What is active directory?
Active Directory is like a big book that has information about all the people and things in a place. For example, it can tell you the names, passwords, phone numbers, and other details of the people who work in a company or go to a school. It can also tell you what computers, printers, and other devices are in the place, and who can use them.
Active Directory is a service that helps you manage and secure the users, computers, and other resources on your network. It is like a database that stores information about who can access what and how.
Active Directory security is the process of protecting this information from unauthorized or malicious access. It is very important for cybersecurity because Active Directory controls the access to your network and its resources. If someone hacks into your Active Directory, they can steal your data, damage your system, or impersonate your users.
So, after understanding what active directory is, lets have a look at the hardware and software we will employ to achieve our goal.
Hardware and Software
Gone are the days of having to run Physical servers and Pcs around your house to have a home lab. With the introduction of Virtualization, you can now build a home lab on any modest PC or laptop. You could even take all the steps below to build an active directory domain and spin yourself up a lab in the cloud with Azure or AWS basically for free using either vendor’s 12-month Free Tier.
Now depending on how many VMs you want to run at the same time, depends on the resources the host server will need. To follow along with this tutorial, you will need at least 3 Spare CPU cores, 5GB RAM, 80GB of free disk space minimum. Which is a pretty modest number of resources for a basic Active Directory Lab. Obviously, the more resources you can spare for each Virtual Machine the faster your lab will be.
In this tutorial, I will be using VirtualBox on a 8 cores CPU laptop with 8 gigs or RAM and 256 GB of storage. However, use whatever Virtualization Software you feel most comfortable with. The steps below will pretty much work for any Virtualization Software.
We will need to download the following:
1. Virtual box here. You can download the one that suits your machine whether Windows or Mac.
2. Windows server 2019-2022 ISO here.
3. Windows 10 ISO here
After downloading all these, install virtual box in your machine and we are good to go.
Installing Windows server
I will be using Windows Server 2019 for this so you can follow along if you have one, if you have another version, you can also follow as the process is similar.
· First on the home screen of virtual box, go to Machine on the top menu, and then click on new.
· On the new screen, Enter the details of your machine. I will name mine DC (Short for domain controller). Leave the folder option as it is (recommended), or you can change the location to suit your needs. Then go ahead and choose the Windows server ISO that you downloaded on the ISO Image section and clock next.
· On the next page, choose the amount of RAM and Processor you want your virtual machine to have. I will give it 2GB and 2 CPUs. If you have more resources, be generous to your machine for better performance, but don’t take too much from your host computer.
· After allocating the resources, click next.
· It is time to create a Virtual Hard Disk (VHD), I will give my machine 20 GB and leave everything else intact, and then click next.
· On the summary page you can see all the settings for our machine. Do not panic if you see any that you would like to change as you can do that later. After reviewing click on finish.
· Select the newly created virtual machine and click on Settings. Here we need to change the network settings. Our Server will have two network interfaces. Once connects to the internet and the other one to the internal network.
· To achieve this, Go to Network > Adapter 1 and make sure that it is enabled and attached to NAT. This will allow the virtual machine to access the internet through your host system’s network connection. For the second interface, go to Adapter 2, enable the adapter and change the attached to into Internal network. Click OK to save the settings and close the window.
Start the virtual machine by clicking on the green Start button. The Windows Server 2022 installation wizard will begin.
· Select your language, time and currency format, and keyboard or input method. Click Next.
· Click on Install now.
· Enter your product key if you have one, or click on I don’t have a product key if you want to activate Windows later. Click Next.
· On the operating system we want to install, choose Windows server 2022 (Desktop experience).
Accept the license terms and click Next.
Choose Custom: Install Windows only (advanced).
Select the unallocated space on your virtual hard disk and click Next. The installation will begin and may take some time depending on your system’s speed.
Installation may take a while, and the machine will restart a couple of time.
After the installation is complete, the virtual machine will restart automatically. You will be prompted to set up your administrator password and security settings.
Setting up Network interfaces
After a successful installation and login into our Windows Server, it is time to set up our two interfaces to enable network connectivity.
To achieve this, right click the network icon at the bottom right of your screen and select open network & internet settings. Then choose change adapter options.
Check on each adapter to check their Ip address and determine which is the internal facing adapter and which is external facing. The internal facing network will have an Automatic IP Address (APIPA), 169.254.182.252, it may vary depending on your machine.
This has to be assigned a static IP and gateway.
To achieve this, Right-click on the adapter > Properties > Protocol version 4 (TCP/Ipv4).
Double click on it and go to use the following Ip addresses. Enter the following:
Ip address: 172.16.0.1
Subnet mask: 255.255.0.0
Leave the default gateway blank.
On DNS enter 127.0.0.1
After that click ok.
Setting up Domain / AD DS
We are going to be setting up Active Directory on our new Windows 2019 server. Active Directory is a directory service that runs on Microsoft Windows Server that allows administrators to manage permissions and control access to network resources. Within Active Directory data is stored as objects, which include users, groups, applications, and devices.
Firstly, start by opening Server Manager (Click o home > Server Manager). This may take a few minutes for it to populate all the data.
Once Server Manager is open Click Manage and then Add Roles and Features.
In the Add roles and features wizard click the third option on the left menu for server selection and you will then be able to select Server Roles.
Tick the box next to Active Directory Domain Services. You will then be prompted with a window showing all the services or features that will be installed. have a quick read through what’s being installed. Make sure include management tools is selected and click add feature.
