This project serves as a demonstrative showcase of adept system administration skills, illustrating proficiency in constructing and managing complex network environments. By meticulously configuring a Microsoft Server to host Active Directory and deploying a Domain Controller, the undertaking underscores adeptness in system architecture and domain management.
The utilization of PowerShell scripting to automate user creation processes showcases a nuanced understanding of automation tools, streamlining administrative tasks and enhancing efficiency. Moreover, the successful integration of Windows 11 Enterprise and the Microsoft Server 2022 ISO within a VMWare virtualized environment underscores adaptability and proficiency in deploying contemporary technologies.
Through the seamless orchestration of these components, this project not only exemplifies technical expertise but also highlights the ability to navigate and optimize multifaceted IT landscapes, essential traits for effective system administration.
- Understand the fundamental concepts of Active Directory and its role in network administration
- Develop skills in utilizing virtualization software (such as VMWare) to create and manage virtual machines
- Learn to set up and manage a Domain Controller within a network infrastructure
- Develop problem-solving skills through troubleshooting any issues encountered during the setup and configuration process
- Acquire proficiency in using PowerShell scripting to automate administrative tasks within a Windows environment
- Understand domain connectivity principles and authentication mechanisms, exemplified through logging into user accounts within a domain environment
- Virtualization Software: VMware Workstation Player or Oracle Virtualbox
- Microsoft Windows Server 2022
- Microsoft Windows 11 Enterprise
You will need to download the files above beforehand
- Powershell
- Active Directory
- CMD
To accommodate my Domain Controller on the Virtual Machine, I require two network adapters. Firstly, a NAT adapter utilizing my home router's IP address to facilitate external connectivity, and secondly, an Internal Network Adapter (VMnet0) to enable communication with other Virtual Machines. Please consult the diagram provided earlier for reference
Upon installing Windows Server 2022 on the Virtual Machine, my initial task involves configuring the two network adapters at my disposal: one designated for external connectivity and the other for internal network communication
Now, I need to determine which NIC serves as our NAT. Ethernet0 is identified as the NAT adapter since its DNS is assigned to "localdomain."
I proceed to rename the adapters for clarity, which will prove beneficial during the subsequent setup of the Domain Controller (DC) and DHCP
Next, I configure the Internal network adapter, assigning it the IP address depicted in the diagram (172.16.0.1). Omitting a default gateway is intentional since the Domain Controller serves as the gateway. For DNS server configuration, I allocate an IP address per the diagram, anticipating Active Directory installation, which automatically installs DNS. I designate it as a loopback address to enable self-pinging
Having identified the external and internal network adapters, I proceed to rename the PC from its current long and complex name to simply "DC" (Domain Controller). This action necessitates a restart, which is acceptable
Upon rebooting, I initiate the download process for Active Directory
adhl_2.0_install_AD.mp4
I've installed Active Directory Domain Services, but we haven't yet designated the server (or computer) as the domain. Now, I need to proceed with creating the domain
adhl_2.1_domainpromo.mp4
Upon promoting the server to a domain, a restart is enforced. Upon logging back in, you'll notice that the domain has been successfully created as my admin account now displays "MYDOMAIN" prefixed to it
Now, instead of relying on the built-in Admin account, I will establish a dedicated domain Admin account
adhl_2.2_adminacctcrtn.mp4
I've created a domain-specific admin account, but it lacks administrative privileges. To rectify this, I navigate to Active Directory and elevate this new account to Administrator status. Once completed, I log out of the built-in Admin account and log in using my newly created Domain Admin account
adhl_2.3_adminpromo.mp4
Next, I must install and set up the RAS/NAT to enable my Windows 11 client computer to access the internet via the internal network routed through the Domain Controller
adhl_2.4_ras_nat_config.mp4
With the role successfully installed, the next step is to configure the Routing and Remote Access functionality
adhl_2.5_remoteaccess_setup.mp4
Excellent! With Remote Access installed and configured, it's time to proceed with installing a DHCP Server. This step will facilitate the assignment of IP addresses to our Windows 10 clients, enabling them to browse the internet seamlessly
Now, let's configure the DHCP and establish a scope. DHCP's primary function is to automatically assign IP addresses to computers on the network. The scope I'm creating will allocate IP addresses within the range of 192.168.1.100 to 192.168.1.200, providing DHCP the capability to assign 100 IP addresses effectively. Additionally, I've set the lease duration to 8 days. This lease ensures that once an IP address is assigned, it remains reserved for that device for a specified period. Without it, new devices couldn't obtain IP addresses, hindering their ability to connect to the internet.
