- PowerShell
- Oracle VM VirtualBox
- Windows 10 Pro
- Windows Server 2019 (GUI)
Network Topology
Diagram of how the network was architected for this lab
VirtualBox Network Configuration for Windows Server 2019 VM
Enabled two NIC's on the VM: One thats connected to the public internet (DHCP - IP Addressing from ISP) and one internal NIC that our "client" will use to communicate with our Domain Controller over the virtual network
After booting into Windows Server 2019 and going through the initial install I've identified the internal NIC and configured the IPv4 properties to assign a static IP of 172.16.0.1, Subnet Mask: 255.255.0.0 and a default Gateway: 127.0.0.1 in accordance with the network diagram which will be used later in the project to configure RAS/NAT, DNS and DHCP.
Installing and Configuring Active Directory Domain Services
After AD DS role was installed I then promoted the server to a Domain Controller with the following Configuration:
-
New AD Forest
- Target Server: DOMAIN-CONTROLLER
- ROOT NAME: mydomain.com
-
Domain Controller Options
- Forest Funtional Level: Windows Server 2016
- Domain Functional Level: Windows Server 2016
Domain Controller Capabilities:
- Enabled: Domain Name System (DNS) Server
- Enabled: Global Catalog (GC)
- Disabled: Read only domain controller (RODC)
-
Set an DSRM Password
-
PATHS left the as default
After configuring AD DS, I've created 3 OU's. The IT OU will house IT servers + Help Desk Users OU which will house accounts with admin privileges.
So I created an new account for myself that I will promote to domain admin that I will login from now on.
Creating a new account | Domain Admin member
Logging as Atanco_HDA | Newly Created Domain Admin
After configurating our domain controller we now need to setup and configure our networking to allow for our "clients" to communicate with our domain controller.
- Server Roles Installed/Configured:
-
Remote Access
- DirectAccess and VPN (RAS)
- Routing
-
DHCP
- DNS
- IP Address Scope
- IP Lease Duration
- Router
-
Installing Remote Access - Service Roles
Configurating Remote Access - Network Address Transalation (NAT)
Configurating Remote Access - Network Address Transalation (NAT)
Choosing the "Public" NIC will allow our "clients" to access the PUBLIC internet assuming we properly configure DHCP to use our domain controller as a router (default gateway) for all clients connected via the private network or internal NIC.
Configurating DHCP - Defining an IP Address Scope
Configurating DHCP - Defining a lease duration
Configurating DHCP - Specifying a router
Configurating DHCP - Specifying a DNS
Configurating DHCP - Authorizing Our DHCP Server
Used powershell to programmatically create 1,000 users in Active Directory by interating over a specified .txt file containing auto generated names to create test accounts to login to our "Client" virtual machine with.
# ----- Edit these Variables for your own Use Case ----- #
$PASSWORD_FOR_USERS = "Password1"
$USER_FIRST_LAST_LIST = Get-Content .\users.txt
# ------------------------------------------------------ #
$password = ConvertTo-SecureString $PASSWORD_FOR_USERS -AsPlainText -Force
New-ADOrganizationalUnit -Name CREATED_USERS -ProtectedFromAccidentalDeletion $false
foreach ($n in $USER_FIRST_LAST_LIST) {
$first = $n.Split(" ")[0].ToLower()
$last = $n.Split(" ")[1].ToLower()
$username = "$($first.Substring(0,1))$($last)".ToLower()
Write-Host "Creating user: $($username)" -BackgroundColor Black -ForegroundColor Cyan
New-AdUser -AccountPassword $password `
-GivenName $first `
-Surname $last `
-DisplayName $username `
-Description 'Created via a Script' `
-Name $username `
-EmployeeID $username `
-PasswordNeverExpires $true `
-Path "ou=CREATED_USERS,$(([ADSI]`"").distinguishedName)" `
-Enabled $true
}
Temporarily changed the default "Execution Policy" to unrestricted for the purpose of this project and added my own name to the "names.txt" file that will be used by the powershell script to programatically create a test account with my name.
name.txt - Adding my name to the file
Running the Powershell Script - Console Output
After confirming that the script sucessfully ran we can check ADUC to confirm that all of our users exist in their intended OU='CREATED_USERS'.
ADUC - After running the script
Created a client VM in VirtualBox with the configuration shown below and created a local admin account to join the "Client" to our domain.
VirtualBox - Client VM Configuration
By using the internal NIC this allows our "Client" to communicate with our domain controller in order to join the domain.
Client VM - Installing Windows 10 Pro
NOTE: Windows 10 Pro was installed on the Client VM because it's provides us the option of joining a domain which is necessary to join the domain we've created.
Client VM - Creating Local Admin Account
After the initial setup of Windows we can navigate to advance system settings to allows us to rename the computers name and join the domain.
Client VM - Renaming to 'Client-1' and joining the domain (mydomain.com)
We can now authorize this change with the account: atanco_HDA that we created earlier who is a member of the "Domains Admin" group.
Client VM - Successfully joined machine to mydomain.com
We should now be able to view our newly joined machine in ADUC from our domain controller as confirmation.
Domain Controller - Confirming "Client-1" successfully is apart of the domain
Now that we confirmed that the machine is successfully joined to the domain, we can now finally login as any of the users we programmatically created with our script to ensure everything is working as intended.
Client VM - Login as acosey (generatered AD account from our script)
Client VM - Login as acosey (running CMD 'whoami' command)
We can successfully login as any of our auto generated AD accounts we created via our script and we can confirm at this machine is on the domain by running the CMD Command: whoami
- Windows Server 2019 - Active Directory - Active Directory Domain Service (AD DC)- Creating a Domain
- Setup/Configure RAS and NAT
- Setup/Configuring DNS & DHCP
- PowerShell Scripting
- Networking