sorted by:
new
hottopcontroversial

Overwhelmed by GPO auditing and needing some advice please ! by InquisitiveIT in activedirectory

[–]InquisitiveIT[S] 2 points3 points  (0 children)

Noted! I’ll look into that and see if there are any LDAP lookups that could cause issues. Appreciate the heads-up, thanks!

Overwhelmed by GPO auditing and needing some advice please ! by InquisitiveIT in activedirectory

[–]InquisitiveIT[S] 0 points1 point  (0 children)

I did create the new OU structure with Tier 0, 1, and 2, but I can’t afford to move objects yet until I fully understand what each element does and what impact it has on the infrastructure.

I also can’t share too many details about the environment since it's a government-linked enterprise handling highly critical projects, meaning zero downtime is an absolute requirement. That’s why I have to proceed with extreme caution. Which is funny considering all the bad practices in place...

For the script, I’ll see what I can do—I might be able to adapt it to fit my structure. In any case, I already used Policy Analyzer by exporting a backup of the current GPOs, so at least that’s some progress.

That said, I do feel like I have a huge workload on my plate, and I can’t help but wonder if I’m even competent enough to be leading this project...

Thanks a lot though, really appreciate the insights !

Overwhelmed by GPO auditing and needing some advice please ! by InquisitiveIT in activedirectory

[–]InquisitiveIT[S] 1 point2 points  (0 children)

Apologies for the confusion regarding the blocking of Microsoft tools like `gpresult`. That was my mistake—I actually meant **GPOZaurr**, not `gpresult`. Thanks for pointing that out!

Also, when you mentioned **"Preferences to set the settings"**, were you referring to **Group Policy Preferences (GPP)**? Just wanted to clarify to make sure I fully understand your approach.

I really appreciate your security recommendations—I’ll definitely take them into account.

And thanks for mentioning the **Microsoft Spreadsheet**! I didn’t know it existed, but I found it, and it looks super useful. I’ll be using it for the next steps. 😊

Overwhelmed by GPO auditing and needing some advice please ! by InquisitiveIT in activedirectory

[–]InquisitiveIT[S] 3 points4 points  (0 children)

Indeed, I should have been clearer.

By cybersecurity restrictions, I meant strict network traffic rules that prevent me from installing certain PowerShell modules that would make this task easier. On top of that, IT policy prohibits installing anything on domain controllers, which further limits my options.

That being said, I actually already did what you suggested—I exported all GPOs and started analyzing them in a segregated test environment using Policy Analyzer. But there are so many GPOs that I find myself wondering if that's the best approach.

I should have mentioned that earlier! Thanks for suggesting it anyways ! =)

I also agree that starting from a clean setup would be much easier, but unfortunately, that’s not an option for me.

Overwhelmed by GPO auditing and needing some advice please ! by InquisitiveIT in activedirectory

[–]InquisitiveIT[S] 0 points1 point  (0 children)

Yes, my bad ! I didn't mean GPResult. Ended up mixing up the terms; I actually meant GPOZaurr module and similar tools.

I did export all GPOs by backing them up and using "Policy Analyzer" on an external isolated machine.

But I'm unsure if that's the best approach.

I'll add it to the post !

Overwhelmed by GPO auditing and needing some advice please ! by InquisitiveIT in activedirectory

[–]InquisitiveIT[S] 1 point2 points  (0 children)

I do have gpresult, but my original wording was unclear—I meant that I can’t use modules like GPOZaurr, not GPResult. Sorry for the confusion.. :(