- Microsoft Azure (Virtual Machines/Compute)
- Remote Desktop
- Active Directory Domain Services
- PowerShell
- Windows Server 2022
- Windows 10 (21H2)
- Domain Controller VM (Windows Server 2022) named “DC-1”
- Domain Controller’s NIC Private IP address to be static
- ICMPv4 (ping) was allowed on the Domain Controller
- Create an Admin and Normal User Account in Active Directory
- Join Client to domain
- Attempt to login Client-1 with one of the users
Terms | Descriptions |
---|---|
Resource Group | is a container that holds related resources for an Azure solution. The resource group can include all the resources for the solution, or only those resources that you want to manage as a group. |
Virtual Machine | is a digital version of a physical computer. Virtual machine software can run programs and operating systems, store data, connect to networks, and do other computing functions, and requires maintenance such as updates and system monitoring |
Remote Desktop | Remote desktop is the ability to connect with and use a faraway desktop computer from a separate computer. Remote desktop users can access their desktop, open and edit files, and use applications as if they were actually sitting at their desktop computer. |
Active Directory Domain Services | are the core functions in Active Directory that manage users and computers and allow sysadmins to organize the data into logical hierarchies. |
Powershell | is a cross-platform task automation solution made up of a command-line shell, a scripting language, and a configuration management framework. PowerShell runs on Windows, Linux, and macOS. |
Domain Controller | are the servers in your network that host AD DS. DCs respond to authentication requests and store AD DS data |
Organizational Unit (OU) | Organizational units (OUs) in an Active Directory Domain Services (AD DS) managed domain let you logically group objects such as user accounts, service accounts, or computer accounts. You can then assign administrators to specific OUs, and apply group policy to enforce targeted configuration settings. |
Join Client to Domain | Joining a computer to a domain means connecting that computer to a network that is managed by a centralized server known as a domain controller. A domain is a logical grouping of computers, users, and resources that can be managed centrally by a network administrator. Overall, joining a computer to a domain helps to improve security, simplify network management, and increase productivity. |
Firstly, we will need to establish the resource group so that you can add your virtual machines for the Domain Controller (DC-1) and the Client Virtual Machine (Client-1). The Domain Controller VM will use Windows Server 2022 system image (a serialized copy of the entire state of a computer system stored in some non-volatile form such as a file).
The Client VM (Windows 10) named “Client-1” was created with the same Resource Group and Vnet that was created in DC-1.IP address set to static (static IP addresses are necessary for devices that need constant access.)
Second, check for connection between the client device and domain controller by logging into Client-1 with Remote Desktop Connection (RDP) and pinging DC-1’s private IP address using ping -t (perpetual ping). ICMPv4 (ping) was allowed on the Domain Controller's (DC-1) Firewall in Windows Firewall (Core Networking Diagnostics - ICMP Echo Request (ICMPv4-In)). After logging back into Client-1 check to make sure the ping is successful.
Pictured below displays that the icmp rule has been allowed on the windows firewall for inbound traffic:
While in DC-1, we've selected to 'add roles and features' to enable Active Directory Domain Services. Promoted as a Domain Controller (DC): a new forest as mydomain.com setup. Remote Desktop was Restarted and logged back into DC-1 as user: mydomain.com\labuser.
Next, we configure the organizational units for the admins and employees in Active Directory (AD) while continuing to be in DC-1 (Remote Desktop Connection). The accounts can now be viewed in Active Directory in the appropriate organizational unit. In the Active Directory, right click on your domain name and move your mouse to hover new-->Organizational Unit and left click to create folders for your AD. We will create employees, admins, and security groups.
Create a new OU named '_ADMINS' --> Create a new employee named Karen What (same password) with the username of 'karen_admin'. Once the admin is created, add "karen_admin" to the "domain admins" security group.
Log out and close the connection to dc-1 for current user(mydomain.com\labuser) and log back in as "mydomain.com\karen_admin".
Next, we'll join Client-1 to the domain< (mydomain.com); however, we must change the DNS on Client-1 to the private IP address of DC-1 so that we can properly add client-1 to the domain. Here we will select the NIC on client-1 to change the dns to the private IP address of DC-1
Select 'DNS Servers'
Select 'Custom' radio button for DNS server so that you can now enter the DC-1 private IP address.
Now that we have successfully changed the DNS server to the private IP address of DC-1, we can add client-1 to the domain without error. You will receive a message letting you know that the client has been successfully added to the domain. This can be done by going to System > Rename This PC > enter domain name > select OK > select Apply. The update this then require a system restart.
Message displays that client has been successfully add to the domain
Now, we can create our users that will be loaded into our _EMPLOYEES OU in the domain controller (DC-1). To create these employees we will run PowerShell_ISE as an administrator. A new File will be created then we can enter the pre-configured script into the file. When the script is run, the random employees will be created.# ----- Edit these Variables for your own Use Case ----- #
$PASSWORD_FOR_USERS = "Password1"
$NUMBER_OF_ACCOUNTS_TO_CREATE = 10000
# ------------------------------------------------------ #
Function generate-random-name() {
$consonants = @('b','c','d','f','g','h','j','k','l','m','n','p','q','r','s','t','v','w','x','z')
$vowels = @('a','e','i','o','u','y')
$nameLength = Get-Random -Minimum 3 -Maximum 7
$count = 0
$name = ""
while ($count -lt $nameLength) {
if ($($count % 2) -eq 0) {
$name += $consonants[$(Get-Random -Minimum 0 -Maximum $($consonants.Count - 1))]
}
else {
$name += $vowels[$(Get-Random -Minimum 0 -Maximum $($vowels.Count - 1))]
}
$count++
}
return $name
}
$count = 1
while ($count -lt $NUMBER_OF_ACCOUNTS_TO_CREATE) {
$fisrtName = generate-random-name
$lastName = generate-random-name
$username = $fisrtName + '.' + $lastName
$password = ConvertTo-SecureString $PASSWORD_FOR_USERS -AsPlainText -Force
Write-Host "Creating user: $($username)" -BackgroundColor Black -ForegroundColor Cyan
New-AdUser -AccountPassword $password `
-GivenName $firstName `
-Surname $lastName `
-DisplayName $username `
-Name $username `
-EmployeeID $username `
-PasswordNeverExpires $true `
-Path "ou=_EMPLOYEES,$(([ADSI]`"").distinguishedName)" `
-Enabled $true
$count++
}
Here is the script loaded into powershell prior to running the script to create 1000 random users
Random users are created now after choosing to execute the code. Here we can now see the script loading the 1000 users:
Those random Users are now reflected in Active Directory on the Domain Controller
Attempt to login on Client-1 with a random user that has been created
"It is good to have an end to journey toward; but it is the journey that matters, in the end.”
"So, what is it? What is it you’re doing with this one wild and precious life of yours?”
Next up Azure Network Protocols