Active Directory Initial Design¶
Forest and domain¶
| Item | Value |
|---|---|
| Forest | corp.gntech.lab |
| Domain | corp.gntech.lab |
| NetBIOS | CORP |
| First DC | HQ-DC01 |
| Initial site | HQ |
Design decision¶
The lab starts with a single forest and a single domain. This keeps the design realistic for a growing SMB and avoids unnecessary complexity.
Future acquisitions or multinational scenarios can be simulated using additional forests and trust relationships.
Initial OU structure¶
corp.gntech.lab
├── Admin
│ ├── Tier0
│ ├── Tier1
│ └── Tier2
├── Users
│ └── HQ
├── Groups
├── Computers
│ ├── Workstations
│ ├── Laptops
│ └── Kiosks
├── Servers
├── Service Accounts
└── Staging
Initial accounts¶
| Account | Purpose |
|---|---|
gnolasco |
Daily user |
adm-gnolasco |
Standard administrative account |
t0-gnolasco |
Tier 0 administrative account |
Initial groups¶
| Group | Purpose |
|---|---|
GG-HQ-IT |
HQ IT users |
GG-HQ-HR |
HR users |
GG-HQ-Finance |
Finance users |
GG-HQ-Operations |
Operations users |
DL-FS01-HR-RW |
Read/write access to HR share |
DL-FS01-Finance-RW |
Read/write access to Finance share |
Group strategy¶
Use AGDLP: