Skip to content

Skyfutpcm/active-directory

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
README.md
README.md
 
 

Repository files navigation

Microsoft Active Directory Logo

Installing and Configuring Active Directory in Microsoft Azure

This lab demonstrates how to install and configure Active Directory using Azure. We will be using two VMs on Azure that are on the same virtual network. One VM will be installed with Active Directory and configured to be the Domain Controller and other VM will be used as a client. Then, we will configure the Active Directory to allow the Client to join the domain as well as creating user accounts using a Powershell script.

Environments and Technologies Used

  • Microsoft Azure (Virtual Machines/Compute)
  • Remote Desktop
  • Active Directory Domain Services
  • Powershell
  • (OPTIONAL) Notepad for writing down usernames and passwords for VMs

Operating Systems Used

  • Windows Server 2022
  • Windows 10 Pro (21H2)

Installation Steps

Setting up Resources in Azure

  • Our Client VM should be installed normally using the Windows 10 image (OS)
  • Our Domain Controller VM using Active Directory should be created using the image Windows Server 2022 Datacenter: Azure Edition - x64 Gen2
  • After the VMs are created, we'll set the Domain Controller's IP Address as static since having it dynamic will make them difficult for the VM to communicate with our client VM.
  • Go to your Virtual Machines in Azure and go to Networking then go to the link listed next to Network Interface. Head to IP Configurations under settings, go to the ipconfig link to open up a window to toggle the IP configuration and allocation to Static.
    • IP Configuration for the Domain VM


    Ensuring Connectivity

    • Logging in to the Client VM, open the Command Prompt and enter the command ping [Domain Controller Private IP Address] -t to endlessly send ping in order ensure reachability with the Domain Controller. Connection should time out after the first ping due to the Domain Controller's Firewall Settings.
    • Logging into the Domain Controller VM, go to the Windows Defender Firewall with Advanced Security. Head to the Inbound Rules and enable the rules under the protocol ICMPv4, specifically Core Networking Diagnostics - ICMP Echo Request (ICMPv4-In)
    • Head back to the Client VM, and we should now be seeing replies


    Installing Active Directory on the Domain Controller

    • In your Domain Controller VM, go to the Server Manager Dashboard and click on Add Roles and Features. Go through the installation process and upon getting to Server Roles, make sure to check the box for Active Directory Domain Services
    • Once installed, we now have to promote the server into a domain controller. To do so, you may notice a warning notification on the top right where the flag icon is. Click on that flag and click Promote this server to a domain controller. Click on Add a new forest and specify a domain name. For this tutorial, we'll name the domain mydomain.com, specifiy the password, and proceed with the install. Noted, you will be automatically signed out, re-log in through Remote Desktop, and installation is fully completed!


    Important Log In Note

    • When logging back in to the domain controller VM through Remote Desktop Connection, it is important to log in with the context of the domain.
    • Type out the domain path and then the name of the user. For example: mydomain.com/labuser.


    Configuration Steps

    Creating Organizational Units (OUs) and Users

    • OUs act like folders that hold information, privileges, and login access of users in the directory
    • In the Server Manager Dashboard, go to the Tools tab to open the Active Directory Users and Computers console, right click on the domain (mydomain.com) and make two OUs, _ADMIN and _EMPLOYEES.
      • These OUs names are needed for a later step were we create multiple accounts
    • In the _ADMIN OU, we'll create the user Jane Doe with the user name jane_admin and password of your creation
    • We'll be granting Jane admin privileges. Using the Security Group, right click on the user and open their Propertiesb>. Click Member Of then Add to apply the appropraite security group.
    • Now, the user Jane will be used to log in from here on, using the login username jane_admin.


    Joining the Client to the Domain

    • First, we need to configure the Domain Name System (DNS) server. Go to your Domain Controller VM in the Azure Portal and go to Networking then go to the link listed next to Network Interface. Head to DNS Servers under settings, and set the DNS Server to Custom. Then, enter the domain controller's private IP address and save the changes. Restart the client VM in order to ensure the DNS changes are saved.
    • In the System menu of the client VM, click on Rename this PC (advanced) and Change.
    • Enter the domain and necessary credentials in order to let the client join the domain (logging in as jane_admin). It is important to note that the login credentials have to be input within the context of the domain path (mydomain.com\jane_admin).
    • The client should now be part of the domain (A popup should appear welcoming you to the domain). On the domain controller, the client should now appear in Computers in the Active Directory Users and Computers panel.


    Setup Remote Desktop for non-administrative users on Client VM

    • Before users in the domain can use the client computer, Remote Desktop has to be enabled for non-administrative users.
    • While logged in as the administrator (jane_admin), open System Properties. Click on Remote Desktop and Select users that can remotely access this PC.
    • Allow Domain Users access to Remote Desktop. Non-administrative users can now log in to the Client.


    Creating Users and attempt to log into the Client VM with one of the users

    • In the Domain Controller VM logged in as jane_admin, open Powershell ISE as an administrator
    • Using this powershell script, we will create thousands of randomly generated accounts all with the password "Password1"
    • In Powershell ISE, create a new file and copy-and-paste the powershell script into the file and then run the script
      • All these users are generated and put into the _EMPLOYEES Organizational Unit in the Active Directory
    • Head to the Active Directory Users and Computers console and select a random username and obtain their login information by going to Properties and in the Account tab
      • The username generate should appear as [first name].[last name], in this image the user is selecting "falojo.kugori"
    • Attempt to log in the Client VM using the generate username you have selected (username being mydomain.com\username) and the password "Password1"

    About

    No description, website, or topics provided.

    Resources

    Readme
    Activity

    Stars

    0 stars

    Watchers

    1 watching

    Forks

    0 forks
    Report repository

    Releases

    No releases published

    Packages