Import-GPO

Import-GPO

Imports the Group Policy settings from a backed-up GPO into a specified GPO.

Syntax

Parameter Set: ImportGUID
Import-GPO -BackupId <Guid> -Path <String> [-CreateIfNeeded] [-Domain <String> ] [-MigrationTable <String> ] [-Server <String> ] [-TargetGuid <Guid> ] [-TargetName <String> ] [-Confirm] [-WhatIf] [ <CommonParameters>]

Parameter Set: ImportName
Import-GPO -BackupGpoName <String> -Path <String> [-CreateIfNeeded] [-Domain <String> ] [-MigrationTable <String> ] [-Server <String> ] [-TargetGuid <Guid> ] [-TargetName <String> ] [-Confirm] [-WhatIf] [ <CommonParameters>]

Detailed Description

The Import-GPO cmdlet imports the settings from a GPO backup into a specified target GPO. The target GPO can be in a different domain or forest than that from which the backup was made and it does not have to exist prior to the operation.

Use the Path parameter to specify the location of the backup and then use the BackupGpoName parameter to specify the GPO name of the backup to use, or the BackupId parameter to specify the backup ID (GUID) of the backup to use.

Note that if you specify a GPO name, the cmdlet imports the most recent backup. To import an earlier version of a GPO backup, you must use the BackupID parameter to specify the unique backup ID for the particular version. This is the GUID that uniquely identifies the backup within its backup directory.

Use the TargetName parameter or the TargetGuid parameter to specify the target GPO into which the settings should be imported. Use the optional MigrationTable parameter to map security principals and UNC paths across domains. Use the CreateIfNeeded parameter to create a new GPO if the specified target GPO does not exist.

Parameters

-BackupGpoName<String>

Specifies the display name of the backed-up GPO from which to import the settings. The most recent backup of the GPO is used. You can use the BackupId parameter to specify a particular version to use when multiple backups of the same GPO exist in the backup directory.

You can also refer to the BackupGpoName parameter by its built-in alias, "displayname". For more information, see about_Aliases.

Aliases

displayname

Required?

true

Position?

named

Default Value

none

Accept Pipeline Input?

true (ByValue, ByPropertyName)

Accept Wildcard Characters?

false

-BackupId<Guid>

Specifies the backup ID of a GPO backup. The backup ID is a globally unique identifier (GUID) that uniquely identifies the backup. You can use this parameter to specify a particular version of a backed-up GPO in the backup directory.

Note: The backup ID is different from the ID of the GPO that was backed up.

You can also refer to the BackupId parameter by its built-in alias, "id". For more information, see about_Aliases.

Aliases

id

Required?

true

Position?

named

Default Value

none

Accept Pipeline Input?

true (ByPropertyName)

Accept Wildcard Characters?

false

-CreateIfNeeded

Specifies that a new GPO is created from the backup if the specified target GPO does not exist.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-Domain<String>

Specifies the domain for this cmdlet. You must specify the fully qualified domain name (FQDN) of the domain (for example: sales.contoso.com).

For the Import-GPO cmdlet, this is the domain into which you want to import the GPO.

If you do not specify the Domain parameter, the domain of the user that is running the current session is used. (If the cmdlet is being run from a computer startup or shutdown script, the domain of the computer is used.) For more information, see the Notes section in the full Help.

If you specify a domain that is different from the domain of the user that is running the current session (or, for a startup or shutdown script, the computer), a trust must exist between that domain and the domain of the user (or the computer).

You can also refer to the Domain parameter by its built-in alias, "domainname". For more information, see about_Aliases.

Aliases

domainname

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

true (ByPropertyName)

Accept Wildcard Characters?

false

-MigrationTable<String>

Specifies the path to a migration table file. You can use a migration table to map security principals and UNC paths across domains.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-Path<String>

Specifies the path to the backup directory.

You can also refer to the Path parameter by its built-in aliases: "backuplocation" or "backupdirectory". For more information, see about_Aliases.

