU = "OU=test454545,OU=Clients,OU=Clients,DC=domain,DC=net";         GPMGMTLib.GPM gpm = new GPMGMTLib.GPM();         GPMGMTLib.GPMConstants gpc = gpm.GetConstants();         GPMGMTLib.GPMDomain gpd = gpm.GetDomain(Environment.GetEnvironmentVariable("USERDNSDOMAIN"), "", gpc.UseAnyDC);           GPMGMTLib.GPMSOM gpSom = gpd.GetSOM(strOU);          GPMGMTLib.GPMGPO gpo = gpd.CreateGPO();         gpo.DisplayName  = "TestOutCome";         gpSom.CreateGPOLink(-1,gpo); 

This still doesn't create the GPO link, but all i want to do is link an existing GPO, anyt thoughts? And thanks for the help.

Okay getting closer, this just created a policy doesn't actually link an existing one...

 string strGPO = "Default Security with web access";         string strOU = "OU=test454545,OU=Clients,OU=Clients,DC=domain,DC=net";         GPMGMTLib.GPM gpm = new GPMGMTLib.GPM();         GPMGMTLib.GPMConstants gpc = gpm.GetConstants();         GPMGMTLib.GPMDomain gpd = gpm.GetDomain(Environment.GetEnvironmentVariable("USERDNSDOMAIN"), "", gpc.UseAnyDC);         GPMGMTLib.GPMSearchCriteria searchOBJ = gpm.CreateSearchCriteria();         searchOBJ.Add(gpc.SearchPropertyGPODisplayName, gpc.SearchOpEquals, strGPO);         GPMGMTLib.GPMGPOCollection objGPOlist = gpd.SearchGPOs(searchOBJ);         GPMGMTLib.GPMSOM gpSom = gpd.GetSOM(strOU);         GPMGMTLib.GPMGPO gpo = gpd.CreateGPO();         gpSom.CreateGPOLink(-1,gpo); 

Update and WORKING:

This is for linking existing GPO's to OU's using C#
1) install http://www.microsoft.com/downloads/en/confirmation.aspx?FamilyID=0a6d4c24-8cbd-4b35-9272-dd3cbfc81887
2) Reference gpmgmt.dll (found in the install directory)
3) You might have to install .Net 1.1
4) Add References to VS
5) add using GPMGMTLib; using GPOADMINLib; to project

            string strGPO = "Default Security with web access";         string strOU = "OU=test454545,OU=Clients,OU=clients,DC=domainh,DC=net";         GPMGMTLib.GPM gpm = new GPMGMTLib.GPM();         GPMGMTLib.GPMConstants gpc = gpm.GetConstants();         GPMGMTLib.GPMDomain gpd = gpm.GetDomain(Environment.GetEnvironmentVariable("USERDNSDOMAIN"), "", gpc.UseAnyDC);         GPMGMTLib.GPMSearchCriteria searchOBJ = gpm.CreateSearchCriteria();         searchOBJ.Add(gpc.SearchPropertyGPODisplayName, gpc.SearchOpEquals, strGPO);         GPMGMTLib.GPMGPOCollection objGPOlist = gpd.SearchGPOs(searchOBJ);         GPMGMTLib.GPMSOM gpSom = gpd.GetSOM(strOU);         GPMGMTLib.GPMGPO gpo = gpd.CreateGPO();         gpSom.CreateGPOLink(-1,objGPOlist[1]); 

回答1:

Take a look at this link

It contains a lot of sample scripts, you will need to add a reference (COM) to GPO Admin 1.0 Type Library from GPOAdmin.dll.

There is a similar issue discussed here with a sample script in C#

EDIT:

Reference gpmgmt.dll as COM interop and use the code as below:

Public Function CreateAndLinkGPO(ByVal strDomain As String, ByVal strOU As String, ByVal strGPOName As String)     Dim gpm As New GPM()     Dim gpmConst As GPMConstants = gpm.GetConstants()     Dim domain As GPMDomain = gpm.GetDomain(strDomain, "", gpmConst.UseAnyDC)     Dim som As GPMSOM = domain.GetSOM(strOU)      'create new GPO     Dim gpo As GPMGPO = domain.CreateGPO()     gpo.DisplayName = strGPOName       'create link to OU     som.CreateGPOLink(-1, gpo)      CreateAndLinkGPO = gpo End Function 

This is in VB.NET, but can be easily ported to C# posted by a MSFT poster from here. I think the key is .CreateGPOLink, GPMSOM is your OU (Retrieves the IGPMSOM interface that represents the domain or the organizational unit (OU) at the specified path.)

回答2:

I was looking for a way to simply list the GPOs that are linked to a particular OU, this thread helped me tremendously. I have the following sub to share. It doesn't list the names of the GPOs but returns the count. A minor mod will allow you to get the names (check out the properties of GPOLink in the foreach loop). You will need to have the GPMC installed and the gpmgmt.dll added as a project reference.

 private string getGPOLinkCount(string OUPathDN, bool onlyEnabledLinks, bool includeInheritedLinks)     {         int linkCount = 0;          try         {             GPMGMTLib.GPM gpm = new GPMGMTLib.GPM();             GPMGMTLib.IGPMConstants gpc = gpm.GetConstants();             GPMGMTLib.IGPMDomain gpd = gpm.GetDomain(Environment.GetEnvironmentVariable("USERDNSDOMAIN"), "", gpc.UseAnyDC);              GPMGMTLib.GPMSOM gpSom = gpd.GetSOM(OUPathDN);              GPMGPOLinksCollection GPOLinks = gpSom.GetGPOLinks();             GPMGPOLinksCollection GPOLinksIncludingInherited = gpSom.GetInheritedGPOLinks();               if (!includeInheritedLinks)             {                 foreach (GPMGPOLink GPOLink in GPOLinks)                 {                     if (onlyEnabledLinks)                     {                         if (GPOLink.Enabled)                         {                             linkCount++;                         }                     }                     if (!onlyEnabledLinks) //Get all links, disabled or enabled                     {                         linkCount++;                     }                 }                                }              if (includeInheritedLinks)             {                 foreach (GPMGPOLink GPOLink in GPOLinksIncludingInherited)                 {                     if (onlyEnabledLinks)                     {                         if (GPOLink.Enabled)                         {                             linkCount++;                         }                     }                     if (!onlyEnabledLinks) //Get all links, disabled or enabled                     {                         linkCount++;                     }                 }             }         }         catch (Exception ex)         {             return "GPO links: " + ex.Message.Replace("\r\n", "");         }          return linkCount.ToString();                 } 

文章来源: C# linking group policy in AD