Really, this is more a note to self, but I’ve had a very recent need to export nested GPO objects from a Parent OU and subsequent Child OU’s, to XML, so that they can be imported into Intune and analysed using the Group Policy Analyzer. There’s probably much much better scripts out there to do this, but time was of the essence, so this is the resulting script, that will delve within a Parent OU and pull out all the nested GPO items underneath, exporting each to an XML file and prefix the GPO with the name of the residing OU.

$ChildOUs = Get-ADOrganizationalUnit -Filter 'Name -like "*"' -SearchBase 'OU=ComputerOU,DC=James,DC=Vincent,DC=COM'
foreach($COU in $ChildOUs){
    (Get-GPInheritance -Target $COU).GpoLinks.DisplayName | ForEach-Object {  
        if($_){
           Get-GPOReport -Name $_ -ReportType XML -Path "C:\Temp\GPOExport\$(COU.Name)_$($_).xml"   
        }   
    }  
}

In the above example, imagine a scenario whereby OU=ComputerOU has child OU’s, perhaps using Country Names. The above snippet will retrieve all the OU’s underneath “OU=ComputerOU”, and search recursively for any GPO items linked within.

Any identified GPO’s will be exported out to XML and stored in C:\Temp\GPOExport\ using the name of the Child OU as a prefix and the name of the actual GPO.

If a GPO has a special character in it’s name, the export for that specific GPO will fail.

I’d be very welcoming of any thoughts, comments and feedback. Especially suggestions on better ways to achieve this, as I’m sure there are better, more efficient ways to achieve this.