I have to modifiy the gPCMachineExtensionNames Attribute string from a group policy in active directory with powershell. For this, I first want to read the existing string, modify this and replace the old with the modified.
The attribute is defined in the policy container under: CN={POLICY GUID}, CN=Policies, CN=System, DC=[DOMAIN], DC=[COM]
When I browse the attribute with ADSI Edit, the value of the gPCMachineExtensionNames is correctly shown as [{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}]
I try to pick out the value with ldap query:
'(objectClass=groupPolicyContainer)'
([adsisearcher]'(objectCategory=groupPolicyContainer)').FindAll() | ForEach-Object {
New-Object -TypeName PSCustomObject -Property @{
abc = $_.Properties.gPCMachineExtensionNames -join ''
}
}
But the result is emtpy. I can only query other attributes like name, cn, USNCreated, displayname,.. There are displayed correctly. Why it's not possible to return the value of the attribute gPCMachineExtensionNames?
Can I make another LDAP Query or is there another method to query or modify the attribute on Windows Server 2008 R2?
Thanks for your support!
Check the case of the name:
$allGPOs = ([adsisearcher]'(objectCategory=groupPolicyContainer)').FindAll()
# this returns nothing
$allGPOs | % { $_.Properties.gPCmachineExtensionNames }
# this returns what you expect
$allGPOs | % { $_.Properties.gpcmachineextensionnames }
$allGPOs | ForEach-Object {
New-Object -TypeName PSCustomObject -Property @{
abc = $_.Properties.gpcmachineextensionnames -join ''
}
}
I'm making an assumption here that as $allGPOs.GetType() is SearchResultCollection, and $allGPOs[0].Properties.GetType() is SearchResultCollection, they behave slightly different than "regular" name/value pairs.