To illustrate, consider a scenario like a library offering Wi-Fi access. If patrons typically spend around 2 hours inside, it wouldn't be practical to lease an IP address for 8 days. This would tie up the IP address unnecessarily. In such a case, it's advisable to set the lease duration to under 4 hours and allocate a broader range. However, for a virtual environment like ours, where usage is temporary, the lease duration isn't crucial
adhl_2.7_dhcp_config.mp4
In order to retrieve my PowerShell script from the internet, I must enable web browsing capabilities. This involves temporarily disabling security features on the Domain Controller. It's crucial to note that in a real production environment, such actions would never be taken due to the inherent security risks. However, since this setup is solely for personal lab experimentation, security concerns are less of an issue. While technically possible to browse the internet without this step, it would result in a barrage of warnings for every webpage visited, which can be quite bothersome
With Active Directory and my Domain Controller properly configured, I utilize a PowerShell script to generate more than 1000 user accounts. Below is a video showcasing the script in action!
adhl_3.0_running_PS.mp4
The script has executed without any issues, and the visual confirmation of the created user accounts is quite impressive. While there were some duplicates that were not created, resolving this is straightforward by enhancing the PowerShell script with additional lines of code to handle duplicates. For instance, we can instruct the script to append a "1" to the end of the account name if a duplicate is encountered. If you're interested in reviewing the complete code utilized, please refer to the top of this repository. The script can be found under the name "CREATE_USERS.ps1."
The next step is to establish a new Virtual Machine, which will function as a user within the domain. I designate this machine with the name "CLIENT1."
I adjust the network adapter settings to disable NAT and restrict internet access within my local network. The sole means for this Virtual Machine to connect to the internet is by obtaining an IP address from the Domain Controller on the Server VM. To accomplish this, I configure the network adapter to operate within the same internal network as the Domain Controller, utilizing VMnet0, as indicated in the initial diagram
Following the setup of a distinct virtual machine to simulate an employee logging into the domain, I streamline the process by renaming the computer to CLIENT1 and selecting the option to join the mydomain.com domain. As part of this step, I'm prompted to provide login credentials, and I opt to utilize the Administrator account that I established previously
I have successfully become a member of the domain!
I log into a user account generated from the PowerShell script to verify the correctness of the configurations. Rather than accessing the user account created during the virtual machine setup, I attempt to log into a user account established within MYDOMAIN
I'm running Command Prompt to verify if the client VM is correctly receiving the assigned IP address from the DC. As shown by the purple circle, it confirms that I have been successfully leased an IP address by the domain controller. Additionally, the green circle highlights successful pinging of the domain, indicating proper connectivity
A conclusive test to ensure the functionality of the work environment and the bulk users I've created
Returning to my server VM, I review the DHCP to assess the number of leased addresses. As highlighted in red, it's evident that my CLIENT1 Virtual Machine has been assigned an address. In a real corporate setting, this folder would likely contain hundreds, if not thousands, of leased addresses, depending on the lease duration. Of course, the number varies depending on the specific environment; in this instance, I've set the lease duration to 8 days
Here's an alternative method to monitor the current connected devices within the domain. It's evident from Active Directory that my CLIENT1 computer is being accurately recognized. In a genuine corporate setting, this folder would likely contain a multitude of devices, potentially numbering in the thousands
Here, I'm scrolling through the User accounts generated using PowerShell. Remarkably, over 1000 accounts have been successfully created!
