#

#Install needed Administrative tools
Install-WindowsFeature -Name "GPMC"
Install-WindowsFeature -Name “RSAT-AD-Tools” -IncludeAllSubFeature
Install-WindowsFeature -Name "RSAT-DNS-Server"

#Creating needed Active Directory Struckture, (OU, Groups).
$ADName = (Get-ADDomain).DistinguishedName
New-ADOrganizationalUnit -Name "Servers" -Path "$ADName"
$ServersOUPath = (Get-ADOrganizationalUnit -Identity "OU=Servers,$ADName").DistinguishedName
New-ADOrganizationalUnit -Name "Avd" -Path "$ServersOUPath"
$AvdOUPath = (Get-ADOrganizationalUnit -Identity "OU=Avd,ServersOUPath").DistinguishedName

New-ADGroup -Name "AVD-Hosts" -DisplayName "AVD-Hosts" -SamAccountName "AVD-Hosts" -GroupCategory Security -GroupScope Global -Path "$AvdOUPath"


#
New-GPO -name "AVD-GPO-C" | New-GPLink -Target "$AvdOUPath" -LinkEnabled
Set-GPPermission -Name AVD-GPO-C -PermissionLevel GpoApply,GpoRead -TargetName "AVD-Hosts" -TargetType Group
Set-GPPermission -Name AVD-GPO-C -PermissionLevel GpoRead -TargetName "Authenticated Users" -TargetType Group
Set-GPPermission -Name AVD-GPO-C -PermissionLevel GpoEditDeleteModifySecurity -TargetName "AAD DC Administrators" -TargetType Group
Import-GPO -TargetName "AVD-GPO-C" -Path ./AVD-GPO-C/

new-gpo -name "AVD-Customization-C" | New-GPLink -Target "$AvdOUPath" -LinkEnabled
Set-GPPermission -Name AVD-Customization-C -PermissionLevel GpoApply,GpoRead -TargetName "AVD-Hosts" -TargetType Group
Set-GPPermission -Name AVD-Customization-C -PermissionLevel GpoRead -TargetName "Authenticated Users" -TargetType Group
Set-GPPermission -Name AVD-Customization-C -PermissionLevel GpoEditDeleteModifySecurity -TargetName "AAD DC Administrators" -TargetType Group
Import-GPO -TargetName "AVD-Customization-C" -Path ./

new-gpo -name "AVD-Customization-U" | New-GPLink -Target "$AvdOUPath" -LinkEnabled
Set-GPPermission -Name AVD-Customization-U -PermissionLevel GpoApply,GpoRead -TargetName "AVD-Hosts" -TargetType Group
Set-GPPermission -Name AVD-Customization-U -PermissionLevel GpoRead -TargetName "Authenticated Users" -TargetType Group
Set-GPPermission -Name AVD-Customization-U -PermissionLevel GpoEditDeleteModifySecurity -TargetName "AAD DC Administrators" -TargetType Group
Import-GPO -TargetName "AVD-Customization-U" -Path ./

new-gpo -name "FSlogix-Profiles-C" | New-GPLink -Target "$AvdOUPath" -LinkEnabled
Set-GPPermission -Name FSlogix-Profiles-C -PermissionLevel GpoApply,GpoRead -TargetName "AVD-Hosts" -TargetType Group
Set-GPPermission -Name FSlogix-Profiles-C -PermissionLevel GpoRead -TargetName "Authenticated Users" -TargetType Group
Set-GPPermission -Name FSlogix-Profiles-C -PermissionLevel GpoEditDeleteModifySecurity -TargetName "AAD DC Administrators" -TargetType Group
Import-GPO -TargetName "FSlogix-Profiles-C" -Path ./

new-gpo -name "FSlogix-Conteiners-C" | New-GPLink -Target "$AvdOUPath" -LinkEnabled
Set-GPPermission -Name FSlogix-Conteiners-C -PermissionLevel GpoApply,GpoRead -TargetName "AVD-Hosts" -TargetType Group
Set-GPPermission -Name FSlogix-Conteiners-C -PermissionLevel GpoRead -TargetName "Authenticated Users" -TargetType Group
Set-GPPermission -Name FSlogix-Conteiners-C -PermissionLevel GpoEditDeleteModifySecurity -TargetName "AAD DC Administrators" -TargetType Group
Import-GPO -TargetName "FSlogix-Conteiners-C" -Path ./

