Images seem small in the page, but can be clicked to expand.
This project is based on Josh Madakor's "Basic Home Lab Running Active Directory". This project will utilize VirtualBox to create a domain controller running Windows Server 2019 which houses our Active Directory. This will be configured with network adapters. It will have NAT and routing configured, as well as possess DHCP for automatic IP addressing. We will also run a PowerShell script to create a thousand users. Another virtual machine will be created that runs Windows 10 Enterprise which will connect to our domain controller.
To virtualize a Windows 2019 Server and Windows 10 Enterprise system, we will need their respective .iso files. To begin, we will obtain these.
After initially configuring the server, we also want to make modifications to our network settings. Namely, we want to ensure that have our standard connection, as seen below:
But we also want to enable another network adapter for our internal network.
Then, we begin our configuration setups.
We pick Desktop Experience for the GUI.
We choose custom install,
And then create our profile. After doing so, we are put into the server manager.
Our next step is now to configure the internal network. We go into network settings.
We need to figure out what each of these are and name them appropriately for later use. We click on the first one and expand details:
We can see this is our standard home IP address for internet. Thus, we name this one internet.
When looking at the details for the second one, we can see that it's the internal network.
Thus, we name it such. We also assign an IP address and a DNS server address.
After doing such, we rename our PC to DC (Domain Controller).
After restarting, we can proceed to establishing Active Directory. In Server Manager, we click "Add roles and features". I'm going to only post screenshots of changes made, if screenshot is not present, assume that default settings were kept.
Here we choose "Active Directory Domain Services"
After finishing the install, we notice a flag notification. Upon clicking it, we can see that we are being prompted to promote the server to a domain controller, which we can go ahead and do. I'm again going to post a series of screenshots.
The computer will then attempt to install prerequisites. After doing so, the computer automatically restarts. Once it's done, note that there is now a "MYDOMAIN" before Administrator. This denotes that instillation is successful.
After logging in, we're going to create our own administrative account instead of using the built in one. We'll do this by going through the start menu to "Windows Administrative Tools"/"Active Directory Users and Computers".
We create a new Organizational Unit (OU) in our domain named Admins. We create a user for ourselves inside this unit.
After creating our user, we add ourselves to the Domain Admins group by going into properties, going to "Member Of", and adding to aforementioned group.
We then sign out, and log into "Other User" with our newly created account. As you can see, I am now in my own account as opposed to a default administrative account.
Our next step is to set up NAT. We do this by going into Server Manager, and then clicking on "Add roles and features". Assume default options if screenshots are not provided.
Here, we click on "Remote Access".
Here, we add "Routing"
After completing the install, we can go to "Tools"/"Routing and Remote Access"
Then, we right click on "DC" and select the configure option.
We want to install "NAT"
We then want to use a public interface, and select our Internet interface.
After this finishes, we can see all the new options that appear.
We now want to set up our DHCP. To do so, we go back to "Add roles and features". Note that the server name changed to DC.mydomain.com
Here we select DHCP Server, and Add features. We then proceed to install.
After instillation is completed, we work towards setting up our scope. We go to the DHCP control panel, click IPv4, and select "New Scope".
We name the scope.
Then, we set the start and end IP addresses and set a mask of 24.
We continue past the next pages, Exclusions and Length Duration. We leave both as default.
Then, we configure our DHCP options.
We add the address of the domain controller as the default gateway.
The following are left as default.
We then authorize our DHCP server.
As we can see, they turned green and we can see our newly created scope under IPv4.
Next, we're going to make a configuration that allows us to browse the internet from the domain controller. This isn't usually done, but we're doing it in the lab for convenience. We click "Configure this local server"
We're going to disable "IE Enhanced Security Configuration."
Now, we're going to use a PowerShell script to create a large amount of users so we have something to work with. The source code is here.
We get the script and extract it to our desktop.
When looking at the text files, we can see that it's a list of randomly generated names. These are going to serve as our users. At the top we add our own name.
Now that we have the script, we go to PowerShell and run it as an administrator.
We then open our PowerShell script.
If we try and run this script right now, we face an error message. This is because of security policies set inside Windows.
To prevent this, we disable this policy. In a live environment, this isn't recommended, but since we're in our own lab there is little risk. The command we run is Set-ExecutionPolicy Unrestricted. We click "Yes to all".
After changing directories, we run the script.
As we can see, the script is run and created the users. Going into the Active Directory window, we can see this as well.
When running a Find operation, we can see that there are 1052 users.
Now that this is completed, we will create our Windows 10 Client to connect to this server. Using VirtualBox, we go through the standard steps to create our Windows 10 Enterprise machine. Giving 4GB of RAM and 4 cores, we also set the Network Adapter to internal.
We go through the setup steps, and wait for it to finish...
After going through standard setup steps, we once again wait.
Then finally we have our functional client.
We can check our ipconfig and ping a domain to see that our networking is successful.
For further confirmation, we can ping our domain, and we see that it resolves.
We're going to change our hostname. We rightclick the start menu and go to System, then scroll down and click "Rename this PC (advanced)"
Then, we click "Change" to rename the computer.
We name the machine CLIENT1, and try to join the domain.
We are prompted with a login page, where we can use any of the previously created users and passwords. We provide our own.
We see a successful login.
We then restart our computer. While the computer is restarting, we can go to the DHCP manager in the server, and check "Address Leases". We see the IP leased to the client we created.
Furthermore, if we go into the Users and Computers manager, we can see a "Computers" folder with CLIENT1 within it.
Once the computer is finished restarting, we can go into the login page and click "Other user". Here, we see that we are logging into the created domain. Thus, we can use any of the previously created users. After we log in, it begins to create us a profile. After it finishes, we are in the computer. We can open cmd and run "whoami" to see that we are a part of the domain, logged in as our own user.
This concludes this project.