API Reference
GpoApplicationPlanEntry
Describes a single GPO link consideration in the application plan for a target DN. Captures link metadata, gating (inheritance/enforced/scope), and optional applicability outcomes.
Inheritance
- Object
- GpoApplicationPlanEntry
Constructors
public GpoApplicationPlanEntry() #Inherited Methods
Properties
public Guid Id { get; set; } #Identifier of the GPO.
public String GpoDistinguishedName { get; set; } #Distinguished name of the GPO object (CN={GUID},CN=Policies,...).
public String GpoName { get; set; } #Friendly display name of the GPO when resolvable; falls back to GUID string when host did not attach names.
public String ContainerDistinguishedName { get; set; } #Distinguished name of the container where this link resides (Site/Domain/OU DN).
public String ContainerScope { get; set; } #Container scope: "Site", "Domain", or "OU".
public Int32 LinkOrder { get; set; } #1-based link order within the container (higher precedence applies later).
public Boolean LinkEnabled { get; set; } #True when the link is enabled.
public Boolean Enforced { get; set; } #True when the link is enforced (No Override).
public Boolean BlockedByInheritance { get; set; } #True when the link is blocked by inheritance (e.g., parent link above a Block Inheritance OU and not enforced).
public Boolean ScopeAllowed { get; set; } #True when the GPO is enabled for the requested scope (User/Computer) based on its flags.
public Nullable<Boolean> HasWmiFilter { get; set; } #True when a WMI filter is linked to the GPO (optional; populated when applicability is evaluated).
public Nullable<Boolean> WmiMatched { get; set; } #True when the WMI filter evaluated to true for the target context (optional).
public Nullable<Boolean> WmiAccessDenied { get; set; } #True when reading WMI filter details was access denied (optional). Host may show this as a distinct "Denied" state for WMI.
public Nullable<Boolean> SecurityAllowed { get; set; } #True when the GPO security filtering allows application to the target (optional; token-dependent).
public Boolean Included { get; set; } #Final inclusion after inheritance/enforced/scope and optional WMI/Security filtering for this path.
public String AppliedAs { get; set; } #Contribution origin in pair evaluation: "Computer", "UserFromUserPath", or "UserFromComputerPath".
public Int32 LinkOptionsRaw { get; set; } #Raw link options value parsed from gPLink for this entry (bit 0 = Enforced/No Override, bit 1 = Link Disabled). Useful for troubleshooting cases where UI flags disagree with computed booleans.
public String BlockSource { get; set; } #When BlockedByInheritance is true, the distinguishedName of the OU where Block Inheritance was set and caused this link to be ignored (unless enforced). Null when not blocked.
public Nullable<GpoAdObjectStatus> AdStatus { get; set; } #Active Directory object probe status for this GPO reference (Exists / AccessDenied / NotFound / Unknown). Helps distinguish between broken links and permission issues in typed results.
public String Reason { get; set; } #Human‑readable explanation why this entry is Included or excluded. Example: "LinkDisabled; Scope=ComputerDisabled; BlockedBy=OU=Servers,...; WMI=false (Runtime); Security=false". Useful to quickly understand gpresult/RSOP gating without digging through multiple flags.
public IReadOnlyList<String> SecurityAllowSources { get; set; } #Optional list of security allow sources (e.g., "Apply: Authenticated Users", "Read: Domain Computers").
public IReadOnlyList<String> SecurityDenySources { get; set; } #Optional list of security deny sources (e.g., "Deny Apply: SomeGroup").