PowerShell Logo Small

Set-GPInheritance



This is the built-in help made by Microsoft for the command 'Set-GPInheritance', in PowerShell version 5 - as retrieved from Windows version 'Microsoft Windows Server 2012 R2 Standard' PowerShell help files on 2016-06-23.

For PowerShell version 3 and up, where you have Update-Help, this command was run just before creating the web pages from the help files.

SYNOPSIS

Blocks or unblocks inheritance for a specified domain or organizational unit (OU).

SYNTAX


Set-GPInheritance [-Target] <String> [-Domain <String>] [-Server <String>] -IsBlocked <BlockInheritance> [-Confirm] [-WhatIf] [<CommonParameters>]



Search powershellhelp.space

DESCRIPTION


The Set-GPInheritance cmdlet blocks or unblocks inheritance for a specified domain or organizational unit (OU).


GPOs are applied according to the Group Policy hierarchy in the following order: local GPO, GPOs linked to the site, GPOs linked to the domain, GPOs linked to OUs. By
default, an Active Directory container inherits settings from GPOs that are applied at the next higher level in the hierarchy. Blocking inheritance prevents the settings in
GPOs that are linked to higher-level sites, domains, or organizational units from being automatically inherited by the specified domain or OU, unless the link (at the
higher-level container) for a GPO is enforced.


You use the Target parameter to specify the LDAP distinguished name of the domain or OU, and use the IsBlocked parameter to specify whether to block or unblock inheritance.



<

RELATED LINKS

Online Version: http://go.microsoft.com/fwlink/?linkid=287733
Get-GPInheritance

REMARKS

<

Examples


-------------------------- EXAMPLE 1 --------------------------

C:\PS>Set-GPinheritance -Target "ou=MyOU,dc=contoso,dc=com" -IsBlocked Yes

Name : myou
ContainerType : OU
Path : ou=myou,dc=contoso,dc=com
GpoInheritanceBlocked : Yes
GpoLinks : {TestGPO-1, TestGPO-2}
InheritedGpoLinks : {TestGPO-1, TestGPO-2}



Description

-----------

This command blocks inheritance for the "MyOU" OU in the contoso.com domain. GPOs that are linked to higher-level sites or domains, or to OUs that are parent OUs of the
"MyOU" OU are not applied (unless their links are enforced) when Group Policy is processed for the OU on the client.

Because inheritance is blocked, only GPOs that are linked directly to the "MyOU" OU (and those that are enforced at higher-level containers) appear in the InheritedGpoLinks
list.




-------------------------- EXAMPLE 2 --------------------------

C:\PS>Set-GPinheritance -Target "dc=northwest, dc=contoso, dc=com" -IsBlocked No



Description

-----------

This command unblocks inheritance for the northwest.contoso.com domain. GPOs linked to higher-level sites or domains are applied to this domain when Group Policy is
processed on the client.




-------------------------- EXAMPLE 3 --------------------------

C:\PS>Set-GPinheritance -Target "ou=MyOU,dc=contoso,dc=com" -IsBlocked No

Name : myou
ContainerType : OU
Path : ou=myou,dc=contoso,dc=com
GpoInheritanceBlocked : No
GpoLinks : {TestGPO-1, TestGPO-2}
InheritedGpoLinks : {TestGPO-1, TestGPO-2, Default Domain Policy}



Description

-----------

This command blocks inheritance for the "MyOU" OU in the contoso.com domain. GPOs that are linked to higher-level sites or domains, or to OUs that are parent OUs of the
"MyOU" OU, are applied when Group Policy is processed for the OU on the client.

Because inheritance is not blocked, GPOs that are inherited from higher-level containers appear in the InheritedGpoLinks list (together with GPOs that are linked directly to
the OU). For example, the "Default Domain Policy" GPO is linked at the domain level.