PowerShell Logo Small

Set-GPInheritance



This is the built-in help made by Microsoft for the command 'Set-GPInheritance', in PowerShell version 3 - as retrieved from Windows version 'Microsoft Windows Server 2012 Standard' PowerShell help files on 2016-06-23.

For PowerShell version 3 and up, where you have Update-Help, this command was run just before creating the web pages from the help files.

SYNOPSIS

Blocks or unblocks inheritance for a specified domain or organizational unit (OU).

SYNTAX


Set-GPInheritance [-Target] <String> [-Domain <String>] [-Server <String>] -IsBlocked <BlockInheritance> [-Confirm [<SwitchParameter>]]
[-WhatIf [<SwitchParameter>]] [<CommonParameters>]



Search powershellhelp.space

DESCRIPTION


The Set-GPInheritance cmdlet blocks or unblocks inheritance for a specified domain or organizational unit (OU).


GPOs are applied according to the Group Policy hierarchy in the following order: local GPO, GPOs linked to the site, GPOs linked to the
domain, GPOs linked to OUs. By default, an Active Directory container inherits settings from GPOs that are applied at the next higher level in
the hierarchy. Blocking inheritance prevents the settings in GPOs that are linked to higher-level sites, domains, or organizational units from
being automatically inherited by the specified domain or OU, unless the link (at the higher-level container) for a GPO is enforced.


You use the Target parameter to specify the LDAP distinguished name of the domain or OU, and use the IsBlocked parameter to specify whether to
block or unblock inheritance.



<

RELATED LINKS

Get-GPInheritance

REMARKS

<

Examples


-------------------------- EXAMPLE 1 --------------------------

C:\PS>Set-GPinheritance -Target "ou=MyOU,dc=contoso,dc=com" -IsBlocked Yes

Name : myou
ContainerType : OU
Path : ou=myou,dc=contoso,dc=com
GpoInheritanceBlocked : Yes
GpoLinks : {TestGPO-1, TestGPO-2}
InheritedGpoLinks : {TestGPO-1, TestGPO-2}



Description

-----------

This command blocks inheritance for the "MyOU" OU in the contoso.com domain. GPOs that are linked to higher-level sites or domains, or to OUs
that are parent OUs of the "MyOU" OU are not applied (unless their links are enforced) when Group Policy is processed for the OU on the client.

Because inheritance is blocked, only GPOs that are linked directly to the "MyOU" OU (and those that are enforced at higher-level containers)
appear in the InheritedGpoLinks list.




-------------------------- EXAMPLE 2 --------------------------

C:\PS>Set-GPinheritance -Target "dc=northwest, dc=contoso, dc=com" -IsBlocked No



Description

-----------

This command unblocks inheritance for the northwest.contoso.com domain. GPOs linked to higher-level sites or domains are applied to this
domain when Group Policy is processed on the client.




-------------------------- EXAMPLE 3 --------------------------

C:\PS>Set-GPinheritance -Target "ou=MyOU,dc=contoso,dc=com" -IsBlocked No

Name : myou
ContainerType : OU
Path : ou=myou,dc=contoso,dc=com
GpoInheritanceBlocked : No
GpoLinks : {TestGPO-1, TestGPO-2}
InheritedGpoLinks : {TestGPO-1, TestGPO-2, Default Domain Policy}



Description

-----------

This command blocks inheritance for the "MyOU" OU in the contoso.com domain. GPOs that are linked to higher-level sites or domains, or to OUs
that are parent OUs of the "MyOU" OU, are applied when Group Policy is processed for the OU on the client.

Because inheritance is not blocked, GPOs that are inherited from higher-level containers appear in the InheritedGpoLinks list (together with
GPOs that are linked directly to the OU). For example, the "Default Domain Policy" GPO is linked at the domain level.