Group Policy Management Tools

active-directory group-policy

Solution 1:

AGPM does much of that - it's a Microsoft tool that vendors like Microfocus leveraged off. It does all the versioning, check-in/check-out, approvals, roll-backs etc. It's not highly sophisicated, but it does the job.

https://docs.microsoft.com/en-us/microsoft-desktop-optimization-pack/agpm/advanced-group-policy-management-40

The main drawback in a multi-forest environment is that it's a per-forest tool. You need to import and export GPOs between forests if required (such as between Test and Production forests): https://docs.microsoft.com/en-us/microsoft-desktop-optimization-pack/agpm/using-a-test-environment).

Obviously exporting and transferring files can be scripted to some degree, but fundamentally, there's no single management point for multiple forests, so you'd need an AGPM instance for each.

Related

How can I solve the error to open google chrome on the server?
"Failed to get shell PTY: Protocol error" for an nspawn container with systemd inside
Do I have to enter the public IP into the HOME_NET variable?
lvmcache/dm-cache writeback cache full performance
Dynamic Google hosted DNS zone update by DHCP
Do not recursion DNS queries
Postfix header_checks add X-Mailgun-Tag
Return a specific/200 status code for a particular URL prefix in Haproxy
Redirect All emails to
Length of the side of a similar triangle
Find :$\frac{A1}{A}−\frac{A}{A2}$ in the triangle below
Homotopy extension property of a pushout - converse statement