Share via


Import-GPO

Import-GPO

Imports the Group Policy settings from a backed-up GPO into a specified GPO.

Syntax

Import-GPO -BackupId <Guid> [-TargetGuid <Guid>] [-TargetName <string>] -Domain <string> [-CreateIfNeeded] [-MigrationTable <string>] [-Path <string>] [-Server <string>] [<CommonParameters>]


Import-GPO [-BackupGpoName <string>] [-TargetGuid <Guid>] [-TargetName <string>] -Domain <string> [-CreateIfNeeded] [-MigrationTable <string>] [-Path <string>] [-Server <string>] [<CommonParameters>]


Import-GPO -BackupId <Guid> [-TargetGuid <Guid>] -Domain <string> [-CreateIfNeeded] [-MigrationTable <string>] [-Path <string>] [-Server <string>] [<CommonParameters>]


Import-GPO [-TargetName <string>] -Domain <string> [-CreateIfNeeded] [-MigrationTable <string>] [-Path <string>] [-Server <string>] [<CommonParameters>]

Detailed Description

The Import-GPO cmdlet imports the settings from a GPO backup into a specified target GPO. The target GPO can be in a different domain or forest than that from which the backup was made and it does not have to exist prior to the operation.

Use the Path parameter to specify the location of the backup and then use the BackupGpoName parameter to specify the GPO name of the backup to use, or the BackupId parameter to specify the backup ID (GUID) of the backup to use.

Note that if you specify a GPO name, the cmdlet imports the most recent backup. To import an earlier version of a GPO backup, you must use the BackupID parameter to specify the unique backup ID for the particular version. This is the GUID that uniquely identifies the backup within its backup directory.

Use the TargetName parameter or the TargetGuid parameter to specify the target GPO into which the settings should be imported. Use the optional MigrationTable parameter to map security principals and UNC paths across domains. Use the CreateIfNeeded parameter to create a new GPO if the specified target GPO does not exist.

Parameters

-BackupGpoName <string>

Specifies the display name of the backed-up GPO from which to import the settings. The most recent backup of the GPO is used. You can use the BackupId parameter to specify a particular version to use when multiple backups of the same GPO exist in the backup directory.

You can also refer to the BackupGpoName parameter by its built-in alias, "displayname". For more information, see about_Aliases.

Attributes

Name Value

Required?

false

Accept wildcard characters?

false

Accept Pipeline Input?

false

Position?

named

-BackupId <Guid>

Specifies the backup ID of a GPO backup. The backup ID is a globally unique identifier (GUID) that uniquely identifies the backup. You can use this parameter to specify a particular version of a backed-up GPO in the backup directory.

Note: The backup ID is different from the ID of the GPO that was backed up.

You can also refer to the BackupId parameter by its built-in alias, "id". For more information, see about_Aliases.

Attributes

Name Value

Required?

true

Accept wildcard characters?

false

Accept Pipeline Input?

false

Position?

named

-CreateIfNeeded <SwitchParameter>

Specifies that a new GPO is created from the backup if the specified target GPO does not exist.

Attributes

Name Value

Required?

false

Accept wildcard characters?

false

Accept Pipeline Input?

false

Position?

named

-Domain <string>

Specifies the domain for this cmdlet. You must specify the fully qualified domain name (FQDN) of the domain (for example: sales.contoso.com).

For the Import-GPO cmdlet, this is the domain into which you want to import the GPO.

If you do not specify the Domain parameter, the domain of the user that is running the current session is used. (If the cmdlet is being executed from a computer startup or shutdown script, the domain of the computer is used.) For more information, see the Notes section in the full Help.

If you specify a domain that is different from the domain of the user that is running the current session (or, for a startup or shutdown script, the computer), a trust must exist between that domain and the domain of the user (or the computer).

You can also refer to the Domain parameter by its built-in alias, "domainname". For more information, see about_Aliases.

Attributes

Name Value

Required?

true

Accept wildcard characters?

false

Accept Pipeline Input?

true (ByPropertyName)

Position?

named

-MigrationTable <string>

Specifies the path to a migration table file. You can use a migration table to map security principals and UNC paths across domains.

Attributes

Name Value

Required?

false

Accept wildcard characters?

false

Accept Pipeline Input?

false

Position?

named

-Path <string>

Specifies the path to the backup directory.

You can also refer to the Path parameter by its built-in aliases: "backuplocation" or "backupdirectory". For more information, see about_Aliases.

Attributes

Name Value

Required?

false

Accept wildcard characters?

false

Accept Pipeline Input?

false

Position?

named

-Server <string>

Specifies the name of the domain controller that this cmdlet contacts to complete the operation. You can specify either the fully qualified domain name (FQDN) or the host name. For example:

FQDN: DomainController1.sales.contoso.com
Host Name: DomainController1

If you do not specify the name by using the Server parameter, the PDC emulator is contacted.

You can also refer to the Server parameter by its built-in alias, "dc". For more information, see about_Aliases.

