Active Directory Lab

Description

This project provides a step-by-step guide to building an Active Directory home lab with Oracle VM VirtualBox.

Environments Used

• Oracle VirtualBox
• Microsoft Server 2019
• Windows 10

^{Make sure to download the files above ahead of time. Open "Media Creation Tool" to create the Win10 ISO file.}

Utilities Used

• Active Directory
• PowerShell
• CMD

Network Diagram

Create Domain Controller!

1. Open Oracle VirtualBox, click "new" and choose a name for your VM. "DC" was chosen for convenience. Select the location of the ISO-image along with the edition.

2. Allocate enough hardware resources to your VM.

3. Continue the rest of the installation.
4. It’s helpful to enable copy/paste and drag/drop between your computer and the VM. You can do this by going to Settings and then the Advanced tab.

5. Configure this DC with two network adapters: one for Internet access and one for the internal network. Additional network adapters can be added in the Network settings.

Install Windows Server 2019!

1. Choose your language and time.

2. Choose "Windows Server 2019 Evaluation with Desktop Experience".

3. Continue, then choose "Custom" installation.

4. Choose storage for the installation.

5. Continue the installation process. It may take a while & restart during the process. Be patient and let it finish.

6. Once it's done, setup a password for the Admin account.

7. Logging in requires pressing Ctrl + Alt + Delete. Since this can be difficult in a virtual machine, use the top toolbar: Input → Keyboard → Insert Ctrl + Alt + Delete.

8. To enhance the overall user experience, including improved mouse behavior and display resizing, install the Guest Additions CD via the Devices menu in the upper-left corner of the VM window.

9. Using File Explorer, navigate to This PC and double-click VirtualBox Guest Additions.

10. Launch Windows-Additions-amd64 and proceed through the installation wizard, selecting Next for each step. Once done, manually reboot the VM and restart it in VirtualBox.

IP Addressing Setup!

1. Right click the Start icon, then choose System from the menu.

2. Rename this VM to DC so it's easier to identify.

3. Go to Control Panel → Network and Internet → Network Connections. You should see two NICs (e.g., Ethernet 1, Ethernet 2). Let’s figure out which is for Internet and which is for the internal network.

4. Open Ethernet 1, click Details, and note the IPv4 DNS Server, which displays the router’s IP address. The presence of an IPv4 address and a standard subnet mask (255.255.255.0) indicates that this NIC is used for Internet connectivity.

5. Rename the NIC to "xINTERNET" for easier identification.

6. Rename the second NIC to something like _INTERNAL for easier identification.

7. To configure the Internal NIC, double-click it, select Internet Protocol Version 4 (TCP/IPv4), and assign the specified addresses.

8. Depending on the network architecture, IP addresses may vary. For this setup, assign the following to the Internal NIC:

• IP: 172.16.0.1
• Subnet: 255.255.255.0
• Default gateway: (leave blank)
• DNS: 127.0.0.1 (loopback; DC acts as its own DNS and serves connected clients)

Install AD & DS!

• In this step, Active Directory and Domain Services will be installed. Active Directory Domain Services (AD DS) is a Microsoft technology designed to manage users, passwords, and network file access efficiently while maintaining security.

1. Go to the Server Manager

2. Open Add Roles and Features, and choose the server from the list (in this case, the only server is named DC).

3. Click the Active Directory Domain Services option.

4. Continue and complete installation.

5. With Active Directory installed, the next step is to create the domain. Click the flag notification, then choose Promote this server to a domain controller.

6. Click the add a new forest option and provide your desired domain name.

7. Specify a password for Directory Services Restore Mode (DSRM), which will be required for any future restoration of Active Directory.

8. Continue clicking Next until the Install button is displayed, then select Install. The installation may take several minutes, after which the server will restart automatically.

9. After the server restarts, log in and We will create a dedicated administrative account to use instead of the built-in Administrator account.

10. Open the Start menu, navigate to Windows Administrative Tools, and choose Active Directory Users and Computers.

11. Click your domain name → New → Organizational Unit.

12. Name the OU something like _ADMINS

13. Create a new user under the OU that was just created.

14. Provide the First Name, Last Name, and User logon name. Administrative accounts typically follow a special naming convention, such as prefixing the username with “a-”.

15. Set a password and continue.

16. To assign the user to the Domain Admins group, right-click the account, select Properties, navigate to Member Of, click Add, enter Domain Admins, click Check Names, and confirm by pressing OK.

17. After clicking Apply, ensure that the user has been added to the Domain Admins group, then select OK to finish.

18. Sign out and Login as the new user.

Install RAS/NAT

• The objective of this configuration is to enable clients on the internal virtual network to access the Internet through the Domain Controller (DC).

1. Go to the Server Manager in the start menu.

2. Open Add Roles and Features, proceed through the wizard until the Server Roles page, and then select Remote Access.

3. Click Routing

4. After the installation finishes, close the window, then select Tools in the top-right corner and open Routing and Remote Access.

5. The Routing and Remote Access control panel will open. Right-click the server (DC) and choose Configure and Enable Routing and Remote Access.

6. Click Next, then choose Network Address Translation (NAT).

7. Choose the public interface (having named your NICs earlier helps) and click Next.

8. The configuration is complete. The next step is to configure the DHCP server for the client VM.

DHCP Setup!

• The DC will now distribute IP addresses automatically, enabling the client VM to access the Internet.

1. Open Add Roles and Features, proceed through the wizard by clicking Next, and select the DC server. On the Server Roles page, select DHCP Server, click Add Features, then continue with Next and click Install.

2. Once complete, click close.

3. Now navigate to tools and DHCP.

4. To define the IP address range for clients, click IPv4 and choose New Scope.

5. Enter a descriptive name for the scope; using the IP range can make it easier to identify. Then click Next.

6. Configure the IP address scope according to the lab diagram. Set the subnet mask length to 24, allowing for 254 available hosts, then click Next.

7. Lease duration is how long an IP is assigned to a device. For a lab, it can be anything. In production, it depends on the environment. Set it and click Next.

8. Click Configure Options, and proceed by selecting Next.

9. Enter the DC’s IP as the router, click Add → Next.

10. Ensure that the DC’s IP address appears in the list, then proceed by clicking Next.

11. Activate the scope and continue.

12. Authorize the DHCP server and refresh the domain to verify proper operation.

13. The setup is complete. The next step is to execute the PowerShell script to add roughly 1,000 users to Active Directory.

Adding Users to AD with PowerShell Script!

• This PowerShell Script will add approximately 1k users to Active Directory.
• With Copy/Paste and Drag/Drop enabled, copy the PowerShell script from your computer into the DC VM.

1. Add your name to the names.txt file then save it.

2. Open Start → Windows PowerShell ISE, right-click More, and choose Run as Administrator.

3. Select Open from the top-left menu in PowerShell ISE. Locate the PowerShell script in the folder on the Desktop and open it.

4. Run Set-ExecutionPolicy Unrestricted in PowerShell and select Yes to All. This allows scripts to run in our lab environment.

5. Go to the folder containing the PowerShell script.

6. Navigate to the folder containing the PowerShell script, and execute it by clicking Play on the PowerShell ISE toolbar.

7. Complete! Verify the accounts in Server Manager → Active Directory Users and Computers.

Create VM 2 (Client 1)!

• The next step is to create a new virtual machine and configure it to connect to the private network.

1. Open Oracle VM VirtualBox, select New, enter CLIENT1 as the VM name, choose the correct version, and click Next to configure the hardware settings.

2. After setting up the VM, right-click it, open Settings, navigate to the Network tab, and configure Adapter 1 to use Internal Network rather than the default NAT.

3. Once done, start the VM.

4. Complete the installation and skip the product key.

5. Choose Windows 10 Pro then continue.

6. Wait for the installation to finish. Be patient!

7. Set your region and language, then select Continue with limited setup.

8. Provide a username and skip the password during setup.

9. It is recommended to disable all optional settings at this stage.

Join Domain!

• With the VM operational, assign it an appropriate name and configure it to join the domain.

1. To rename the computer, right-click Start and select System.

2. Navigate down and select Rename this PC (Advanced).

3. Select Change, provide the desired computer name, and configure the system to join the domain.

4. Enter username and password.

5. The PC has successfully joined the domain! Now, reboot the computer to apply the changes.

Credits

Special thanks to Josh Madakor for his excellent AD home lab tutorial on YouTube! Video Here