new-gpo -name "AVD-Lockdown-C" | New-GPLink -Target "$AvdOUPath" -LinkEnabled
Set-GPPermission -Name AVD-Lockdown-C -PermissionLevel GpoApply,GpoRead -TargetName "AVD-Hosts" -TargetType Group
Set-GPPermission -Name AVD-Lockdown-C -PermissionLevel GpoRead -TargetName "Authenticated Users" -TargetType Group
Set-GPPermission -Name AVD-Lockdown-C -PermissionLevel GpoEditDeleteModifySecurity -TargetName "AAD DC Administrators" -TargetType Group
Import-GPO -TargetName "AVD-Lockdown-C" -Path ./

new-gpo -name "AVD-Lockdown-U" | New-GPLink -Target "$AvdOUPath" -LinkEnabled
Set-GPPermission -Name AVD-Lockdown-U -PermissionLevel GpoApply,GpoRead -TargetName "AVD-Hosts" -TargetType Group
Set-GPPermission -Name AVD-Lockdown-U -PermissionLevel GpoRead -TargetName "Authenticated Users" -TargetType Group
Set-GPPermission -Name AVD-Lockdown-U -PermissionLevel GpoEditDeleteModifySecurity -TargetName "AAD DC Administrators" -TargetType Group
Import-GPO -TargetName "AVD-Lockdown-U" -Path ./

new-gpo -name "AVD-Office-C" | New-GPLink -Target "$AvdOUPath" -LinkEnabled
Set-GPPermission -Name AVD-Office-C -PermissionLevel GpoApply,GpoRead -TargetName "AVD-Hosts" -TargetType Group
Set-GPPermission -Name AVD-Office-C -PermissionLevel GpoRead -TargetName "Authenticated Users" -TargetType Group
Set-GPPermission -Name AVD-Office-C -PermissionLevel GpoEditDeleteModifySecurity -TargetName "AAD DC Administrators" -TargetType Group
Import-GPO -TargetName "AVD-Office-C" -Path ./

new-gpo -name "AVD-Office-U" | New-GPLink -Target "$AvdOUPath" -LinkEnabled
Set-GPPermission -Name AVD-Office-U -PermissionLevel GpoApply,GpoRead -TargetName "AVD-Hosts" -TargetType Group
Set-GPPermission -Name AVD-Office-U -PermissionLevel GpoRead -TargetName "Authenticated Users" -TargetType Group
Set-GPPermission -Name AVD-Office-U -PermissionLevel GpoEditDeleteModifySecurity -TargetName "AAD DC Administrators" -TargetType Group
Import-GPO -TargetName "AVD-Office-U" -Path ./

new-gpo -name "AVD-Redirect-U" | New-GPLink -Target "$AvdOUPath" -LinkEnabled
Set-GPPermission -Name AVD-Redirect-U -PermissionLevel GpoApply,GpoRead -TargetName "AVD-Hosts" -TargetType Group
Set-GPPermission -Name AVD-Redirect-U -PermissionLevel GpoRead -TargetName "Authenticated Users" -TargetType Group
Set-GPPermission -Name AVD-Redirect-U -PermissionLevel GpoEditDeleteModifySecurity -TargetName "AAD DC Administrators" -TargetType Group
Import-GPO -TargetName "AVD-Redirect-U" -Path ./

new-gpo -name "AVD-RegionalSettings-U" | New-GPLink -Target "$AvdOUPath" -LinkEnabled
Set-GPPermission -Name AVD-RegionalSettings-U -PermissionLevel GpoApply,GpoRead -TargetName "AVD-Hosts" -TargetType Group
Set-GPPermission -Name AVD-RegionalSettings-U -PermissionLevel GpoRead -TargetName "Authenticated Users" -TargetType Group
Set-GPPermission -Name AVD-RegionalSettings-U -PermissionLevel GpoEditDeleteModifySecurity -TargetName "AAD DC Administrators" -TargetType Group
Import-GPO -TargetName "AVD-RegionalSettings-U" -Path ./

