Import-GPO
Imports the Group Policy settings from a backed-up GPO into a specified GPO.
Syntax
ImportGUID (Default)
Import-GPO
-BackupId <Guid>
-Path <String>
[-TargetGuid <Guid>]
[-TargetName <String>]
[-MigrationTable <String>]
[-CreateIfNeeded]
[-Domain <String>]
[-Server <String>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
ImportName
Import-GPO
-BackupGpoName <String>
-Path <String>
[-TargetGuid <Guid>]
[-TargetName <String>]
[-MigrationTable <String>]
[-CreateIfNeeded]
[-Domain <String>]
[-Server <String>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
The Import-GPO cmdlet imports the settings from a Group Policy Object (GPO) backup into a
specified target GPO. The target GPO can be in a different domain or forest than the backup that was
made and it does not have to exist prior to the operation.
Use the Path parameter to specify the location of the backup and then use the BackupGpoName parameter to specify the GPO name of the backup to use, or the BackupId parameter to specify the backup ID (GUID) of the backup to use.
If you specify a GPO name, the cmdlet imports the most recent backup. To import an earlier version of a GPO backup, you must use the BackupID parameter to specify the unique backup ID for the particular version. This is the GUID that uniquely identifies the backup within its backup directory.
Use the TargetName parameter or the TargetGuid parameter to specify the target GPO into which the settings should be imported. Use the optional MigrationTable parameter to map security principals and Universal Naming Convention (UNC) paths across domains. Use the CreateIfNeeded parameter to create a new GPO if the specified target GPO does not exist.
Examples
Example 1: Import the settings from the latest backup to another directory in the same domain
Import-GPO -BackupGpoName 'TestGPO' -TargetName 'TestGPO' -path 'C:\backups'
DisplayName : TestGPO
DomainName : contoso.com
Owner : CONTOSO\Domain Admins
Id : 87d38d82-cc2d-4bf7-ad9f-4083a60316eb
GpoStatus : AllSettingsEnabled
Description :
CreationTime : 3/3/2009 1:03:28 PM
ModificationTime : 3/6/2009 5:03:29 PM
UserVersion : AD Version: 9, SysVol Version: 9
ComputerVersion : AD Version: 5, SysVol Version: 5
WmiFilter :
This command imports the settings from the most recent backup of the GPO named TestGPO in the
c:\backups directory into a GPO of the same name in the current domain. If a GPO named TestGPO
does not exist in the current domain, the command fails because the CreateIfNeeded parameter is
not specified.
Example 2: Import the settings from specified backup in the same directory in the same domain
$params = @{
BackupId = 'A491D730-F3ED-464C-B8C9-F50562C536AA'
TargetName = 'TestGPO'
path = 'C:\Backups'
CreateIfNeeded = $true
}
Import-GPO @params
DisplayName : TestGPO
DomainName : contoso.com
Owner : CONTOSO\Domain Admins
Id : 87d38d82-cc2d-4bf7-ad9f-4083a60316eb
GpoStatus : AllSettingsEnabled
Description :
CreationTime : 3/3/2009 1:03:28 PM
ModificationTime : 3/6/2009 5:11:49 PM
UserVersion : AD Version: 10, SysVol Version: 10
ComputerVersion : AD Version: 6, SysVol Version: 6
WmiFilter :
This command imports the settings from the specified backup in the C:\Backups directory into a GPO
that is named TestGPO in the current domain. The BackupId parameter is used to specify the
GUID of the GPO backup to use. Because the CreateIfNeeded parameter is specified, if a GPO named
TestGPO does not exist in the current domain, one is created before the settings are imported.
Example 3: Import the settings from the latest backup to another directory to the current domain
$params = @{
BackupGpoName = 'TestGPO'
Path = 'D:\Backups'
TargetName = 'NewTestGPO'
MigrationTable = 'D:\Tables\Migtable1.migtable'
CreateIfNeeded = $true
}
Import-GPO @params
DisplayName : NewTestGPO
DomainName : contoso.com
Owner : CONTOSO\Domain Admins
Id : 87d38d82-cc2d-4bf7-ad9f-4083a60316eb
GpoStatus : AllSettingsEnabled
Description :
CreationTime : 3/3/2009 1:03:28 PM
ModificationTime : 3/6/2009 5:11:49 PM
UserVersion : AD Version: 1, SysVol Version: 1
ComputerVersion : AD Version: 1, SysVol Version: 1
WmiFilter :
This command imports the settings from the most recent backup of the GPO named TestGPO from the
D:\Backups directory to a GPO named NewTestGPO in the current domain. The specified migration
table is used to migrate security principals and UNC paths to the new GPO. Because the
CreateIfNeeded parameter is specified, the GPO is created if it does not already exist.
