Group Policy mapping and status
There are a few things we need to consider when we create and link a Group Policy object to a site, domain, or OU:
- If it's a new GPO, it can be created directly under the relevant OU or domain using GMPC.
- In sites, it's only allowed to link to an existing GPO; therefore, if the new GPO needs to link to the site, it needs to add a new GPO using GPMC or a PowerShell cmdlet.
- An already added GPO can link to any OU, domain, or site. As an example, if policy A is created and linked under OU A, it can be reused in any other OU, domain, or site.
A new GPO object can be created using the New-GPO PowerShell cmdlet:
New-GPO -Name GPO-Test-AThe preceding command will create a GPO called GPO-Test-A. By default, it will not link to any OU, domain, or site. In GPMC, it can be viewed under the Group Policy Objects container.
After an object is created, it can be linked to an OU, domain, or site using the New-GPLink cmdlet:
New-GPLink -Name GPO-Test-A -Target "OU=Users,OU=Europe...
