Welcome to my Active Directory Home Lab Project! This project is designed to help IT enthusiasts and professionals set up a simulated Active Directory environment. By following this guide, you'll gain hands-on experience with AD administration, user creation with PowerShell, and essential networking services like Remote Access Server and Network Address Translation as well as DNS and DHCP.
Whether you're preparing for certifications, enhancing your skills, or just exploring AD functionalities, this home lab provides a practical and controlled environment to experiment and learn.
Here's a diagram of out lab. As you can see, it outlines all of the tools we'll be using to complete the project.
- Active Directory
- PowerShell
- CMD
- Oracle VirtualBox
- Windows 10 (21H2)
- Windows Server 2022
- Oracle: https://www.virtualbox.org
- Windows 10: https://www.microsoft.com/en-us/software-download/windows10
- Windows Server 2022: https://www.microsoft.com/en-us/evalcenter/download-windows-server-2022
The first machine we're going to create is our Server, as this will be our "Domain Controller". When choosing the memory size, remember to work within the limits of your own computer. Click "continue" to confirm the virtual hard drive size, then accept the default choices to finish.
Before we start our new machine, let's make a few changes.
First, click the "General" tab, then choose "Advanced". Change both the "clipboard" and "drag" settings to "bidirectional". This function allows us to copy/paste from host to VM and vice versa.
Click "OK" to accept, then go to the "Network" option. Here, you'll need to set up two adapters: one for internet (labeled "NAT") and the other for your internal network (labeled "intnet").
Now, we're ready to start our machine and install Server 2022. For your installation option, choose "Custom". Then, choose either of the "Desktop Experience" options for your operating system. On the following screen, choose a password (preferably one that's easy to remember) and click "finish".
Congratulations! Your machine is now ready to use. You'll be greeted with this screen...
and asked to enter "ctrl+alt+del" so navigate up to "input", choose "keyboard", then "ctrl-alt-del".
Enter your newly created (and, hopefully, easy) password to sign in.
Before proceeding to the next step, let's run the "Guest Additions" CD image. This will make our VM run more efficiently. To do this, click "devices", then "insert Guest Additions CD image".
From here, you'll want to head to file explorer. You'll see the disc image in your "D drive". Double-click the "amd-64" version and follow the prompts to begin installing. Once that's done, you'll be asked if you want to reboot. You (obviously) can if you choose to but there's one more thing to do heading to Step 3 that will also require a reboot.
Let's rename our computer.
Start by right-clicking the "start" tab and going to "system". Click the "Rename this PC" button and choose your PC's new name. Again, the choice is yours. Restart the VM after renaming and we'll be ready for Step 3!
Now, it's time to set up our VM's networking. For this portion of the project, we'll be assigning an IP address and subnet mask for an internal NIC, creating a Domain Admin account, as well as installing Active Directory.
Let's begin with the IP address. One will connect to your home router so we'll leave it as is; the other (which we'll need to set up manually) will allow your client computer to connect to the server.
We'll start by clicking the "network" icon at the bottom right corner of your screen, then click "network and internet settings" to open. Next, we'll click on "change adapter options" to open the network connections screen.
Here, you should see your two adapters, "Ethernet" and "Ethernet2". Ethernet2 will serve as the internal connection. Double-click "Ethernet 2", then click "properties". After that, double-click on "Internet Protocol Version 4 (TCP/IPv4)".
This is where we'll assign our new IP address. From here, choose the "Use the following IP address" option and use "172.16.0.1" as your IP address. For the subnet mask, use "255.255.255.0". Leave the default gateway section blank. For the section below, labeled "Use the following DNS server addresses", we can use either the "172" IP address or you can use "127.0.0.1", which is a loopback address. Click "OK" to complete that portion and our IP address setup is now finished.
Our next step will be installing Active Directory.
Begin by open your "Server Manager" and clicking on "Add roles and features". Click "Next" until you reach the screen labeled "Select server role", at which point you'll choose "Active Directory Domain Services". Click the "Add Features" button on the pop-up screen and "next" until you reach the "install" button. Click to begin installation. Once that's finished, we can move on to the next step; promoting the server to Domain Controller.
Click on the flag icon in the top right corner of your Server Manager, then click on the "Promote this server to a domain controller" option. On the pop-up screen, select "add a new forest", then choose a name for your domain. For simplicity's sake, I chose "mydomain.com" but you can name yours as you see fit. On the next screen, you'll be asked to enter a password. You won't use it but you have to enter it in order to move to the next screen so it's best to use the password you used to log in. Click "next" until you reach the "install" button. Click it and your machine will automatically restart.
Once your machine restarts, you'll be greeted with a new "MYDOMAIN\Administrator" screen. Sign in to your machine and your account to begin the next portion, where we'll be creating a dedicated domain admin account.
Begin by clicking your "start" icon, choose "Windows Administrative Tools", then "Active Directory Users and Computers". From there, right-click on your domain name and a drop down menu will appear. Go to "New", then "Organizational Unit". Use "ADMINS" as your "new object" name and uncheck the "Protect container..." option then click OK to continue.
Now, right-click "ADMINS", go to "New", then choose "User". We'll fill out our admin information here. Type you first and last name into the appropriate fields and, for "User logon name", format the entry as a-first initial last name as shown in the example pic. Click "next" to continue to the password select screen. To keep things simple, just use the password you use to log in to your machine. Make sure the "Password never expires" option is checked and click "Next" to continue, then click "Finish".
Finally, right-click on your name, then "Properties". Click on "Member Of", which will open a Domain Services Folder. Click "Add" and type "Domain Admins" into the "Enter the object names..." field. Click "Check Names", then "OK". After that, click "Apply" then "OK" to finish. Now, our domain admin account is ready to use. Sign out, then sign in with your new admin account and we can begin the next step.
