Skip to content

Latest commit

 

History

History
163 lines (129 loc) · 16.5 KB

README.md

File metadata and controls

163 lines (129 loc) · 16.5 KB
Raw

Thumbnail of Project.

Active Directory (AD) Home Lab Setup Tutorial w 1000 Users

YouTube Demonstration

Description

This tutorial demonstrates the process of setting up Active Directory in a home lab environment using Oracle Virtual Box Based on the tutorial by Josh Madakor. Engaging in the configuration and operation of this lab will greatly enhance your comprehension of Active Directory and Windows networking principles. If you have any inquiries, don't hesitate to reach out to me.

Languages and Utilities Used

  • PowerShell
  • Oracle Virtual Box

Environments Used

  • Windows 10 (22H2)
  • Windows Server 2019

Diagram Template of Home Lab

Diagram of Project
Diagram of Project.

This is the diagram that is going to be used to set up the two main virtual machines (VMs) for the home lab environment. The first VM will be the Domain Controller (DC), which is the sever that runs Active Directory (AD) and all its components, so we need to set it up with all the following services. The Fully Qualified Domain Name (FQDN) is the complete domain name for AD, which we will need to set up within the DC in order to have clients connect to the AD server. Network Address Translation (NAT) will need to be setup as well in order to have the internal Network Interface Card (NIC) comunicate with the internet NIC, so that internet access is avilable within the domain when users sign in to the domain. Lastly, Dynamic Host Configuration Protocol (DHCP) is set up so that when Clients sign on to the domain, they automatically get leased an IP address and are immediatly connected to the Internet.


Files to Download and Install

Tutorial Portion

Create a new VM machine by clicking on "New" in VirtualBox, to avoid confusion name VM "Domain Controller" and make sure to set "Windows 2019" as version. We Will load boot media after setting up VM.
Creating new VM for Domain Contoller. Creating new VM for Domain Contoller.

Configure the DC VM with two Network Interface Cards (NICs). One internal NIC for the Domain and the External NIC to be able to connect to the Internet on the Host Computer.
External Network Interface Card Setup. Internal Network Interface Card.

Install Windows Server 2019 on DC VM (Make sure to Select Desktop Experience), Identify the Internal (the one with no network access) & External NICs and assign IP address for internal Network Card.
Mounting Windows Server 2019 .iso file to DC VM. Selecting Desktop Experiene Windows Server 2019. Logging in to the DC for the first time. Finding and Renaming internal Network. Configuring Internal NW IP address.

Go to Server Manager then add the AD Domain services role and create the the domain (example- mydomain.com).
Opening the Server Manager in the DC. Adding AD Domain Services role. Creating a New Forest. Naming the Domain. Creating a DC Password.

Next go to the Server Manager again and add the RAT/NAT service and configure to be able to allow clients access to internet while in the domain. Make sure to select the external NIC when setting up NAT internet connection.
Adding RAT/NAT Service on the DC. Configuring which services to use. Going to the Routing and Remote Access tool. Configuring the DC's NAT routing. Making sure to select NAT so that the right configuration is set. Selecting the right NIC for the NAT serivce.

Now go back to the Server Manager yet again to set up the Dynamic Host Configuration Protocol (DHCP) on the DC based on the Diagram Specifications.
Selecting DHCP Service. Installing DHCP to AD. Configuring the DHCP server.

Download and run the PowerShell script within the DC VM to create 1000 users in AD.
Powershell add users picture List of users in AD

Create a new VM and name it (Example- Client1) and install Windows 10 (Make sure to Select Windows 10 PRO) in order to be able to use this VM to connect to our new domain. Connect the Client VM to the network, then to the domain by adding it to the System Properties.
Creating the Client VM Making sure to use the Windows 10 .iso File to mount it to. Making sure to select Windows 10 Pro Adding the client to the Domain

Login to the client machine within the domain using a domain account. As you can see the client VM shows that we are now in the domain.
Logging in to Active Directory as an Administrator.

