We seem to be having a lot of problems related to "forgetting some mundane detail" while managing our Group Policy settings in Active Directory, so I am curious as to whether there are any well-regarded tools available for applying source control style practices to Active Directory configurations.
It seems like there should be a way to quickly and easily run a diff against a known-good configuration to figure out what setting changed (or did not replicate to a remote server) and is thus causing problems.
Take a look at Microsoft Advanced Group Policy Management which offers GPO change management. It's a pretty good tool that they bought from Policymaker a few years ago.
NetIQ Change Guardian for Active Directory
I know nothing about it. Years ago we evaluated it( probably its predecessor) but never actually use it.
Out of the box there is no undo (although ntdsutil allows some recovering of deleted objects with an authoritative restore), or version control on AD. There are quite a few third party tools that will allow "undelete".