Skip to content
UltiblobStatus
Back to course
Expert90 to 120 minutesInstructor visible

AD DS forest, OU, GPO, and DNS design

The enterprise has multiple forests, inconsistent OUs, inherited GPOs, weak naming standards, and acquisition domain pressure.

Business context

The architecture must support enterprise delegation, consolidation, auditability, and future hybrid identity sync.

Technical objective

Design and validate the AD DS structure, including OUs, groups, GPO strategy, DNS zones, service accounts, trust assumptions, and rollback notes.

Student instructions

  1. 1Launch the Windows AD lab pod.
  2. 2Review dc01, member01, client01, and sync01 roles.
  3. 3Draft the target OU and group model.
  4. 4Document GPO baseline, exception, owner, and rollback rules.
  5. 5Validate AD/DNS health and capture evidence.

Troubleshooting

  • If AD checks fail, wait for Windows initialization and rerun the validation panel.
  • If the design mixes staging and production identities, split migration and steady-state OUs.

Cleanup

  • Snapshot the pod before break/fix work.
  • Export the AD design section.
Launch flow

Provisioning readiness

Pending
Waiting for launch

Click Launch lab to start the provisioning flow and watch each stage complete.

0%
  1. Request accepted
  2. Capacity reserved
  3. Templates queued
  4. Validation running
  5. Workspace ready
ad-dns-healthy
Pending
domain-joined
Pending
rdp-reachable
Pending

Required templates

  • Domain Controller template - defined
  • Windows Server 2022 base - defined
  • Windows 11 client - defined
  • Microsoft 365 simulated tenant layer - defined

Validation checks

  • AD DS and DNS healthy: Directory services, DNS, and LDAP checks pass inside the tenant network.
  • Domain joined: Computer account is present and secure channel validates.
  • Windows management reachable: The student access gateway can open a Windows console session.

Expected result

AD/DNS checks are healthy and the workbook contains OU, GPO, DNS, trust, and service-account standards.

Reset policy: Student can reset to the clean Windows/AD snapshot. Teardown policy: Course pod auto-tears down at TTL expiry with instructor override.