Attributes

Name Value

Required?

false

Accept wildcard characters?

false

Accept Pipeline Input?

false

Position?

named

-TargetGuid <Guid>

Specifies the GUID of the GPO into which the settings are to be imported. Use the CreateIfNeeded switch to force the GPO to be created if it does not already exist in the domain.

You must specify either the TargetGuid parameter or the TargetName parameter.

Attributes

Name Value

Required?

false

Accept wildcard characters?

false

Accept Pipeline Input?

false

Position?

named

-TargetName <string>

Specifies the display name of the GPO into which the settings are to be imported. Use the CreateIfNeeded switch to force the GPO to be created if it does not already exist in the domain.

You must specify either the TargetGuid parameter or the TargetName parameter.

Attributes

Name Value

Required?

false

Accept wildcard characters?

false

Accept Pipeline Input?

false

Position?

named

-CommonParameter

This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer, and -OutVariable. For more information, see About Common Parameter

Input and Return Types

The input type is the type of the objects that you can pipe to the cmdlet. The return type is the type of the objects that the cmdlet emits.

Input Type

Microsoft.GroupPolicy.GpoBackup. An object that represents a GPO backup on the file system.

Return Type

Microsoft.GroupPolicy.Gpo. Import-GPO returns an object that represents the GPO after the settings have been imported.

Notes

  • You can use the Import-GPO to copy settings from a GPO backup in one domain to the same domain or another domain in the same or different forest.

    You can use the Domain parameter to explicitly specify the domain for this cmdlet.

    If you do not explicitly specify the domain, the cmdlet uses a default domain. The default domain is the domain that is used to access network resources by the security context under which the current session is running. This domain is typically the domain of the user that is running the session. For example, the domain of the user who started the session by opening Windows PowerShell from the Program Files menu, or the domain of a user that is specified in a runas command. However, computer startup and shutdown scripts execute under the context of the LocalSystem account. The LocalSystem account is a built-in local account, and it accesses network resources under the context of the computer account. Therefore, when this cmdlet is executed from a startup or shutdown script, the default domain is the domain to which the computer is joined.

Examples

EXAMPLE 1

C:\PS>

import-gpo -BackupGpoName TestGPO -TargetName TestGPO -path c:\backups



DisplayName      : TestGPO

DomainName       : contoso.com

Owner            : CONTOSO\Domain Admins

Id               : 87d38d82-cc2d-4bf7-ad9f-4083a60316eb

GpoStatus        : AllSettingsEnabled

Description      :

CreationTime     : 3/3/2009 1:03:28 PM

ModificationTime : 3/6/2009 5:03:29 PM

UserVersion      : AD Version: 9, SysVol Version: 9

ComputerVersion  : AD Version: 5, SysVol Version: 5

WmiFilter        :

                        

Description

-----------

This command imports the settings from the most recent backup of the GPO named TestGPO in the c:\backups directory into a GPO of the same name in the current domain. If a GPO named TestGPO does not exist in the current domain, the command fails because the CreateIfNeeded parameter is not specified.

EXAMPLE 2

C:\PS>

import-gpo -BackupId A491D730-F3ED-464C-B8C9-F50562C536AA -TargetName TestGPO -path c:\backups -CreateIfNeeded



DisplayName      : TestGPO

DomainName       : contoso.com

Owner            : CONTOSO\Domain Admins

Id               : 87d38d82-cc2d-4bf7-ad9f-4083a60316eb

GpoStatus        : AllSettingsEnabled

Description      :

CreationTime     : 3/3/2009 1:03:28 PM

ModificationTime : 3/6/2009 5:11:49 PM

UserVersion      : AD Version: 10, SysVol Version: 10

ComputerVersion  : AD Version: 6, SysVol Version: 6

WmiFilter        :

                        

Description

-----------

This command imports the settings from the specified backup in the c:\backups directory into a GPO that is named TestGPO in the current domain. The BackupId parameter is used to specify the GUID of the GPO backup to use. Because the CreateIfNeeded parameter is specified, if a GPO named TestGPO does not exist in the current domain, one is created before the settings are imported.

EXAMPLE 3

C:\PS>

Import-GPO -BackupGpoName TestGPO -Path D:\Backups -TargetName NewTestGPO -MigrationTable D:\Tables\Migtable1.mitable -CreateIfNeeded



DisplayName      : NewTestGPO

DomainName       : contoso.com

Owner            : CONTOSO\Domain Admins

Id               : 87d38d82-cc2d-4bf7-ad9f-4083a60316eb

GpoStatus        : AllSettingsEnabled

Description      :

CreationTime     : 3/3/2009 1:03:28 PM

ModificationTime : 3/6/2009 5:11:49 PM

UserVersion      : AD Version: 1, SysVol Version: 1

ComputerVersion  : AD Version: 1, SysVol Version: 1

WmiFilter        :

                        

Description

-----------

This command imports the settings from the most recent backup of the GPO named TestGPO from the d:\backups directory to a GPO named NewTestGPO in the current domain. The specified migration table is used to migrate security principals and UNC paths to the new GPO. Because the CreateIfNeeded parameter is specified, the GPO is created if it does not already exist.

See Also

Reference

Backup-GPO
Restore-GPO