<# .SYNOPSIS This script will unlink the specified LAPS GPO from all OUs in the parent domain. .DESCRIPTION This script exports the GPO report for the specified LAPS GPO, parses the XML to find all linked OUs, and then unlinks the GPO from each OU in the specified domain. .EXAMPLE .\Remove-LAPSGPLink.ps1 This command runs the script to remove the LAPS GPO link from all OUs in the specified domain. To use this script, you'll need to enter your domain name below. .INPUTS None. This script does not accept any input objects. .OUTPUTS None. This script does not produce any output objects. .NOTES This script requires the GroupPolicy module and appropriate permissions to modify GPO links in each domain. To run on other domains, simply change the $Domain variable to the target domain name and the -Target location in Remove-GPLink at the bottom line of this script with the targeted domain. Examples: -Target "DC=somedomainname,DC=net" -Domain "somedomainname.net" -Target "DC=anotherdomainname,DC=net" -Domain "anotherdomainname.net" -Target "DC=andonemoredomainname,DC=com" -Domain "andonemoredomainname.com" #> Import-Module GroupPolicy $GPOName = "YourGPOName-LAPS" #Change this to the name of your actual GPO $Domain = "somedomainname.net" #Change target domain for each domain this will run on. # Export the GPO report $xmlPath = "C:\Temp\GPOReport.xml" Get-GPOReport -Name $GPOName -Domain $Domain -ReportType XML | Out-File $xmlPath # Parse the XML [xml]$gpoReport = Get-Content $xmlPath $links = $gpoReport.GPO.LinksTo if ($links.Count -eq 0) { Write-Host "No links found for $GPOName in $Domain." } else { foreach ($link in $links) { $target = $link.SOMPath Write-Host "Unlinking $GPOName from $target in $Domain..." #Remove-GPLink -Name $GPOName -Target $target -Domain $Domain -Confirm:$false Remove-GPLink -Name "YourGPOName-LAPS" -Target "DC=somedomainname,DC=net" -Domain "somedomainname.net" -Confirm:$false } }