Powershell – Process GPO XML files

Windows 2008 AD Group Policies has a very useful and practical feature – Drive Maps.
XML1

If you want to have a centralized place of your user network drive mappings then this option is for you.
Configuration is very flexible as you can filter targeted users by OU, security group and even by their user name.

Now, all is fine until your list is short, but when it has grown to the dosens of mappings the managability becomes an issue.
XML2

The problem is in the interface. It does not show you the filtering rules at the front, to see them you have to open the mapping, then go to “Common” tab, then select “Targeting” and only then you will see your Filtering rules. OMG šŸ™‚

Fortunatelly all the Drive Mappings are stored in the XML file inside the GPO folder on the Domain Controller. XML file structure is pretty clear:
XML3

So I decided to parse the XML file and extract the information I want, that is filtering rules of each mapping.

cls

# You need to set the path to an XML file taken from the GPO:
[xml]$mappings = Get-Content "C:\DriveMappings.xml"

# Lets create the destination file
$OutputFile = "C:\Rules.txt"
'' > $OutputFile

#Another way of querying XML:
#$mappings.Drives.Drive | % {$_.Filters.FilterOrgUnit} | Select-Object -Property name,bool | ft -AutoSize

#
$m = $mappings | Select-XML -XPath "//Drive" | foreach {$_.node.InnerXML}


foreach($map in $m)
{
    # We have two tags <Properties> and <Filters>, lets separate them for further processing
    $tags = $map -split "<Filters>"
    
    # There is also one possible discrepancy with empty filters tag that is written in a shortened XML notation: <Filters />. And we need to deal with it.
    if ($tags[1] -ne $null)
    {
        $Property = [xml]$tags[0]
        #$tags.Length
        if ($tags.Length -gt 1)
        {
            $tags[1] = "<Filters>" + $tags[1]
            #$tags[1]
            $Filters = [xml]$tags[1]
        }
    }
    else
    {
        $tags[0] = $tags[0] -split "<Filters />"
        $Property = [xml]$tags[0]
        
        $FilStr = "<Filters></Filters>"
        #$tags[1]
        $Filters = [xml]$FilStr
    }
       
    '' >> $OutputFile
    
    # Extracting mapping path and the drive letter:
    $Prop= $Property.SelectNodes("/Properties")
    foreach ($P in $Prop) {
        
        #Checking Reconnect setting
        if ($P.persistent -eq 0)
            {$Reconnect = 'No'}
        Else
            {$Reconnect = 'Yes'}
        
        $P.letter + ': ' + $P.path + '  Reconnect=' + $Reconnect
        $P.letter + ': ' + $P.path + '  Reconnect=' + $Reconnect >> $OutputFile
        ''
    }
        
    
    # Extracting Filterings:
    if ($tags.Length -gt 1)
    {
        $FilterGroups= $Filters.SelectNodes("/Filters/FilterGroup")
        foreach ($Group in $FilterGroups) {
            if ($Group.not -eq 0)
            {$LogicNOT = ''}
            elseif ($Group.not -eq 1)
            {$LogicNOT = 'NOT '}
            else
            {$LogicNOT = 'N/A '}
              
            $Group.bool + ' ' + $LogicNOT + '' + $Group.name
            $Group.bool + ' ' + $LogicNOT + '' + $Group.name >> $OutputFile
            $LogicNOT = ''
        }
        
        $FilterOrgUnits= $Filters.SelectNodes("/Filters/FilterOrgUnit")
        foreach ($OU in $FilterOrgUnits) {
            if ($OU.not -eq 0)
            {$LogicNOT = ''}
            elseif ($OU.not -eq 1)
            {$LogicNOT = 'NOT '}
            else
            {$LogicNOT = 'N/A '}
        
            $OU.bool + ' ' + $LogicNOT + '' + $OU.name
            $OU.bool + ' ' + $LogicNOT + '' + $OU.name >> $OutputFile
        }

        $FilterUsers= $Filters.SelectNodes("/Filters/FilterUser")
        foreach ($User in $FilterUsers) {
            if ($User.not -eq 0)
            {$LogicNOT = ''}
            elseif ($User.not -eq 1)
            {$LogicNOT = 'NOT '}
            else
            {$LogicNOT = 'N/A '}
        
            $User.bool + ' ' + $LogicNOT + '' + $User.name
            $User.bool + ' ' + $LogicNOT + '' + $User.name >> $OutputFile
        }
    }
    
    '_____________________________'
}

'The End'
Advertisements

Leave a Comment here

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s