Additional Guides to other features in AD to tinker with (Not Required)

To Create a new Organizational Unit (OU), go to Active Directory Users and Computers and then right click the domain (in this case THM) and select new, then Organizational Unit.
Creating an Organizational Unit.

To Delete an OU, you must activate Advanced Features under view in order to be able to select the OU properties and uncheck Protect from accidental Deletion.
Unable to delete OU. Selecting Advanced Features. Showing the difference when selecting Advanced Features. Selecting Properties to be able to uncheck Prevent accidental Deletion. While in Properties, uncheck Prevent accidential Deletion. Deleting a OU right clicking on OU selecting Delete. Caution popup appears, to delete clck yes.

Checking Login of a User, you must enable Advanced Features (if not enabled already), right click on the user, go to properties, within properties select the Attribute Editor tab and look for lastLogon.
Selecting Advanced Features. Showing the Last Logon of Bob for example.

To Delegate control of a OU, or give privileges to certain users (giving IT privileges to reset passwords for the sales dept. for example) you must right click the OU and right click Delegate Control. There another popup appears where you click next and are able to give access to users or groups and specify what privileges they get to recieve.
Right clicking on OU and selecting Delegate Control. popup that appears after seleting Delegate Control. The next page that appears after clicking Next. Clicking Add on the Add Users/Groups, typing a User and clicking Verify to make sure the right User is selected. Showing the Change, when clicking verify. After clicking Next, the next page shows the users added, so double check to see if everything is correct. Next, you are able to pick and choose what options to give to the selected user(s) or group(s), here we selected to allow the user to reset passwords for the OU. After clicking next, shows everthing you have chosen to do and once again, it is a good idea to check everthing over once again. Using Remote Desktop (RDP) in order to check to see if our changes worked Logging in to the IT users AD account to test the changes. using CMD to reset another user password through IT user AD account to make sure it works. Logging in as User that we reset the password for. Showing that this User needs to reset their password before logging in Showing the Password change process a typical user would do. Showing that we were able to log in to the account after changing password.

Managing Computers In AD, In this example, we created another OU to differentiate between workstations and servers, which can be helpful when managing the domain, as it would be easier to create different policies for each OU.
Creating an Organizational Unit. Nameing the new OU. Showing the New OU in the domain. Moving the computers to the new OU. Shwoing the folder the objects will move to. Showing where the objects have ended up.

Examples of Group policy editor, and examples of whats in a policy. Policies created are under the Group Policy Objects, when linked (when they are actively used) will show them under the OUs or Domain.
Searching for the Group Policy Editor. Showing the Group Policy Editor. Example of a Default Domain Policy. Showing the Computer configuration tab to show the policies. Showing what is under those policies.

Showing how to edit a poilicy example. In this example, we will be showing how one would go to edit the Minimum password length policy.
Right clicking a policy and selecting edit. Finding the Minimum password length policy. Right clicking properties of selected policy to edit it. Showing the popup that appears when clicking properties on a policy. Showing that policies may have an explaination tab that details what the policy does.

After creating and editing a Group Policy Object, the next step would be to link the policy to OU(s) needed, in this example we will be linking the Prohibit Accesss to Control Panel and PC settings policy to 3 OUs inside the Domain, as well as the Auto Lock Screen policy to the whole domain instead of specific OUs.
Editing another GPO Selecting a Policy setting and editing it. Showing the Prohibit access to control panel and PC settings popup. Right clicking the OU and linking the group policy to it. Selecting the correct Group Policy Object to link it to. Repeating the process so that Managment, Marketing, Research and Development, and Sales have the GPO Editing the Auto Lock Screen GPO. Editing the specific policy in the GPO Editing the Poliicy time limit for auto lock. popup that appears verifying that you want to place the GPO to the whole domain. Showing that the Domain has the Auto Lock Screen GPO. using RDP to test out the GPO Trying to open the Control Panel application Showing the error that occurs, prohibitng the use of Control Panel.