Aliases

backuplocation

Required?

true

Position?

named

Default Value

none

Accept Pipeline Input?

true (ByPropertyName)

Accept Wildcard Characters?

false

-Server<String>

Specifies the name of the domain controller that this cmdlet contacts to complete the operation. You can specify either the fully qualified domain name (FQDN) or the host name. For example:

FQDN: DomainController1.sales.contoso.com

Host Name: DomainController1

If you do not specify the name by using the Server parameter, the PDC emulator is contacted.

You can also refer to the Server parameter by its built-in alias, "dc". For more information, see about_Aliases.

Aliases

dc

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-TargetGuid<Guid>

Specifies the GUID of the GPO into which the settings are to be imported. Use the CreateIfNeeded switch to force the GPO to be created if it does not already exist in the domain.

You must specify either the TargetGuid parameter or the TargetName parameter.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-TargetName<String>

Specifies the display name of the GPO into which the settings are to be imported. Use the CreateIfNeeded switch to force the GPO to be created if it does not already exist in the domain.

You must specify either the TargetGuid parameter or the TargetName parameter.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-Confirm

Prompts you for confirmation before running the cmdlet.

Required?

false

Position?

named

Default Value

false

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Required?

false

Position?

named

Default Value

false

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

<CommonParameters>

This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer, and -OutVariable. For more information, see    about_CommonParameters (https://go.microsoft.com/fwlink/p/?LinkID=113216).

Inputs

The input type is the type of the objects that you can pipe to the cmdlet.

  • Microsoft.GroupPolicy.GpoBackup

    An object that represents a GPO backup on the file system.

Outputs

The output type is the type of the objects that the cmdlet emits.

  • Microsoft.GroupPolicy.Gpo

    Import-GPO returns an object that represents the GPO after the settings have been imported.

Notes

  • You can use the Import-GPO to copy settings from a GPO backup in one domain to the same domain or another domain in the same or different forest.

    You can use the Domain parameter to explicitly specify the domain for this cmdlet.

    If you do not explicitly specify the domain, the cmdlet uses a default domain. The default domain is the domain that is used to access network resources by the security context under which the current session is running. This domain is typically the domain of the user that is running the session for example, the domain of the user who started the session by opening Windows PowerShell® or the domain of a user that is specified in a runas command. However, computer startup and shutdown scripts run under the context of the LocalSystem account. The LocalSystem account is a built-in local account, and it accesses network resources under the context of the computer account. Therefore, when this cmdlet is run from a startup or shutdown script, the default domain is the domain to which the computer is joined.

Examples

-------------------------- EXAMPLE 1 --------------------------

Description

-----------

This command imports the settings from the most recent backup of the GPO named TestGPO in the c:\backups directory into a GPO of the same name in the current domain. If a GPO named TestGPO does not exist in the current domain, the command fails because the CreateIfNeeded parameter is not specified.

C:\PS>import-gpo -BackupGpoName TestGPO -TargetName TestGPO -path c:\backups 

-------------------------- EXAMPLE 2 --------------------------

Description

-----------

This command imports the settings from the specified backup in the c:\backups directory into a GPO that is named TestGPO in the current domain. The BackupId parameter is used to specify the GUID of the GPO backup to use. Because the CreateIfNeeded parameter is specified, if a GPO named TestGPO does not exist in the current domain, one is created before the settings are imported.

C:\PS>import-gpo -BackupId A491D730-F3ED-464C-B8C9-F50562C536AA -TargetName TestGPO -path c:\backups -CreateIfNeeded 

-------------------------- EXAMPLE 3 --------------------------

Description

-----------

This command imports the settings from the most recent backup of the GPO named TestGPO from the d:\backups directory to a GPO named NewTestGPO in the current domain. The specified migration table is used to migrate security principals and UNC paths to the new GPO. Because the CreateIfNeeded parameter is specified, the GPO is created if it does not already exist.

C:\PS>Import-GPO -BackupGpoName TestGPO -Path D:\Backups -TargetName NewTestGPO -MigrationTable D:\Tables\Migtable1.mitable -CreateIfNeeded 

Backup-GPO

Restore-GPO