$domain = 'cascades.local'
$gpoName = 'CSC - Folder Redirection'
$ouDN = 'OU=Administrative,OU=Departments,DC=cascades,DC=local'

Import-Module GroupPolicy -EA SilentlyContinue

# Link GPO to OU=Administrative
try {
    New-GPLink -Name $gpoName -Domain $domain -Target $ouDN -LinkEnabled Yes -EA Stop
    Write-Output "[OK] Linked to $ouDN"
} catch {
    if ($_.Exception.Message -like '*already*') {
        Set-GPLink -Name $gpoName -Domain $domain -Target $ouDN -LinkEnabled Yes -EA SilentlyContinue
        Write-Output "[OK] Link already existed — enabled"
    } else {
        Write-Output "[ERROR] $($_.Exception.Message)"
    }
}

Write-Output ""
Write-Output "=== Security Filter ==="
Get-GPPermission -Name $gpoName -Domain $domain -All | ForEach-Object {
    Write-Output "  $($_.Trustee.Name) [$($_.Trustee.TrusteeType)] — $($_.Permission)"
}

Write-Output ""
Write-Output "=== Links ==="
$report = [xml](Get-GPOReport -Name $gpoName -Domain $domain -ReportType Xml)
$links = $report.GPO.LinksTo
if ($links) {
    foreach ($l in $links) {
        Write-Output "  $($l.SOMPath) — Enabled: $($l.Enabled)"
    }
} else {
    Write-Output "  (none)"
}

Write-Output ""
Write-Output "=== SG-FolderRedirect members ==="
Get-ADGroupMember -Identity 'SG-FolderRedirect' -EA SilentlyContinue | ForEach-Object {
    Write-Output "  $($_.SamAccountName)"
}