COMP 2064 & COMP 3105 — Identity Management & Enterprise Desktop OS
Designed and implemented a full Windows Server 2019 domain environment in a VMware virtualisation lab. The project covers the complete lifecycle of enterprise identity management — from promoting a domain controller and structuring the directory, to applying Group Policy for security enforcement and onboarding Windows 10 client machines to the domain. This work directly reflects the skills required for systems administrator and IT support roles managing corporate AD environments.
Hypervisor
VMware Workstation
Host machine: Windows 10
Domain Controller
Windows Server 2019
AD DS, DNS, DHCP roles
Client Machine
Windows 10 Pro
Domain-joined workstation
Domain Name
rohail.local
Internal private domain
IP Scheme
192.168.10.0/24
Static DC + DHCP for clients
Functional Level
Windows Server 2016
Forest & domain functional level
Server Deployment & Role Installation
Deployed Windows Server 2019 as a VM in VMware. Installed the Active Directory Domain Services (AD DS), DNS, and DHCP roles via Server Manager.
Domain Controller Promotion
Ran the AD DS Configuration Wizard to promote the server to a domain controller, creating a new forest and root domain (rohail.local). Configured DNS to point to the DC's static IP.
Organisational Unit Structure
Designed and created a logical OU hierarchy in Active Directory Users and Computers: Departments (IT, HR, Finance), Users, Computers, and Groups — mirroring a real corporate structure.
User & Group Account Management
Created department user accounts, assigned them to appropriate security groups, and organised accounts within the correct OUs. Applied password policy and account expiry settings.
Group Policy Object (GPO) Configuration
Created and linked GPOs to enforce desktop security policy, map shared network drives, restrict access to Control Panel, set wallpaper, and disable USB storage for standard users.
DHCP & DNS Configuration
Configured a DHCP scope for the 192.168.10.0/24 subnet, set the DC as the DNS server, and verified automatic IP assignment on domain-joined clients.
Client Domain Join & Verification
Joined a Windows 10 Pro VM to rohail.local, logged in with domain credentials, confirmed GPO application with gpresult /r, and verified domain connectivity with ping and nslookup.
| GPO Name | Scope | Setting |
|---|---|---|
| Password Policy | Domain | Min length 10 chars, complexity on, 90-day expiry |
| Desktop Lockdown | All Users OU | Custom wallpaper, disable right-click desktop |
| Control Panel Block | Standard Users | Hide all Control Panel items via User Config |
| Drive Mapping | IT Department OU | Map \\DC01\Shared to Z: at logon |
| USB Storage Disable | All Users | Deny write access to removable storage devices |
| Account Lockout | Domain | Lock after 5 failed attempts, 15-min duration |