Skip to content

Feature Request: Add Group Policy management module #217

Description

@MrPippin66
SUMMARY

Add a module for managing Group Policy (GPO)

ISSUE TYPE
  • Feature Idea

I didn't see any past discussion issues regarding features for GPO management in the microsoft.ad collection.

I would like to request that the addition of a module for managing GPO in AD be added.

There is already a microsoft GPO PowerShell module set of cmdlets for managing GPO, and I would suggest leveraging this as a requisite.

https://learn.microsoft.com/en-us/powershell/module/grouppolicy/?view=windowsserver2025-ps

COMPONENT NAME

There is no existing component for this that I can see.

ADDITIONAL INFORMATION

My suggestion for the front end interface would be as follow:

Proposed Ansible Module Corresponding PowerShell Cmdlets Purpose and Ansible State Management
ad_gpo Get-Gpo, New-GPO, Set-GPO, Remove-GPO Manage the GPO object itself. This module handles the creation (state: present), deletion (state: absent), and modification of GPO properties (like display name, owner, and security filtering).
ad_gpo_link New-GPLink, Set-GPLink, Remove-GPLink Manage the link between a GPO and an AD container (Site, Domain, or OU). This is critical for controlling where the policy applies. It must support state: present (and enforced/disabled attributes) and state: absent.
ad_gpo_setting Set-GPPermission (for security), Set-GPRegistryValue, Set-GPOFile (hypothetically) Manage individual settings within a GPO. This is the most complex but most valuable. It would allow setting specific registry values, file copy operations, local user/group management, or firewall rules inside the GPO.
ad_gpo_import_export Import-GPO, Export-GPO Enable migration and disaster recovery. This allows administrators to export an entire GPO to a file system backup and import it, making the GPO definition itself part of an SCM (Source Control Management) workflow.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type
    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions