Skip to content

End-to-end Active Directory enterprise environment built in Azure, featuring domain deployment, user and group management, security policies, network configuration, and full identity lifecycle operations.

Notifications You must be signed in to change notification settings

RyanKennon/Active-Directory

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
 
 

Repository files navigation

image

Active Directory Enterprise Administration End-to-End Lab (Azure Virtual Environment)

This project demonstrates the complete deployment and administration of an enterprise-grade Active Directory environment hosted in Microsoft Azure. The lab walks through building a Windows Server domain controller, joining a Windows 10 client to the domain, configuring DNS and networking, and implementing real-world identity and access management operations. It includes creating organizational units, provisioning users, managing security groups, enforcing NTFS and share permissions, applying password and account lockout policies, configuring logon hour restrictions, and performing full user lifecycle operations—from creation to deprovisioning. This end-to-end lab replicates a true corporate IT environment and reinforces essential skills used in IT Support, Systems Administration, and Identity & Access Management roles.


Environments and Technologies Used

  • Microsoft Azure
  • Windows Server 2022
  • Windows 10 Pro Client
  • Active Directory DOmain Services (AD DS)
  • Networking & Protocols
  • Tools & Utilities

Table of Contents


1) Create Virtual Machines

  1. Open Microsoft Azure then search Resource Groups and select create then give the Resource Group the following settings then create the Resource Group
  • Name: RG-01
  • Reigon: South Central US

Untitled Diagram-Page-1 drawio

  1. Search Virtual Network and select create then give the Virtual Network the following settings then create the Virtual Network
  • Resource Group: RG-01
  • Name: VNet-01
  • Reigon: South Central US

Untitled Diagram-Page-2 drawio

  1. Seach Virtual Machines then create then give the Virtual Machine the following settings then create the Virtual Machine
  • Basics
    • Resource Group: RG-01
    • Name: DC-01
    • Image: Windows Server 2022
    • Size: 2vcpus
    • Username: userryan
    • Password: Cyberlab123!
  • Networking
    • Virtual Network: VNet-01

Untitled Diagram-Page-3 drawio Untitled Diagram-Page-4 drawio

  1. Seach Virtual Machines then create then give the Virtual Machine the following settings then create the Virtual Machine
  • Basics
    • Resource Group: RG-01
    • Name: Client-1
    • Image: Windows 10 Pro
    • Size: 2vcpus
    • Username: userryan
    • Password: Cyberlab123!
  • Networking
    • Virtual Network: VNet-01

Untitled Diagram-Page-5 drawio Untitled Diagram-Page-6 drawio Capture7


2) Make the Domain Controller's IP Address Static

  1. Select the DC-01 (Domain Controller) then select Network Settings then open the Network Interface

Drawing3 drawio

  1. Select ipconfig1
  2. For Private IP address setting choose Static and save changes

Drawing4 drawio


3) Get the Domain Controller's Private IP Address

  1. Select the Domain Controller then open the Network Settings tab and find the Private IP Address

Untitled Diagram drawio


4) Attach the Client Virtual Machine to the Domain Controller

  1. Select Client-1 (client virtual machine) then select Network Settings and open the Network Interface
  2. Select DNS Servers and choose Custom
  3. Enter the DC's Private IP address and save

Drawing5 drawio

  1. Restart the client VM

5) Log into the Virtual Machines

  1. Search Virtual Machines and check under the Public IP address tab for the Domain Controller's Public IP address and copy it

Untitled Diagram-Page-8 drawio (1)

  1. In the Windows search bar search RDP to open the Remote Desktop Protocol
  2. Where it says Computer paste the Domain Controller's Public IP address

Capture11

  1. When it asks for the login credentials enter:
  • Username: userryan
  • Password: Cyberlab123!

Capture12

  1. To log into the client virtual machine copy the client's public IP address and follow the same steps

6) Install Active Directory Domain Services

  1. In the Domain Controller and open the Server Manager then select Add roles and features
  2. On the Server Roles tab check Active Directory Domain Services then complete the installation

Drawing6 drawio (1)


7) Promote Server to Domain Controller

  1. In the Server Manager click the notification flag and select Promote this server to a domain controller

Drawing7 drawio

  1. Choose Add a new forest and set the root domain name to domain.name

Drawing8 drawio

  1. Set the Directory Services Restore Mode (DSRM) password to Cyberlab123! and complete the install and reboot the VMM

8) Login to the Client Virtual Machine as the Domain Administrator

  1. Open the Remote Desktop Protocol and enter the client virtual machine's public IP address
  2. When asked about the username name and password enter
    • Username: domain.name\userryan
    • Password: Cyberlab123!

Capture2


9) Verify Domain Functionality

  1. Log into the Client Virtual Machine as the Domain Administrator open Windows PowerShell as an Administrator
  2. Attempt to ping the DC's private IP address using the command ping 10.0.0.4
  1. Ensure the ping succeeded

Drawing9 drawio

  1. Enter the command ipconfig /all into Windows Powershell
  2. Confirm the output for the client's DNS settings shows the DC's private IP address

Drawing10 drawio


10) Enable Remote Dial-In for Non-Administrative Users

  1. In the Client Virtual Machine right click the Start Button and select System
  2. Navigate to the About page and select **Rename this PC (advanced) then click Change
  3. Check the Member of Domain box and enter the name of the domain and apply the changes

Previous1 drawio (1)


11) Give Remote Desktop Permissions to Domain Users

  1. On the Client Virtual Machine right click the Start Button and select Computer Management
  2. Go to Local Users and Groups and open the Groups folder
  3. Select Remote Desktop Users and click Add
  4. Type Domain Users in the box and click Check Names
  5. Apply the changes

Untitled Diagram drawio

  1. Restart the VM

12) Verify the Virtual Machines are Connected

  1. Open the Server Manager on the Domain Controller
  2. Select Tools then Active Directory Users and Computers

Previous2 drawio (2)

  1. Expand the Domain then click Computers
  2. The client VM should be inside

Previous3 drawio


13) Create Organizational Units

  1. Open the Server Manager on the Domain Controller
  2. Select Tools then Active Directory Users and Computers

Untitled Diagram-Page-2 drawio

  1. Right click the domain
  2. Open the New submenu
  3. Then select Organizational Unit

Untitled Diagram-Page-3 drawio

  1. Create 3 Organizational Units called: Employees, Admins, and Groups

Untitled Diagram-Page-4 drawio


14) Create a User

  1. Right click the Employees folder
  2. Open the New submenu
  3. Then seelect User

Untitled Diagram-Page-5 drawio

  1. Name the user Ryan Kennon

Untitled Diagram-Page-6 drawio


15) Create Security Groups

  1. Open the Groups folder
  2. Open the New submenu
  3. Then select Group

Untitled Diagram-Page-21 drawio

  1. Name the Group: Human Resources

Untitled Diagram-Page-7 drawio

  1. Double click the Human Resources security group
  2. Select Members then select Add
  3. Enter the name of the user then Check Names
  4. Apply the changes

Untitled Diagram-Page-8 drawio


16) Assign Folder Permissions

  1. On the C: \ create 3 folders named: HR-ReadWrite, HR-ReadOnly, and AdminsOnly

Untitled Diagram-Page-9 drawio

  1. Open the Properties for the folder called HR-ReadWrite
  2. Then select Sharing then Share

Untitled Diagram-Page-10 drawio

  1. Then enter Human Resources in the box then select Add
  2. Then click the dropdown arrow and select Read/Write
  3. Confirm the changes

Untitled Diagram-Page-11 drawio

  1. Do the same for the HR-ReadOnly folder except give the Human Resources group Read priveleges only.

Untitled Diagram-Page-12 drawio

  1. For the AdminsOnly folder, enter Domain Admins in the box before hitting Add
  2. Select Read/Write priveleges for the Domain Admins
  3. Apply the changes

Untitled Diagram-Page-13 drawio


17) Attempt to Access the Folders

  1. Log into the client VM using the credentials of the user created earlier
  2. Open the File Explorer
  3. On the Quick Access bar search \\<DC name>

Untitled Diagram-Page-14 drawio

  1. Attempt to access the HR-ReadWrite folder and create a new file inside

Untitled Diagram-Page-15 drawio

  1. Attempt to access the HR-ReadOnly folder and attempt to create a new file inside

Untitled Diagram-Page-16 drawio

  1. Attempt to access the NoAccess folder

Untitled Diagram-Page-17 drawio


18) Upgrade User to Domain Admin

  1. Go back to Active Directory Users & Computers on the Domain Controller
  2. Open the Employees folder then right click the user Ryan Kennon and select Properties

