Active Directory Setup
#21 - AD Domain setup
How to setup AD in your HomeLab:
A HomeLab is the door opener to Network Analyst, Security Operations Center (SOC) and other Blue Team jobs.
Why?
Because you will need to understand how Corporate Networks work, how to monitor Traffic and how to read Windows Event IDs
But how do you start?!
First things first - There is a choice you have to make - Local or Cloud-based?!
We will go through with the local HomeLab so that you get experience setting it up
To do that you need around 60-100GB Disk Space, 8GB (better 16GB) RAM & ideally 8 Processor Cores
π‘ If you don't have that, go Cloud βοΈ (e.g. snaplabs - https://dashboard.snaplabs.io/)
Next, you want to download the Windows Server 2022 ISO - you can download it here:
https://www.microsoft.com/en-us/evalcenter/download-windows-server-2022
Do you have a Virtual Machine Orchestration Software?!
NO!?
Go install Virtual Box!
Once that is also done you do the following:
- (Install VirtualBox first)
- Click on
New - Give the Virtual Machine a Name (e.g.
DC22) - Select the
Windows Server 2022 ISO - use
4096MB RAM 60GB Disk Space2-3Cores
You will be greeted by this image:
Magic is about to happen.
Choose the correct language and time/currency/keyboard layout and hit Next
The next screen has a single button in the middle of the screen, you could click it if you are brave?!
Now you need to select Windows Server 2022 Standard Evaluation (Desktop Experience) and click Next
Accept the license terms and smash that Next button
Tricky part ahead - either you click on upgrade, it throws an error and you start from the beginning π π΅
OR you click on the Custom option, everything works and you feel advanced!
YOU CAN DO IT, I BELIEVE IN YOU!
You are an Advanced User now - Congratulations πππ
This next screen asks you if you want multiple drives/partitions - NAH WE GOOD THX
NEXT!
and now we waitβ¦ and waitβ¦ and wait some more! β³
untilβ¦
This beauty shows up and tells us that Microsoft Windows wants to restart the machine now
OK - but ONLY ONCE! π
and wait some moreβ¦
VM will restart & you now choose an Administrator - e.g. P4s$w0rd!
Make sure to remember (write down) the Administrator password you choose - I use "P4s$w0rd!" because it looks cool, right?! π
well...
π¨ if you do not have one, register for a password manager (e.g. bitwarden.com) and generate a secure long password
and once that is done, login to your VM and wait a little for the Server Manager to load
WAOW. this looks great Microsoft - clear UX, first-time boot, I know exactly where to click first.
β allow network discoverability (yes)
β close server manager popup
1 issue that you might see already is that this VM can currently not run in full screen - to fix that we need to do 2 steps:
- click on
Devices->Insert Guest Additions CD Image - in the
File Explorer, open the CD Drive and runVBoxWindowsAdditions-amd64.exe
That should do it (after reboot)!
Now you will want to change your hostname of the VM - click on the little search icon in the bottom left and type view pc name and open the corresponding app.
In the middle of the Screen is a button "Rename this PC" -> click that one
and give it a memorable name: e.g. DC2022 + click Next
well done - you now need to reboot again and then we Promote this VM to a Domain Controller.
You login with your Admin Account again -
now your Server Manager should pop up and you want to click:
Manage -> Add Roles and Features -> Next -> Role-Based or feature-based installation -> Next -> select Active Directory Domain Services -> Add Features -> Next 2x -> Install
This is going great - this will take a while though.
Now you can close the Installation Dialogue and in the top right you will see a Flag with an exclamation point in a yellow triangle -> click that
and then click:
Promote this server to a domain controller
PROMOTION ππ
This gives a raise plus benefits π°πΈ to the machine but also adds additional responsibilities.
We have to Add a new forest and give it a name - e.g. snackempire.home
the .home domain does not work externally but only locally which is exactly what we want!
Next -> enter a DSRM password + confirm it β
(I discourage you from using the very secure P4s$w0rd! from earlier - AGAIN)
and click Next -> this step will take some time and then populate the NetBIOS domain name with the root domain we entered
cool, next!
Yu smash that Next button until it is not available anymore and then click Install
Now wait until the install is complete & machine rebooted
Really well done! We are almost there
Check back to the installation screenshot - did you notice the 2nd error?
Make a mental note to fix this as soon as the install is done, so that you can be sure your domain controller is always available for clients to connect to π―
Click on the Network icon in the bottom right β Network & Internet settings
Now click on Change adapter options β right click the network adapter β Properties β Internet Protocol Version 4 β Properties
Enter a fixed IP address, the correct subnet mask (usually 255.255.255.0), the default gateway (router IP) and the alternative DNS (8.8.8.8 or your fall-back DNS server) β OK
Domain Controller setup β
WOHOOOOOOO well done! π₯³ π
In the next module we go through the install of the windows clients
0 comments