Parameters
-BackupGpoName
Specifies the display name of the backed-up GPO from which this cmdlet imports the settings. The most recent backup of the GPO is used. You can use the BackupID parameter to specify a particular version to use when multiple backups of the same GPO exist in the backup directory.
You can also refer to the BackupGpoName parameter by its built-in alias, DisplayName. For more information, see about_Aliases.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | DisplayName |
Parameter sets
ImportName
| Position: | Named |
| Mandatory: | True |
| Value from pipeline: | True |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
-BackupId
Specifies the backup ID of a GPO backup. The backup ID is a globally unique identifier (GUID) that uniquely identifies the backup. You can use this parameter to specify a particular version of a backed-up GPO in the backup directory.
The backup ID is different from the ID of the GPO that was backed up.
You can also refer to the BackupID parameter by its built-in alias, Id. For more information, see about_Aliases.
Parameter properties
| Type: | Guid |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | Id |
Parameter sets
ImportGUID
| Position: | Named |
| Mandatory: | True |
| Value from pipeline: | False |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
-Confirm
Prompts you for confirmation before running the cmdlet.
Parameter properties
| Type: | SwitchParameter |
| Default value: | False |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | cf |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-CreateIfNeeded
Indicates that the cmdlet creates a GPO from the backup if the specified target GPO does not exist.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Domain
Specifies the domain for this cmdlet. You must specify the fully qualified domain name (FQDN) of the domain.
For the Import-GPO cmdlet, this is the domain into which you want to import the GPO.
If you do not specify the Domain parameter, the domain of the user that is running the current session is used. If the cmdlet is being run from a computer startup or shutdown script, the domain of the computer is used. For more information, see the Notes section in the full Help.
If you specify a domain that is different from the domain of the user that is running the current session (or, for a startup or shutdown script, the computer), a trust must exist between that domain and the domain of the user, or the computer.
You can also refer to the Domain parameter by its built-in alias, DomainName. For more information, see about_Aliases.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | DomainName |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
-MigrationTable
Specifies the path to a migration table file. You can use a migration table to map security principals and UNC paths across domains.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Path
Specifies the path to the backup directory.
You can also refer to the Path parameter by its built-in aliases: BackupLocation or BackupDirectory.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | BackupLocation, BackupDirectory |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | True |
| Value from pipeline: | False |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
-Server
Specifies the name of the domain controller that this cmdlet contacts to complete the operation. You can specify either the fully qualified domain name (FQDN) or the host name
If you do not specify the name by using the Server parameter, the primary domain controller (PDC) emulator is contacted.
You can also refer to the Server parameter by its built-in alias, DC.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | DC |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-TargetGuid
Specifies the GUID of the GPO into which this cmdlet imports the settings. Use the CreateIfNeeded parameter to force the GPO to be created if it does not already exist in the domain.
You must specify either the TargetGuid parameter or the TargetName parameter.
Parameter properties
| Type: | Guid |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-TargetName
Specifies the display name of the GPO into which the settings are to be imported. Use the CreateIfNeeded parameter to force the GPO to be created if it does not already exist in the domain.
You must specify either the TargetGuid parameter or the TargetName parameter.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Parameter properties
| Type: | SwitchParameter |
| Default value: | False |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | wi |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Inputs
Microsoft.GroupPolicy.GpoBackup
You can pipe an object that represents a GPO backup on the file system to this cmdlet.
Outputs
Microsoft.GroupPolicy.Gpo
This cmdlet returns an object that represents the GPO after the settings have been imported.
Notes
You can use the
Import-GPOto copy settings from a GPO backup in one domain to the same domain or another domain in the same or different forest.You can use the Domain parameter to explicitly specify the domain for this cmdlet.
If you do not explicitly specify the domain, the cmdlet uses a default domain. The default domain is the domain that is used to access network resources by the security context under which the current session is running. This domain is typically the domain of the user that is running the session for example, the domain of the user who started the session by opening Windows PowerShell or the domain of a user that is specified in a runas command. However, computer startup and shutdown scripts run under the context of the LocalSystem account. The LocalSystem account is a built-in local account, and it accesses network resources under the context of the computer account. Therefore, when this cmdlet is run from a startup or shutdown script, the default domain is the domain to which the computer is joined.