Active Directory Home Lab

Summary

I learned a great deal from doing this lab. I enjoyed seeing how active directory and the domain controller worked together to create a network. I first created a VM and installed Windows Server 2019 and used Server Manager which offers many different tools and services to implement small and large enterprise networks together. Creating and provisioning to deprovisioning active directory accounts to administering and securing the small enterprise network. As well as configuring dhcp and dns services alike. I also created NAT/RAT so that internal network could communicate over the network/internet. I used a power shell script located on github to create a list of users to be created inside Active Directory. vs making them one by one. I proceeded to create another VM with a client to connect to the domain controller. At the login screen any user with a user name and password can login with their credentials. Here is a quick overview on how I created this small enterprise environment.

Network Topology Diagram

Technology Used

• Virtual Box
• Windows Server 2019.iso
• Windows 10 Enterprise 64 bit.iso

Environments Used

• VM's (Virtual Machines)

Walk-through:

Step 1: Create a VM for Windows Server 2019 (Assuming we already know how to create a VM)

Open Virtual Box and to create a VM and select processor, storage and memory based on what your system can handle and select the .iso for the vm server.iso

Step 2: Install Windows Server 2019 onto the virtual box/ enviroment
Step 3: Configure Network Adapters and Rename PC

Right Click each network and click status > details and note down each of their ip addresses.

We have two IP addresses here for each individual network:

1. 10.0.2.15
2. 169.254.138.229

Rename the network with an IP address similar to IP 1. to > “INTERNET” and rename the network with an IP address similar to IP 2. to > “INTERNAL”.

We have to assign the IP address to internal adapter now.

Right click “INTERNAL” go to properties > double click on “Internet Protocol Version 4” > Click on “Use the following address”. Use the following values:

IP address : 172.16.0.1
Subnet Mask: 255.255.255.0

Click on “Use the following DNS server addresses”. Use the following values:

Preferred DNS server: 127.0.0.1

This 127.0.0.1 is a loopback address which just means it communicates back to the local system.

Now we have to rename the PC.

Inside your VM, right click start menu then click > System > click “Rename your PC”.



Step 4: Install Active Directory Domain Services

Open “Server Manager”.

Go to > “Add roles and features” > click on “next” until you reach the following page and then select “Active Directory Domain Services” > click on “Add Features”.



Continue pressing Next until you can click install and when finished click closed.

Now you will see a yellow flag on the top right corner, click on it and proceed to click on “Promote this server to a domain controller”.

Now click on “Add a new forest” and name it “Joshsdomain.com” and click “Next”.

Set your password and click Next.

Click Next and let the VM restart.

Step 5: Create Domain Admin Account

Go to Start >Windows Administrative Tools > Active Directory Users and Computers

Right click on Joshsdomain.com > New > Organizational Unit. Name it “_ADMINS” and uncheck the box.

Now right click _ADMINS > New > User and fill it in the parameters.

Uncheck “User must change password at next logon”. Check “Password never expires”.

Now right click your user > properties > member of > Add > type “Domain Admins” > Click “Check Names” and Apply.

Step 6: Re-login with Domain Admin account

Sign out of the account you are logged in as. On the login page click on “Other User” and use the credentials you made in the previous step.

Step 7: Install and configure RAS/NAT

Now we have to install and configure RAS/NAT , go to Server Manager > Add roles and features > click next until you reach “Select server roles” and click “Remote Access”.

Click next until you reach “Select role services”, tick “Routing” and add the feature , now continue through the rest of the installation.

Once its done we can close it.

Now from the top right corner of Server Manager , go to Tools > Routing and Remote Access.

Right click “DOMAINCONTROLLER” and click “Configure and Enable Routing and Remote Access”

Select “NAT”

Now click on “Use this public interface to connect to the Internet:” and select/highlight the “Internet” interface then click next and complete the configuration.

NOTE: If you are unable to select this option then close all the windows and try again.

Now we are done configuring the RAS/NAT and can continue to the next step.

