none
GPO Utility that can compare GPO setting across multiple AD Forests

    Question

  • Hello,

    I've been tasked with consolidating and standardizing GPOs across multiple forests, approximately 72 forests, and need a utility that is able to review and compare GPO settings across all of these forests so settings may be compared in order to provide a base set of GPO's to be created across all of the forests and then create incremental GPOs need for any unique settings for each forest. I'm looking for an enterprise quality product but searching the internet has not yielded the desired results. I've looked into GPO Compare and Security Compliance Manager but these cannot traverse the multiple forests.

    Any feedback / insight greatly appreciated.

    Thanks

    Gordon

    Thursday, February 05, 2015 7:53 PM

Answers

  • to export the GPOs to XML

    Powershell 

    Import-Module

    Get-GPOReport -all -reporttype xml -Path C:\ExportedGPOS\report.xml

    run that in each domian

    Then use a tool like beyond Compare or WinDiff to compare the xml files. 

    Thursday, February 05, 2015 8:04 PM

All replies

  • you can export the GPOs as XML files and then compare with simple text diff 
    • Edited by Rob Plank Thursday, February 05, 2015 8:00 PM typo
    Thursday, February 05, 2015 7:55 PM
  • Hello,

    Thank you for the reply, Could you provide so more info or pass along an article using the simple test diff? I'm not familiar with how this works.

    Gordon

    Thursday, February 05, 2015 7:57 PM
  • to export the GPOs to XML

    Powershell 

    Import-Module

    Get-GPOReport -all -reporttype xml -Path C:\ExportedGPOS\report.xml

    run that in each domian

    Then use a tool like beyond Compare or WinDiff to compare the xml files. 

    Thursday, February 05, 2015 8:04 PM
  • Thank you for the prompt reply. This is very helpful. I will give it a shot and report back.

    Gordon

    Thursday, February 05, 2015 8:12 PM