Untitled Diagram-Page-20 drawio

  1. Select Member Of then Add
  2. Type Domain Admin
  3. Then Check Names
  4. Confirm the changes

Untitled Diagram-Page-18 drawio


19) Verify Admin Access

  1. Log back in to the client VM using the user's credentials
  2. Search \\DC-01 in the Quick Access bar again
  3. Attempt to open the AdminsOnly folder and attempt to create a new file inside

Untitled Diagram-Page-19 drawio


20) Create an Account Password Policy

  1. On the Domain Controller open the Server Manager
  2. Select Tools then Group Policy Management

Untitled Diagram-Page-1 drawio

  1. Navigate through the Forest to the Default Domain Policy
  2. Right click Default Domain Policy then choose Edit

Untitled Diagram-Page-2 drawio

  1. In the Group Policy Management Editor navigate through the Policies folder to the Password Policy

Untitled Diagram-Page-3 drawio

  1. Change the Maximum Password Age to 30 days

Untitled Diagram-Page-4 drawio

  1. Change the Minimum Password Length to 12 characters

Untitled Diagram-Page-5 drawio

  1. Open the Account Lockout Policy
  2. Change the Account Lockout Threshold to 3 invalid login attempts

Untitled Diagram-Page-6 drawio

  1. Change the Account Lockout Duration to 360 minutes

Untitled Diagram-Page-7 drawio

  1. Go back to the Group Policy Management page
  2. Right-click Default Domain Policy
  3. Click Enforce

Untitled Diagram-Page-8 drawio


21) Lockout the User's Account

  1. Attempt to log into the client Virtual Machine using an incorrect password four times

Untitled Diagram-Page-9 drawio


22) Unlock the User's Account

  1. Open Active Directory Users and Computers
  2. Double click the user Ryan Kennon
  3. Click Account
  4. Check the box labeled Unlock Account
  5. Apply the Changes

Untitled Diagram-Page-10 drawio


23) Reset the User's Password

  1. Right click the user Ryan Kennon
  2. Select Reset Password

Untitled Diagram-Page-11 drawio

  1. Enter the new password
  2. Apply the Changes

Untitled Diagram-Page-12 drawio


24) Verify Functionality

  1. Attempt to log into the client Virtual Machine using the updated user credentials

Untitled Diagram-Page-13 drawio


25) Set Account Logon Hours

  1. On the Domain Controller open Active Directory Users and Computers
  2. Right-click the user Ryan Kennon and select Properties

Untitled Diagram-Page-1 drawio

  1. Navigate to the Account tab and click Logon Hours
  2. Select Logon Denied to clear the hours
  3. Apply the changes

Untitled Diagram-Page-2 drawio

  1. Attempt to log into the Client Virtual Machine using the User's Credentials to observe the change

Untitled Diagram-Page-3 drawio

  1. On the Logon Hours page highlight all the hours and select Logon Permitted and apply the changes to reenable sign on

Untitled Diagram-Page-4 drawio


26) Deactivating User Accounts

  1. In Active Directory Users and Computers right-click the user Ryan Kennon
  2. Select Disable Account

Untitled Diagram-Page-5 drawio

  1. Attempt to log into the Client Virtual Machine using the User's Credentials to observe the change

Untitled Diagram-Page-6 drawio

  1. In Active Directory Users and Computers right-click the user
  2. Select Enable Account to reactive the user account

Untitled Diagram-Page-7 drawio


27) Deprovisioning User Accounts

  1. In Active Directory Users and Computers right-click the user Ryan Kennon
  2. Select Delete
  3. Confirm you want to delete the user

Untitled Diagram-Page-8 drawio

  1. Attempt to log into the Client Virtual Machine using the User's Credentials to observe the change

Untitled Diagram-Page-9 drawio

About

End-to-end Active Directory enterprise environment built in Azure, featuring domain deployment, user and group management, security policies, network configuration, and full identity lifecycle operations.

Topics

Resources

Stars

Watchers

Forks

Contributors