gPLink Attribute Format
A friend asked me earlier about this attribute which is used on Sites, Domains and Organizational Unit objects to link them to Group Policy Objects.
The attribute is composed of a sorted list of aDSPath's and GPO Link Options. Each is delineated by square brackets with the aDSPath first and the options second divided by a semicolon. For example [LDAP://cn={B6BB700D-71C8-49F3-9CF9-0A0E65C1A8C1},cn=policies,cn=system,DC=example,DC=com;0].
| Value |
Meaning |
Bit |
| GPO_FLAG_DISABLE |
This GPO is disabled. |
0 |
| GPO_FLAG_FORCE |
Do not override the policy settings in this GPO with policy settings in a subsequent GPO. |
1 |
In the example above the GPO link is enabled (bit 0=false) and not enforced (bit 1=false).
To disable a GPO link set bit 0 to true.
Likewise to force the settings in the GPO on subsequent Organizational Units set bit 1 to true.
While on the subject of the gPLink attribute the article over at http://www.microsoft.com/technet/prodtechnol/windows2000serv/maintain/gpo.mspx among the mistakes lists the gPLink attribute as being on the GPO's themselves which it is not and I know has caused a number of people a fair amount of grief as they try to debug scripts.