Building a report
Don’t forget you need the GroupPolicy module installed. That will come from RSAT.
set a variable to capture all GPO info
$GPOs = Get-GPO -All
Use this to get the access rights
$ACLs = Get-GPPermission -Guid $GPO.Id -All
Script from Easy365Manager – another most excellent site
# Set up output file
$File = "GPO_Delegation.txt"
"Name;GUID;ID;Rights;Type;Owner" | Out-File $File
# Import GPO module
Import-Module GroupPolicy
# Get all GPO's in the domain
$GPOs = Get-GPO -All
$Result = @()
ForEach($GPO In $GPOs){
# Get ACL of GPO
$ACLs = Get-GPPermission -Guid $GPO.Id -All
ForEach($ACL in $ACLs){
# Objectify the result for easier handling
$Properties = @{
ACL = $ACL
GPO = $GPO
}
$Result += New-Object psobject -Property $Properties
}
}
ForEach ($Item In $Result){
$Output = $Item.GPO.DisplayName + ";" + $Item.GPO.Id + ";" + $Item.ACL.Trustee.Name + ";" + $Item.ACL.Permission + ";" + $Item.ACL.Trustee.SidType + ";" + $Item.GPO.Owner
$Output | Out-File $File -Append
Write-Host $Output
}