We have a tricky scenario with our WVD deployments wrt GPO's that are being applied to session hosts upon joining the domain and OU.
We deployed a DNS Server in Azure with Conditional forwarders for our ON-Prem Domain and a forwarder for Public DNS and configured this Azure hosted DNS IP on our WVD-VNet. This ensures that all domain requests and internet access in handled locally by this Az-hosted DNS server.
However, the GPO with DNS Settings - updates the VNet inherited DNS IP to On-Prem DNS server on WVD SessionHosts once they are joined to domain in a specific OU. The On-prem DNS server doesn't resolve any WVD URL's due to security policies in place. This is blocking WVD Agent from updating to 1.0.2990.1500 version (not sure why the previous version - 1.0.2800.2800 is first chosen and upgraded to latest) and getting stuck as On-prem DNS / FW doesn't allow any internet traffic.
Now we got further info from our AD team. A scheduled script is executed that adds the computers added to our WVD-OU to a unique WVD-Computer group on which DNS-GPO is disabled/not applied.
The issue here is, once the machine is added to domain-OU and reboot is done, by the time script is executed to add these computers to WVD-computer group, DNS policy is getting applied and machines are assigned with On-Prem DNS IP's. Even is the script is run and session host is added to WVD-group, a gpupdate isn't reverting the DNS on session hosts. We are being forced to manully update the adapter settings / change the nic in portal to make the sessionhost
use Azure hosted VM --> complete upgrade process --> become healthy/available.
Seeking few solutions here
1) to get a custom template (if any) to add the computers to WVD-group directly while joining the domain