diff --git a/Setup-AD-PostReboot.ps1 b/Setup-AD-PostReboot.ps1
index 67f46a4..692dd67 100644
--- a/Setup-AD-PostReboot.ps1
+++ b/Setup-AD-PostReboot.ps1
@@ -1,5 +1,7 @@
-# Author: ChatGPT (OpenAI)
-# Part 2: Post-reboot configuration (DHCP, OUs, users, groups, GPOs)
+<#
+.SYNOPSIS
+    Post-reboot script: configures DHCP, OUs, baseline GPOs, DHCP groups.
+#>
 
 # ------------------ Configurable Variables ------------------
 $DomainName         = "LAB.local"
@@ -8,47 +10,102 @@ $DhcpStartRange     = "192.168.100.100"
 $DhcpEndRange       = "192.168.100.199"
 $DhcpSubnetMask     = "255.255.255.0"
 $DhcpGateway        = "192.168.100.1"
-$DhcpDnsServer      = "192.168.1000.2"   # This server's static IP
+$DhcpDnsServer      = "192.168.100.2"  # This server's static IP
 $DefaultOUPath      = "DC=LAB,DC=local"
 $LABOU              = "OU=LAB,$DefaultOUPath"
 
-# ------------------ Configure DHCP ------------------
-Write-Host "`nAuthorizing DHCP Server..." -ForegroundColor Cyan
-Add-DhcpServerInDC -DnsName "$env:COMPUTERNAME.$DomainName" -IPAddress $DhcpDnsServer
+# ------------------ Authorize DHCP ------------------
+Write-Host "`n[INFO] Authorizing DHCP server..." -ForegroundColor Cyan
+Add-DhcpServerInDC -DnsName "$env:COMPUTERNAME.$DomainName" -IPAddress $DhcpDnsServer -ErrorAction SilentlyContinue
 
-Write-Host "Adding DHCP scope..." -ForegroundColor Cyan
-Add-DhcpServerv4Scope `
-    -Name $DhcpScopeName `
-    -StartRange $DhcpStartRange `
-    -EndRange $DhcpEndRange `
-    -SubnetMask $DhcpSubnetMask `
-    -State Active
+# ------------------ Create DHCP scope if missing ------------------
+if (-not (Get-DhcpServerv4Scope -ScopeId 192.168.100.0 -ErrorAction SilentlyContinue)) {
+    Write-Host "[INFO] Adding DHCP scope..." -ForegroundColor Cyan
+    Add-DhcpServerv4Scope `
+        -Name $DhcpScopeName `
+        -StartRange $DhcpStartRange `
+        -EndRange $DhcpEndRange `
+        -SubnetMask $DhcpSubnetMask `
+        -State Active
 
-Set-DhcpServerv4OptionValue -ScopeId 192.168.100.0 -Router $DhcpGateway
-Set-DhcpServerv4OptionValue -ScopeId 192.168.100.0 -DnsServer $DhcpDnsServer
-Set-DhcpServerv4OptionValue -ScopeId 192.168.100.0 -DnsDomain $DomainName
+    Set-DhcpServerv4OptionValue -ScopeId 192.168.100.0 -Router $DhcpGateway
+    Set-DhcpServerv4OptionValue -ScopeId 192.168.100.0 -DnsServer $DhcpDnsServer
+    Set-DhcpServerv4OptionValue -ScopeId 192.168.100.0 -DnsDomain $DomainName
+} else {
+    Write-Host "[INFO] DHCP scope already exists. Skipping." -ForegroundColor Yellow
+}
 
-# ------------------ Create Default OU Structure ------------------
-Write-Host "Creating default OU structure..." -ForegroundColor Cyan
+# ------------------ Ensure DHCP security groups ------------------
+Write-Host "[INFO] Checking DHCP security groups..." -ForegroundColor Cyan
+$domainDN = (Get-ADDomain).DistinguishedName
+$usersContainer = "CN=Users,$domainDN"
 
-New-ADOrganizationalUnit -Name "LAB" -Path $DefaultOUPath -ErrorAction SilentlyContinue
-New-ADOrganizationalUnit -Name "Users" -Path $LABOU -ErrorAction SilentlyContinue
-New-ADOrganizationalUnit -Name "Groups" -Path $LABOU -ErrorAction SilentlyContinue
-New-ADOrganizationalUnit -Name "Computers" -Path $LABOU -ErrorAction SilentlyContinue
-New-ADOrganizationalUnit -Name "Servers" -Path "OU=Computers,$LABOU" -ErrorAction SilentlyContinue
-New-ADOrganizationalUnit -Name "Workstations" -Path "OU=Computers,$LABOU" -ErrorAction SilentlyContinue
+foreach ($group in @("DHCP Administrators", "DHCP Users")) {
+    if (-not (Get-ADGroup -Filter "Name -eq '$group'" -ErrorAction SilentlyContinue)) {
+        Write-Host "Creating group '$group'..." -ForegroundColor Cyan
+        New-ADGroup -Name $group -GroupScope DomainLocal -Path $usersContainer -Description "Created by setup script"
+    } else {
+        Write-Host "'$group' already exists." -ForegroundColor Yellow
+    }
+}
 
-# ------------------ Create Baseline GPOs ------------------
-Write-Host "Creating baseline GPOs..." -ForegroundColor Cyan
+# Optional: add domain Administrator to DHCP Administrators group
+$domainAdmin = "$(Get-ADDomain).NetBIOSName\Administrator"
+Add-ADGroupMember -Identity "DHCP Administrators" -Members $domainAdmin -ErrorAction SilentlyContinue
+Write-Host "Added $domainAdmin to 'DHCP Administrators'." -ForegroundColor Cyan
 