Step 8: Install and Configure DHCP Server

In Server Manager go to “ Add roles and features”

Select “DHCP Server” and continue to install.

Now after that is complete go to Tools > DHCP > Right click IPv4 > New Scope.

Now copy the following parameters, leave blank or click next if not specified

172.16.0.100–200 *(range of ip address to be used by clients)

Click Next

The next page will show default gateway ip address Enter “172.16.0.1”

After you are done with the scope wizard, right-click your domain server > click refresh and then right click IPv4 and click refresh. Your IPv4 should turn green.

Step 9: Enable Browsing and Download PowerShell Scripts

Go to Server Manager > Configure this local server > Turn “IE Enhanced Security Configuration” Off.

b) Now we will download the PowerShell script, inside the domain controller (VM) go to https://github.com/joshmadakor1/AD_PS/archive/master.zip and download the file. * script is not my own but on GitHub credit: Josh Makador

Extract the file then open names.txt and add your name to the top of the file.

Click on Start > Windows PowerShell >Right-click Windows PowerShell ISE > More > Run as administrator.

Now go to File > Open and then open the script we downloaded named “1_CREATE_USERS”

Enter the following command:

Set-ExecutionPolicy Unrestricted

Click “Yes to all”

Script Explanation:

All the users will use the password = “Password1” and then all names from names.txt will be stored in USER_FIRST_LAST_LIST using Get-content .

Now we will encrypt the plaintext password using line 6 and then line 7 automates the step in creating an organizational unit and disabling “protect container from accidental deletion”.

Lines 15 to 24 is a loop which will run for each individual user in the list.

Lines 10 and 11 splits the entire name into two sections called “first” and “last”. Line 12 creates a variable named “username” and concatenates the first character of the first name with entire last name.

For e.g. — the name Dwayne Plumb will become dplumb.

Line 13 will print the text in between the quotations with specific colors.

Lines 15–23 will automate the process to create a new user in active directory which we have done previously by using the GUI.

Now in PowerShell using the cd command , navigate to the directory of your script and then run the script > click “run once”.

Go to Active Directory Users and Computers and Under “Users” you should see all the users that the script created.

Step 10: Install Windows 10 Enterprise VM

Minimize the domain controller and go back to your original machine go to VirtualBox > New and set the following parameters:

If unspecified the continue with default values.

Go to System > Processor. If you have the capacity then increase the amount of cores used.

Go to Network > Adapter 1 and set the following parameters:

Now we are done with configuring the settings , Double click the VM to start it.

Click on the browse icon and select the Windows 10 ISO file.

Highlight your Windows 10 ISO and click Choose > Start.

Now continue with the Windows 10 operating system setup/installation.

Select “Custom Installation”

Continue the installation process by clicking next.

When prompted click on “Domain join” and then create your credentials.

Disable all privacy setting options and click accept.

Once your operating system is done installing and you have access to your system, we need to check whether the internet is working.

Go to Start > CMD and type the following command:

Ipconfig to see stats of the networking configuration. Ipv4 and default gateway should already be specified.

Now let’s change hostname and connect to the domain.

After you click OK it will prompt you to login, use the domain admin credentials you created in Step 6a and then allow it to restart now.

Go to back to the Domain Controller > Server Manager > Tools > DHCP > IPv4 > Scope > Address Leases and check whether your client lease is showing up.

Go to Active Directory Users and Computers > Joshsdomain.com > Computers

You should be able to see your client computer.

Go back to your client machine/Windows 10 machine and log in with the “Other User” option. Use the credentials you created from the PowerShell script with default password as “Password1”.

For instance one of the name is “Dwayne Plumb” so at the login screen for username would be dplumb and the password would be Password1.

Lab purposes Password1 was set to make things easier but in real-time complex passwords are a necessity to security.

Once successful of logging in user go to cmd prompt and type whoami

Conclusion: We are now complete with our network and have created a mini-corporate environment with all the users in the PowerShell script list as users who can log in from their machine into the corporation domain and connect to the network.

It is like how a university or school lab is set up with each student having their own set of credentials and the ability to connect to the domain.