It is also worth adding the DHCP Server role. This is not needed for the Active directory setup. However, we might as well install it now, so we don’t have to statically assign the IP Address of every device we connect to the LAB.
Click Next to move to features. leave everything as default.
Now click Next through AD DS, DHCP Server and DNS Server leaving everything as default until you get to confirmation. From here click Install
This will now install everything needed for Active Directory Domain Services, DHCP Server, and DNS Server.
After the installation has finished Click Close, to close the Add Roles and Features Wizard.
In Server manager you should now see the Flag has a yellow triangle next to it. click this and select Promote this Server to a domain controller.
You should see the Active Directory Domain Services Configuration Wizard pop up. Select Add a new forest and enter a domain name. I have gone for mydomain.com, but you can call your domain whatever you like. Click Next.
In the Domain Controller Options, set an Directory Services Restore Mode password, confirm the password and then click next.
Verify the Netbois name is correct and click next.
Leave the AD DS database, log files and SYSVOL folder locations as default, click next.
Review all the Configurations we have just set are correct. Click Next.
Once the Server has finished being promoted to a domain controller, Reboot to complete the Installation.
Creating a new Admin User
We need to set an admin user for our domain, mydomain.com, which is different from the default admin account.
To start this go to Home > Active Directory Users and Computers
Next, right-click on Mydomain.com (or whichever name you gave to your domain) > New > User
Enter the First name and Last name of the admin user and the user logon name. I used a-for admin, first name initial and last name, to come up with (a-lobura). Click Next
After creating the password and password policy, the next thing is to add our admin user to the admins group. Right click on the user, and go to Member of and add to admins. Click ok.
After setting the account, restart the machine and on the login, screen choose another user and enter credentials for the newly created account, for the mydomain.com.
Setup Windows DHCP Server
DHCP is not essential for your lab to work, as you could statically assign IP address for every device you connect your LAB too and it would work just fine. Furthermore, you could actually set up DHCP to come from the PFSense router instead if you prefer. Windows DHCP is easy to customize and configure and I have personally been using windows DHCP Server since the days of Windows NT and prefer it over most other DHCP server solutions out there.
In Server Manager go to add roles and features, select Server roles and tick DHCP Server. Add all the features and make sure Include Management tools if ticked.
Once DHCP is installed you should be able to find the DHCP app by searching in the start bar OR can be found in Administrator Tools.
The New Scope Wizard window should pop up, Click Next.
Give the Scope a name and a description, then click next.
Now enter the range of IP addresses you want the DHCP Server to manage. In this tutorial I am using a full 24-bit subnet which is basically 254 IP Addresses, so is going to be everything from 172.16.0.100 to 172.16.0.200 Click Next.
Now Add some exclusions, these are devices which need to be staticky set for example the Active Directory domain controller we just created. Here I have not excluded anything.
Set the lease Duration. This is how long a device keeps an IP Address for before asking for a new one. Leave this on the default of 8 Days, for lab purposes, but for work you should consider a reasonable duration. click Next.
Now we have to configure options within DHCP, like which DNS servers to use and what’s the default gateway. Select Yes. I want to configure these options now and click Next.
Type the Ip address of the default gateway. In this LAB we use 172.16.0.1. Type this address into the IP address field and click Add.
In the DNS option, we leave it blank as our machine will use the loopback address for DNS resolution. Click Next.
Don’t worry too much about adding any WINS information, just leave everything default and click next.
Select yes I want to activate the scope now. and click next.
And is as easy as that so any new Devices joined to our Lab will now get a dynamic IP Address from this DHCP Server unless the IP address has been statically assigned on the device. This will help when we add a Windows 10 VM to the LAB network and join it to the Active Directory Domain.
Setting up Windows 10 Machine
Having an Active Directory Server on its own network is all good and well but it does not really do much unless you have devices that connect to and use Active Directory.
Installing Windows 10 on virtual box should be similar to installing windows server. Because of that I’m going to go straight to the joining our mydomain.com section.
Go right ahead and install windows 10 in your virtual box and then we can continue.
Joining a Windows 10 WorkStation to the Domain
All we have left to do is join the workstation to our Active Directory domain. You used to just be able to go to system in the control panel to join the pc to the domain However Microsoft are slowly getting rid of the control panel icons and you now need to go to Start -> Settings -> System -> About or just search for system it will take you to the same window.
In the About window, click Rename this PC (advanced) in the far-right menu. If initially, you can’t see the menu. Make sure to maximize the about window for the options to become available.
The System Properties window should appear. Click Change.
Rename the Computer From its default name. Change the member of to Domain: Then enter the name of the Active Directory Domain you created earlier in this tutorial. If you have been following along with my examples this will be mydomain.com.
You will then be asked to enter a username and password. Enter the administrator details you created for your domain
After a couple of seconds, you should get a message welcoming you to the domain. Click Ok
The messages changes telling you the computer needs to restart. Click Ok. Close out the system Properties. On the Window that pops up type Restart Now.
Once the PC has rebooted the Workstation will be fully joined to the Domain and any user from Active Directory will now be able to log into this Computer… Have a go Login with the domain administrator account.
So, you now have a complete self-contained Active Directory Lab, what next? Well, the first thing I would do is create some more users in Active Directory users and computers. I will be creating another tutorial on how to automate this using PowerShell, so follow to keep in touch.
0 Comments:
Post a Comment