-$GPO1 = New-GPO -Name "Security Baseline" -ErrorAction SilentlyContinue
-New-GPLink -Name "Security Baseline" -Target $LABOU -ErrorAction SilentlyContinue
+# ------------------ Create default OU structure ------------------
+Write-Host "`n[INFO] Creating default OU structure..." -ForegroundColor Cyan
 
-# Example: screensaver secure
-Set-GPRegistryValue -Name "Security Baseline" -Key "HKLM\Software\Policies\Microsoft\Windows\Control Panel\Desktop" `
+foreach ($ou in @(
+    "LAB",
+    "Users",
+    "Groups",
+    "Computers",
+    "Servers",
+    "Workstations"
+)) {
+    switch ($ou) {
+        "LAB" {
+            $path = $DefaultOUPath
+        }
+        "Users","Groups","Computers" {
+            $path = $LABOU
+        }
+        "Servers","Workstations" {
+            $path = "OU=Computers,$LABOU"
+        }
+    }
+
+    if (-not (Get-ADOrganizationalUnit -LDAPFilter "(name=$ou)" -SearchBase $path -ErrorAction SilentlyContinue)) {
+        New-ADOrganizationalUnit -Name $ou -Path $path -ErrorAction SilentlyContinue
+        Write-Host "Created OU '$ou' in '$path'." -ForegroundColor Cyan
+    } else {
+        Write-Host "OU '$ou' already exists in '$path'." -ForegroundColor Yellow
+    }
+}
+
+# ------------------ Create baseline GPOs ------------------
+Write-Host "`n[INFO] Creating baseline GPOs..." -ForegroundColor Cyan
+
+$gpos = @(
+    @{ Name = "Security Baseline"; Target = $LABOU },
+    @{ Name = "Workstation Policy"; Target = "OU=Workstations,OU=Computers,$LABOU" }
+)
+
+foreach ($gpo in $gpos) {
+    if (-not (Get-GPO -Name $gpo.Name -ErrorAction SilentlyContinue)) {
+        New-GPO -Name $gpo.Name | Out-Null
+        New-GPLink -Name $gpo.Name -Target $gpo.Target | Out-Null
+        Write-Host "Created and linked GPO '${gpo.Name}'." -ForegroundColor Cyan
+    } else {
+        Write-Host "GPO '${gpo.Name}' already exists." -ForegroundColor Yellow
+    }
+}
+
+# Example: set secure screensaver in Security Baseline GPO
+Set-GPRegistryValue -Name "Security Baseline" `
+    -Key "HKLM\Software\Policies\Microsoft\Windows\Control Panel\Desktop" `
     -ValueName "ScreenSaverIsSecure" -Type DWord -Value 1 -ErrorAction SilentlyContinue
 
-$GPO2 = New-GPO -Name "Workstation Policy" -ErrorAction SilentlyContinue
-New-GPLink -Name "Workstation Policy" -Target "OU=Workstations,OU=Computers,$LABOU" -ErrorAction SilentlyContinue
-
-Write-Host "`n✅ Post-reboot setup complete! DHCP, OUs, users, groups, GPOs are ready." -ForegroundColor Green
+Write-Host "`n✅ [COMPLETE] Post-reboot setup done! DHCP, security groups, OUs, and GPOs are ready." -ForegroundColor Green
diff --git a/Setup-AD-PreReboot.ps1 b/Setup-AD-PreReboot.ps1
index b31ddd5..cdc9cfe 100644
--- a/Setup-AD-PreReboot.ps1
+++ b/Setup-AD-PreReboot.ps1
@@ -1,13 +1,14 @@
-# Author: ChatGPT (OpenAI)
-# Part 1: Install features and promote to first DC
+<#
+.SYNOPSIS
+    Pre-reboot script: installs AD DS, DNS, DHCP, promotes to DC if not already a DC.
+#>
 
 # ------------------ Configurable Variables ------------------
 $DomainName            = "LAB.local"
 $DomainNetbios         = "LAB"
 $SafeModeAdminPassword = Read-Host -Prompt "Enter DSRM password" -AsSecureString
 
-# ------------------ Install Features ------------------
-Write-Host "`nInstalling roles and features..." -ForegroundColor Cyan
+Write-Host "`n[INFO] Installing required Windows features..." -ForegroundColor Cyan
 
 Install-WindowsFeature `
     NET-Framework-Core, `
@@ -19,14 +20,19 @@ Install-WindowsFeature `
     RSAT-DNS-Server, `
     RSAT-DHCP -IncludeManagementTools
 
-# ------------------ Promote to Domain Controller ------------------
-Write-Host "`nPromoting this server to first Domain Controller for $DomainName..." -ForegroundColor Cyan
+# ------------------ Promote to Domain Controller if needed ------------------
+if (-not (Get-ADDomainController -ErrorAction SilentlyContinue)) {
+    Write-Host "`n[INFO] Promoting this server to first Domain Controller for $DomainName..." -ForegroundColor Cyan
 
-Install-ADDSForest `
-    -DomainName $DomainName `
-    -DomainNetbiosName $DomainNetbios `
-    -SafeModeAdministratorPassword $SafeModeAdminPassword `
-    -InstallDNS `
-    -Force
+    Install-ADDSForest `
+        -DomainName $DomainName `
+        -DomainNetbiosName $DomainNetbios `
+        -SafeModeAdministratorPassword $SafeModeAdminPassword `
+        -InstallDNS `
+        -Force `
+        -Restart
 
-Write-Host "`nServer will now reboot automatically to complete promotion." -ForegroundColor Yellow
+    # Script ends here: server will reboot automatically
+} else {
+    Write-Host "`n[INFO] This machine is already a Domain Controller. Skipping promotion." -ForegroundColor Yellow
+}