SUMMARY
Add a module for managing Group Policy (GPO)
ISSUE TYPE
I didn't see any past discussion issues regarding features for GPO management in the microsoft.ad collection.
I would like to request that the addition of a module for managing GPO in AD be added.
There is already a microsoft GPO PowerShell module set of cmdlets for managing GPO, and I would suggest leveraging this as a requisite.
https://learn.microsoft.com/en-us/powershell/module/grouppolicy/?view=windowsserver2025-ps
COMPONENT NAME
There is no existing component for this that I can see.
ADDITIONAL INFORMATION
My suggestion for the front end interface would be as follow:
Proposed Ansible Module Corresponding PowerShell Cmdlets Purpose and Ansible State Management
ad_gpo Get-Gpo, New-GPO, Set-GPO, Remove-GPO Manage the GPO object itself. This module handles the creation (state: present), deletion (state: absent), and modification of GPO properties (like display name, owner, and security filtering).
ad_gpo_link New-GPLink, Set-GPLink, Remove-GPLink Manage the link between a GPO and an AD container (Site, Domain, or OU). This is critical for controlling where the policy applies. It must support state: present (and enforced/disabled attributes) and state: absent.
ad_gpo_setting Set-GPPermission (for security), Set-GPRegistryValue, Set-GPOFile (hypothetically) Manage individual settings within a GPO. This is the most complex but most valuable. It would allow setting specific registry values, file copy operations, local user/group management, or firewall rules inside the GPO.
ad_gpo_import_export Import-GPO, Export-GPO Enable migration and disaster recovery. This allows administrators to export an entire GPO to a file system backup and import it, making the GPO definition itself part of an SCM (Source Control Management) workflow.
SUMMARY
Add a module for managing Group Policy (GPO)
ISSUE TYPE
I didn't see any past discussion issues regarding features for GPO management in the microsoft.ad collection.
I would like to request that the addition of a module for managing GPO in AD be added.
There is already a microsoft GPO PowerShell module set of cmdlets for managing GPO, and I would suggest leveraging this as a requisite.
https://learn.microsoft.com/en-us/powershell/module/grouppolicy/?view=windowsserver2025-ps
COMPONENT NAME
There is no existing component for this that I can see.
ADDITIONAL INFORMATION
My suggestion for the front end interface would be as follow:
Proposed Ansible Module Corresponding PowerShell Cmdlets Purpose and Ansible State Management
ad_gpo Get-Gpo, New-GPO, Set-GPO, Remove-GPO Manage the GPO object itself. This module handles the creation (state: present), deletion (state: absent), and modification of GPO properties (like display name, owner, and security filtering).
ad_gpo_link New-GPLink, Set-GPLink, Remove-GPLink Manage the link between a GPO and an AD container (Site, Domain, or OU). This is critical for controlling where the policy applies. It must support state: present (and enforced/disabled attributes) and state: absent.
ad_gpo_setting Set-GPPermission (for security), Set-GPRegistryValue, Set-GPOFile (hypothetically) Manage individual settings within a GPO. This is the most complex but most valuable. It would allow setting specific registry values, file copy operations, local user/group management, or firewall rules inside the GPO.
ad_gpo_import_export Import-GPO, Export-GPO Enable migration and disaster recovery. This allows administrators to export an entire GPO to a file system backup and import it, making the GPO definition itself part of an SCM (Source Control Management) workflow.