Common/Update-GPOVersion.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
function Update-GPOVersion {
    Param (
        [Parameter(Mandatory)]
        [guid]$Id
    )

    $IdFormatted = $Id.ToString('B')
    $RootDSE = ([System.DirectoryServices.DirectoryEntry]::new('LDAP://RootDSE'))
    $Domain = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
    $DomainDN = $RootDSE.defaultNamingContext
    $DomainDnsName = $Domain.Name
    $GPOLDAPPath = 'LDAP://CN={0},CN=Policies,CN=System,{1}' -f $IdFormatted, $DomainDN[0] # $DomainDN is a collection of a System.DirectoryServices.ResultPropertyValueCollection type with a single element inside it
    $GPOFSPath = '\\{0}\SYSVOL\{0}\Policies\{1}' -f $DomainDnsName, $IdFormatted
    $GPTIniPath = Join-Path -Path $GPOFSPath -ChildPath 'GPT.INI'

    $GPO = ([System.DirectoryServices.DirectoryEntry]::new($GPOLDAPPath))
    $GPOVersionNumber = $GPO.versionNumber[0] # System.DirectoryServices.PropertyValueCollection, that's why we have to access the first element
    $GPOVersionNumber++
    $GPO.versionNumber[0] = $GPOVersionNumber
    $GPO.CommitChanges()

    $GPOIni = Get-IniContent -FilePath $GPTIniPath
    $GPOIni.General.Version = $GPOVersionNumber # GPO AD DS version is more important than the version in the file
    $GPOIni | Out-IniFile -FilePath $GPTIniPath -Force
}