new-gpo -name "AVD-Sessions-U" | New-GPLink -Target "$AvdOUPath" -LinkEnabled
Set-GPPermission -Name AVD-Sessions-U -PermissionLevel GpoApply,GpoRead -TargetName "AVD-Hosts" -TargetType Group
Set-GPPermission -Name AVD-Sessions-U -PermissionLevel GpoRead -TargetName "Authenticated Users" -TargetType Group
Set-GPPermission -Name AVD-Sessions-U -PermissionLevel GpoEditDeleteModifySecurity -TargetName "AAD DC Administrators" -TargetType Group
Import-GPO -TargetName "AVD-Sessions-U" -Path ./

new-gpo -name "AVD-Sessions-C" | New-GPLink -Target "$AvdOUPath" -LinkEnabled
Set-GPPermission -Name AVD-Sessions-C -PermissionLevel GpoApply,GpoRead -TargetName "AVD-Hosts" -TargetType Group
Set-GPPermission -Name AVD-Sessions-C -PermissionLevel GpoRead -TargetName "Authenticated Users" -TargetType Group
Set-GPPermission -Name AVD-Sessions-C -PermissionLevel GpoEditDeleteModifySecurity -TargetName "AAD DC Administrators" -TargetType Group
Import-GPO -TargetName "AVD-Sessions-C" -Path ./

new-gpo -name "AVD-Shadow-C" | New-GPLink -Target "$AvdOUPath" -LinkEnabled
Set-GPPermission -Name AVD-Shadow-C -PermissionLevel GpoApply,GpoRead -TargetName "AVD-Hosts" -TargetType Group
Set-GPPermission -Name AVD-Shadow-C -PermissionLevel GpoRead -TargetName "Authenticated Users" -TargetType Group
Set-GPPermission -Name AVD-Shadow-C -PermissionLevel GpoEditDeleteModifySecurity -TargetName "AAD DC Administrators" -TargetType Group
Import-GPO -TargetName "AVD-Shadow-C" -Path ./

new-gpo -name "Edge-Settings-C" | New-GPLink -Target "$AvdOUPath" -LinkEnabled
Set-GPPermission -Name Edge-Settings-C -PermissionLevel GpoApply,GpoRead -TargetName "AVD-Hosts" -TargetType Group
Set-GPPermission -Name Edge-Settings-C -PermissionLevel GpoRead -TargetName "Authenticated Users" -TargetType Group
Set-GPPermission -Name Edge-Settings-C -PermissionLevel GpoEditDeleteModifySecurity -TargetName "AAD DC Administrators" -TargetType Group
Import-GPO -TargetName "Edge-Settings-C" -Path ./

new-gpo -name "Edge-Settings-U" | New-GPLink -Target "$AvdOUPath" -LinkEnabled
Set-GPPermission -Name Edge-Settings-U -PermissionLevel GpoApply,GpoRead -TargetName "AVD-Hosts" -TargetType Group
Set-GPPermission -Name Edge-Settings-U -PermissionLevel GpoRead -TargetName "Authenticated Users" -TargetType Group
Set-GPPermission -Name Edge-Settings-U -PermissionLevel GpoEditDeleteModifySecurity -TargetName "AAD DC Administrators" -TargetType Group
Import-GPO -TargetName "Edge-Settings-U" -Path ./

new-gpo -name "TenentShortName-Shares-U" | New-GPLink -Target "$AvdOUPath" -LinkEnabled
Set-GPPermission -Name TenentShortName-Shares-U -PermissionLevel GpoApply,GpoRead -TargetName "AVD-Hosts" -TargetType Group
Set-GPPermission -Name TenentShortName-Shares-U -PermissionLevel GpoRead -TargetName "Authenticated Users" -TargetType Group
Set-GPPermission -Name TenentShortName-Shares-U -PermissionLevel GpoEditDeleteModifySecurity -TargetName "AAD DC Administrators" -TargetType Group
Import-GPO -TargetName "TenentShortName-Shares-U" -Path ./

#Creating folderstructure for drift
mkdir "Drift"
mkdir "Drift\Install"
mkdir "Drift\RDP"

#Creating folderstructure for Customizations
mkdir "Customizations"
mkdir "Customizations\Backgrounds"
mkdir "Customizations\DefaultApps"
mkdir "Customizations\Layout"
mkdir "Customizations\Start Menu"