How do I link my GPO to an OU?

I use powershell for this. It’s a pain to right click each individual ou in the console and link it from the list of GPOs.

First, create a list of OU’s in distinguished name form like this:

OU=Users,OU=Marketing,DC=Company,DC=COM

I save these in a couple of text files (one for user ou’s and another for all my computer ou’s) because I reuse the lists all the time. New line for each OU.

Then open powershell as admin and run:

`$OUList = Get-Content c:\temp\ComputerOUList.txt

$GPOName = ‘Chrome Security Settings’

ForEach ($OU in $OUList) {New-GPLink -Name $GPOName -Target $OU -LinkEnabled Yes -Order 1}`

Note you can omit the “-Order 1”, this will set the priority of the link order to the top.

• SSL / TLS Certificates
• Email/Document/Code Signing
• Enterprise Solutions
• CA Certificates
• Account & Finance
• Contact Us

AEG: How to Create and Link a GPO in Active Directory

Introduction

This article will walk you through on how to create and link a Group Policy in Active Directory. If this is not the solution you are looking for, please search for the solution in the search bar above.

Guidelines

Creating a GPO is a fairly simple task, so long as you know what settings you need to change, and how to apply it to the endpoints you are trying to affect. These instructions will need to be done by a user who is a member of the Group Policy Creator Owners group, on a domain controller with Group Policy Management.

1. Open Group Policy Management by navigating to the Start menu > Windows Administrative Tools, then select Group Policy Management.

2. Right-click Group Policy Objects, then select New to create a new GPO.

   

3. Enter a name for the new GPO that you can identify what it is for easily, then click OK.

4. Select the GPO from Group Policy Objects list, then in the Security Filtering section, Add and Remove users, groups, and computers that the GPO should apply to.

5. Right-Click the GPO, and select Edit. Change any of the policies you want to apply in the Computer and\or User Configuration. Close the GPO Editor when you are done.
   Note: Check the Public Key Policies section for how to configure policies for AEG.

6. Now, the GPO is created, but you still need to link it. Locate the OU or Domain you want to apply the GPO to, then right-click it, and select Link an Existing GPO..., then select your GPO from the list, and click OK.

Note: Inheritance defines what GPO will override the settings of another. From lowest to highest priority, the levels that GPOs can be applied to are:

• Local - These are policies applied locally to the system and user.
• Site - Policies applied to anything that is a member of a site, will override settings that are configured on the Local level.
• Domain - Settings in GPOs linked to the domain, will override settings configured in a GPO that is linked at the Local and Site level.
• Organizational Unit - GPOs linked here will override any other GPOs, except those linked to a Sub-OU, or a GPO that is marked as Enforced.
• Enforced - An Enforced GPO will override the settings of all other GPOs, unless blocked by Block Inheritance.

Related Articles

AEG: How to Enable Advanced Logging for AEG Server

Feb 29, 2020, 5:07 AM

This article will guide you through enabling AEG’s advanced logging feature. If this is not the solution you are looking for, please search for the solution in the search bar above. Note: This support article applies to AEG version 5.x and below. Also, when facing issues to enroll for Certificates, our support staff may require more information to determine the root cause of the problem.

Read More

AEG: How to Create Custom Certificate Templates

Mar 2, 2020, 1:56 AM

This article will go over how to create templates from duplicates of default templates for both User and Machine Authentication. Depending on the use case that you implement, you will need to duplicate one of the default Certificate templates. Duplication is not required but is strongly recommended to avoid changing the properties of default templates and to better control the changes applied to templates that work with the AEG.

Read More

AEG: How to Edit a GPO for Certificate Enrollment

Mar 2, 2020, 3:03 AM

This article will walk you through editing a GPO for Certificate Enrollment. Certificate Services Client - Certificate Enrollment Policy - These are the settings that define the URL for the policy servers which users and computers will contact. By default (in a newly created GPO), these setting will be set to "Not Configured", and will need to be changed to "Enabled". When you enable it, it will have a default Certificate Enrollment Policy (CEP) in the list called Active Directory Enrollment Policy, and it will be set as the default.

Read More

GlobalSign System Alerts

View recent system alerts.

View Alerts

Certificate Inventory Tool

Scan your endpoints to locate all of your Certificates.

Log In / Sign Up

SSL Configuration Test

Check your certificate installation for SSL issues and vulnerabilities.

Contact Support

How do I link my Group Policy to Active Directory?

Can you link a GPO to more than one OU?

How do I apply a GPO to all computers OU?

How do I link my GPO to multiple OU PowerShell?