Skip to content

asb92992/On-premises-Active-Directory-Deployed-in-the-Cloud-Azure-

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits

README.md

README.md

 
 

Repository files navigation

Microsoft Active Directory Logo

On-premises Active Directory Deployed in the Cloud (Azure)

This tutorial outlines the implementation of on-premises Active Directory within Azure Virtual Machines.

Environments and Technologies Used

  • Microsoft Azure (Virtual Machines/Compute)
  • Remote Desktop
  • Active Directory Domain Services
  • PowerShell

Operating Systems Used

  • Windows Server 2022
  • Windows 10 (21H2)

Deployment and Configuration Steps

AD part 1


  • I created the domain controller VM (windows server 2022) named DC-1
  • Created a Client vm (windows 10) named Client-1
  • Both VM's have the same resource group and Virtual network

AD part 2

  • NIC is network interface
  • Proceeded to DC-1 VM NIC then went to the IP configs to set the IP address to static
  • Since its been set to static the IP adress will not change for DC-1
  • Login to remote desktop with client-1 public IP address and my username and passoword.
  • My username is labuser
  • Copied DC-1 private IP address
  • Went to CMD in CLient-1 and ping -t DC-1 private ip adress. ping -t 10.0.0.4


AD part 3

  • Login to DC-1 with it's public IP adress in remote desktop
  • Then went to wf.msc which stands for firewall and network protection in windows security
  • Then went to inbound rules
  • As you can see the the ping request is still time out in the CMD


AD part 4

  • In inbound rules I enabled two ICMPv4 called Core networking Diagnostics- ICMP Echo Request in the DC-1 Vm
  • Proceeded to check back at the CLient-1 VM to see the ping succeed
  • I stop the ping from continuing by using ctrl-c
  • Went back to DC-1 VM and in the server manager I click add roles and features
  • Proceeded to install active directory domain services

AD part 5

  • Click on promote this server to domain controller in server manger to finsih installing active directory
  • Added a new forest and name my root domain mydomain.com
  • Active directory is installed

AD part 6

  • DC- 1 needed to restart since I install the active drectory domain services
  • Login back into DC-1 with the public IP address
  • I had to login with the context of the domain since DC-1 became a domain controller now
  • Instead of logging in with labuser I now login with mydomain.com\labuser
  • Proceeded to Active Directory Users and Computers and created an Organizational Unit called _EMPLOYEES AND _ADMINS
  • In the _ADMINS section I proceeded to create a new USER named jessica doe with a username jessica_admin and a password for the made up name
  • I also Unchecked user must change password at next login since it is just practice and then I click password never expires
  • I now have a User in the _ADMINS section, but jessica_admin is not a admin yet
  • To make jessica_admin an actual admin account I have to assign it to the domain admin group
  • To do that I right click on jessica and went to properties and then member of
  • I then added a domain admin group in member of
  • I proceeded to type domain and check groups and then click on domain admin
  • Made jessica doe a administrator

AD part 7

  • I then logg off of DC-1
  • Log back in to DC-1 with it's public IP address in remote deskop
  • Login as mydomain.com\jessica_admin with the password I made for Jessica
  • I proceeded to CMD to show which VM that I was in and I was in DC-1 and as jessica_admin as the user
  • I then join Client-1 to the domain so I can login to any domain accounts
  • Now in Client-1 VM I went to settings - systems- rename this pc
  • Clicked on change and made CLient-1 to a member of domain.com and it did not work because it reached out to the DNS server to get whats the domain controller and I have not made one yet
  • I then had to set my DNS server for Client-1 in Azure portal
  • In Azuure portal I went to Clinet-1 VM. In Azure portal I will set Client-1 DNS settings to the DC private IP address
  • I went to DC-1 networking to get its NIC private IP adress which was 10.0.0.4
  • Note: I'm setting client 1 virtual network interface card. Im setting the DNS to DC-1 ip address is.
  • Went to Client-1 networking -> DNS servers and then change the DNS server of Client-1 to DC-1 private ip address which is 10.0.0.4
  • I then restarted client-1 in azure which flushed the DNS cache
  • I login to Client-1 as the user labuser since its not join to the domain yet.

AD part 8

  • Note: DNS settings for the virtual NIC for Client 1 is set and now I will join Client-1 to the domain
  • I then went to CMD to observe the new DNS settings in Client-1

AD part 9

  • Note: Join Client-1 to the domain now
  • I then went to settings

AD part 10

  • In settings I went to rename this PC -> change -> domain
  • Then change the domain to mydomain.com
  • Then a window pops up called computer name/ domain changes
  • I then login with mydomain.com\ jessica_admin with the password I have for jessica
  • A pop up window called computer name/ domain changes proves it was a sucess
  • Client-1 then restarts
  • Client-1 is now join to the domain
  • Now we can login to our domain admin account with Client-1 VM. So even though jessica admin is not a user to client-1 we can still login because it is join to DC-1 domain

AD part 11

  • I copy Client-1 public IP address and log back into remote desktop
  • Log back in as mydomain.com\jessica_admin and the password to the account
  • Note: Set it up so all domain users has access to remote desktop in Client-1 so anybody can log into any computer
  • start menu -> system -> Select users that can remotely access this PC -> add -> and type domain users and check names then click ok.
  • Now all domain users are allow to login into the computer

AD part 12

  • Go to start then windows administrative tools -> active directory users and computers
  • click on mydomain.com -> users -> domain users -> members note: to see all users so anyone in the group can login to client 1

AD part 13

  • Note: Make a bunch of users and attemp to login in one of them
  • In DC-1 VM open Windows PowerShell ISE as an adminstrator
  • Create a new file then paste the scripts of this into it -> (https://github.com/joshmadakor1/AD_PS/blob/master/Generate-Names-Create-Users.ps1)
  • Run the script and observe the accounts being cretated
  • Note: The scipt will take 10,000 number of accounts and give them all the password which is Password1. The account is going to be created in _EMPLOYEES section
  • Then proceed to active directory users and computers
  • Go to the _Employees section and refresh the section
  • You can now see all the generated names being made from the script before

AD part 14

  • I picked a random generated user and copy the username of the random user that I picked
  • I then log out of Client-1 and then relogin into Client-1 with its public IP address in remote desktop
  • I login as mydomain.com\qil.cenali with the password in the script which was Password1
  • I then went to CMD to confirm I am qil.cenali user and in teh right VM which is Client-1
  • I then proceeded to windows (C) and Users to see all the user I login as

AD part 15

  • Note: This gif will show if a user got lock out of there account for loggging in with the wrong password
  • I picked a random user to show
  • I then even show you can block a user from logging in

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published