This is the second half of our networking setup. Installing RAS/NAT will allow for connection to our virtual network and access to the internet while our DHCP Server will give us a range of IP addresses for users and computers to join the network.
Go to "Add Roles and Features" in your Server Manager, just as you did when you installed Active Directory, and click "Next" until your reach "Select server roles". Choose "Remote Access", click "Next", then choose "Routing" on the "Select role services" screen. Click "Add Features", then "Next" until you reach the "Install" button. Wait through another install session.
Once the install is done, go to "Tools" and scroll down to and click "Routing and Remote Access". Right-click on the domain controller name to open a drop-down menu, then choose "Configure and Enable Routing and Remote Access". Click "Next" to open the installation wizard, choose the "NAT" option and click "Next". From here, you should see the two network interfaces that were created earlier. Choose the one labeled "DHCP", click "Next" then "Finish" to complete the setup.
**Note: Sometimes, the 'network interface' field will come up empty. If this happens, simply close the wizard then reopen it.**
Time for one more install. This time, it's our DHCP Server. we'll follow the same process as our previous install, choosing "DHCP Server" on the "Select server roles" screen. Click "Next" until you reach the "Install" button to complete the process. Once the install is complete, got to "Tools" and choose "DHCP" to open the control panel. Let's set up our DHCP scope and subnet mask.
From the control panel, click on your domain name then right-click on "IPv4" to open a drop-down menu. Choose "New Scope", then click "Next" to open the scope wizard.
Here, you can enter "172.16.0.100-200" as your scope name then click "Next" to continue. On the next screen, you'll enter your IP address range, which will be the same as your scope name. In the "Subnet Mask" field, enter "255.255.255.0" and "Length" should be "24". Click "Next" to continue, again to skip the "Exclusions" screen. For "Lease Duration", you can set it for as long or short as you like. Since we're in a lab environment, it doesn't matter too much. Just be advised that the duration length dictates how long a computer will have that address before it refreshes. Click "Next" to continue, choose "Yes" to confirm DHCP options, then "Next" again. On the next screen (labeled "Router (Default Gateway)"), enter the domain controller's IP address and click the "Add" button. Click "Next" to pass the next two screens as we don't need to change anything with those. Choose the "Yes" option on the "Activate Scope" screen, click "Yes" then "Finish" to complete.
Just to make sure your server is working, right-click on your domain name and choose "Authorize" from the drop-down menu. After that, right-click again and choose "Refresh". With that, our DHCP server is active and ready for use.
Now that we've set up our networking environment, we can move on to creating our "user accounts". Before we do that, though, let's disable the internet security features on our domain controller so we'll have a smoother browsing experience. In your Server Manager, click on "Configure this local server". Go to "IE Enhanced Security Configuration" and click the "On" button to open the dialog box. From there, turn both Admin and User options off. This will keep us from getting spammed with warnings when we use the internet.
Now that that's done, we can begin creating our "user base". We'll be using the .zip file at the top of the page. Click the link to open then left-click on "View Raw" then copy.
Paste the link to your domain controller's internet address bar. Save the newly downloaded .zip file to your desktop so it's easy to find. Left-click to open a drop-down menu and choose "Extract All", then save the contants to your desktop. From your now- accessible folder, open "names", add your name to the top of the list and save.
For the next step, we'll be using PowerShell. Open your DC's start menu and left-click "PowerShell ISE". Choose "more", then "Run As Administrator". This is where we'll be using the script.
Click the folder ("Open Script") icon in the top right corner. Find the "AD_PS-master" resource in your desktop and open it. From there, open "1_CREATE_USERS". On Line 2 of the script, change the password to whichever password you chose. Otherwise, your client computer won't be able to sign in. Next, we'll need to run a command that allows us to run all scripts. In the field below, type "Set-ExecutionPolicy Unrestricted", hit enter then answer "Yes To All". Now we can run the script without *you guessed it* restriction. From here, we'll go to the directory where the resource is saved. Type in the highlighted command to open the file's contents. Now, your script is ready to run. Click the "Run Script" icon to begin creating your users. Check "Users and Computers" to see your newly populated list. With that completed, we're ready to create our client machine.
Now, it's time to create our client machine. We'll be installing the Windows 10 ISO. Same procedure as the Server ISO. Be sure to set the network adapter to "Internal Network" as the DC will provide the internet connection.
Click "Start" to begin running the machine. Begin the install and choose "I don't have a product key' on the Activate screen. On the next screen, choose one of the "Pro" options as the other don't allow us to join a domain.
Choose "Custom Install" when asked. Install as normal. Answer the required set up questions and, on the "connect you to a network" screen, choose "I don't have internet". Choose "Continue with limited setup" on the next screen. Choose a username but you can skip the password. Use your discretion of the "Privacy Features" screen and click "Next" then "Not Now" for Cortana. Your OS will automatically complete the installation process.
Install the "Guest Additions" software after that but wait on the restart.
Now that our client computer is up and running, we can join it to the domain. Right-click the "Start" menu, choose "System". Scroll down to the bottom and choose "Rename This PC (Advanced)". Click the "Change" button. Here is where you'll rename the PC. Choose your PC name, click "Member of Domain", then enter your domain's name in the field. Click "OK" and wait a few seconds, after which a sign-in screen will appear. Sign in with your admin credentials and you're good to go! Your client computer has successfully joined your domain.
More importantly, you have just successfully completed your Active Directory Lab. Congratulations!
© 2024 Active Directory Lab Walkthrough