![\"Hey,](\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/29\/2019\/02\/q-for-powertip.jpg\" "\\"Hey,")
<\/p>\n<\/p>\n
<\/p>\n
Hey, Scripting Guy! I need to be able to connect to two Group Policy<\/a> objects (GPOs) in Active Directory<\/a> and make an offline copy of the GPOs using Windows PowerShell 2.0<\/a> so that I can compare the two objects. I know I can do this using the Group Policy Management Console, but I have several hundred GPOs in my domain and I do not have the time to go through the GUI and click-click-click. I would prefer to be able to script this operation using Windows PowerShell, if possible. Ideas?<\/p>\n — SV<\/p>\n <\/p>\n Hello SV, <\/p>\n Microsoft Scripting Guy Ed Wilson here. l am anxious to complete our discussion of the Compare-GPO.ps1 script. As you may recall, yesterday<\/a> we looked at the portion of the script that determined if the GroupPolicy<\/strong> module<\/a> was available and loaded, and we also looked at the function that downloaded the two GPOs to be compared. Because the Compare-GPO.ps1 script<\/a> is more than 125 lines long, I have posted it to our Script Repository<\/a> rather than pasting it into this post. <\/p>\n Note<\/strong>: This is part two of a two-part article. Part one was posted yesterday<\/a>.<\/p>\n<\/blockquote>\n The Compare-XMLGPO<\/strong> function is used to compare two XML reports of GPOs. It accepts an array of strings that point to the two XML files that will be used for comparison. It does not matter if more than two GPO reports are supplied because only the first two will be compared. The two Boolean values, $user<\/strong> and $computer<\/strong>, control which portion of the GPO is compared. If both values are present, both the computer and the user portion of the GPO will be compared. The [xml]<\/strong> type accelerator is used to ensure the contents of the two GPO reports are interpreted as XML. Reading the XML GPO reports is really easy—the Get-Content<\/strong> cmdlet is used. The $xml1<\/strong> and $xml2<\/strong> variables contain a system.xml.xmldocument<\/a> .NET Framework object. This section of the script is shown here: <\/p>\n <\/p>\n <\/span>{<\/span> <\/p>\n <\/span>Param([string[]]<\/span>$gpoReports<\/span>,<\/span> <\/span>[bool]<\/span>$user<\/span>,<\/span> <\/span>[bool]<\/span>$computer<\/span>)<\/span> <\/p>\n <\/span>[xml]<\/span>$xml1<\/span> <\/span>=<\/span> <\/span>Get-Content<\/span> <\/span>-Path<\/span> <\/span>$gpoReports<\/span>[<\/span>0<\/span>]<\/span> <\/p>\n <\/span>[xml]<\/span>$xml2<\/span> <\/span>=<\/span> <\/span>Get-Content<\/span> <\/span>-Path<\/span> <\/span>$gpoReports<\/span>[<\/span>1<\/span>]<\/span> <\/div>\n <\/p>\n To effectively parse the GPO XML report, you must know the structure of the XML document. I like to use XML Notepad<\/a>. As shown in the next image, the path to our GPO policy settings is GPO\/User\/extensiondata\/extension. Each policy setting is a node under the extension folder. This particular GPO setting is in an XML namespace (XMLNS) called q1. Therefore, each policy setting is in a node called q1:Policy. At times you will see an XML namespace called q2 or even something else. But each policy node will have the word policy<\/i> in it. The breakdown between user and computer in the structure of the XML document corresponds with the Group Policy computer settings and user settings. <\/p>\n![\"Hey,](\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/29\/2019\/02\/a-for-powertip.jpg\" "\\"Hey,")
<\/p>\n\n
Function<\/span> <\/span>Compare-XMLGPO<\/span> <\/p>\n
![\"Image](\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/29\/2019\/02\/7356.hsg071610011_thumb_0EF74F04.jpg\" "\\"Image")
<\/a> <\/p>\n