Setting up
Downloading VirtualBox and iso images
VirtualBox Download
Below is the link to download VirtualBox.
Windows 10 ISO Download
Below is the link to download the Windows 10 ISO. I will walk through how to download it.
Windows Server 2019 ISO Download
Below is the link to download the Windows Server 2019 ISO. I will also walk through how to download it below.
https://www.microsoft.com/en-us/evalcenter/download-windows-server-2019
For the Windows 10 ISO Download, as of June 20th, 2023, you’ll have to download the media creation tool. Accept the license terms, and once you reach the window shown below, select the second option.
Click next on the language architecture and edition window. Then select the ISO File option and download it. Once it’s done, click on finish.
To download the 2019 server, simply click the link with the red box shown below and select the location to save the iso file.
After getting the ISO Images, open up Virtual box and simply click new. (Ignore the other VMs I have)
For the name, we can just do something simple like “DC” for Domain Controller. I didn’t change anything for the Folder, but for ISO Image I selected the Windows Server 19 that we downloaded above. After selecting the ISO, VirtualBox will immediately detect the Type and Version.
Below the Version, make sure to checkmark the box to ”Skip unattended installation”.
Once in the hardware Window, I will select 4096 for memory and 4 CPU Cores. But Depending on how much RAM and CPU Cores you have, you can select the same or cut these down to half to 2048 and 2 Cores.
In the Virtual Hard disk Window, at first, it had 50 GB but I dropped it down to 20 GB. I recommend you do the same, and make sure that the “Pre-allocate Full Size” stays unchecked.
Your summary window should look something like this. After checking the summary, click finish.
Now we have our Windows 2019 Server ready, but before we start it up let’s change some settings to allow us to drag and drop items from our real machine into our Virtual Machine. Go to settings.
Inside of the settings, we will be in the general settings, go the the “Advanced” tab and change the shared clipboard and Drag’n’Drop to shared as seen below.
After this, click on Network on the left side. We will be on our adapter 1, which is fine as is. But we need to switch over to adapter 2. As seen below, make sure the Enable Network Adapter box is checked, and that it’s attached to the “Internal Network”. I also switched the name from “DMZ” to “intnet” using the arrow on the right. After this, click OK.
After those network changes, we can click on the start button up top. Once the Virtual Machine is done starting up, we will be met with this window. Simply click next, and in the next window click on the “Install Now” Button
Make sure the operating system you install has the “Desktop Experience” then click next. And accept the license agreement.
When it asks for the type of installation, click on “Custom” and then next.
The installation will take a while and it will restart a couple of times. When asked to “Press any key to boot from CD or DVD”
Just don’t do it, it isn’t necessary.
Just wait, and Windows will start up on its own.
Once you get to the window shown below, then we know Windows is installed. Use a password that will be easy to remember for this lab. Then click finish.
Once you get to the window below, you can send a Ctrl+Alt+Delete using the Input tab at the top of the screen as seen below. Then log in using the password that you placed in the step before.
We will then be greeted with the Windows 2019 Server Desktop.
Navigate to the Network symbol at the bottom right of the desktop and click on “Network & Internet settings”
Once those settings are open, navigate to “Change adapter options”.
We will find the Internet and Internal adapters that we made in Virtual Box. The one with “Network” is the adapter that is connected to our home network and is NATed. Let’s right-click on it and rename it to “INTERNET_ADAP” and rename the second one to “Internal_Adap”. Giving both of them different capitalization so that we don’t get confused between the two.
Let’s then right-click on the internal adapter, and click on “Properties”. Double Click on Internet Protocol Version 4.
Inside this window, the private IP address of the DC controller for this adapter will be 172.16.0.1 with the subnet mask of 255.255.255.0. We can leave the default gateway empty. As for the preferred DNS, we will put the loopback address. This means that the Domain Controller will be its own DNS Server. Once these changes are made, click on OK and close out everything else.
The next step is to change the Server hostname. As seen below, just right-click on the Windows icon and click System.
Once the About window appears, you might have to scroll down a bit. Click on “Rename this PC”. As seen below, we can see the current name and input the new name. The name I will use is DC. After putting the name just click next and then restart now.
Setting up Active Directory
setting up Active Directory services
Once logged back in, the Server Manager should open up on its own. But in case it doesn’t go to the bottom left and click on the search/magnifying glass symbol and search for “Server Manager” to open it.
Let’s start working towards setting up the Active Directory now. Inside of Server Manager click on “Add roles and features.” as seen below.
Click next twice until you’re at “Server Selection”. This is where we select which device will have the active directory services installed on it. Since we only have the DC Device, there should only be 1 option here. Click next. From the list, select “Active Directory Domain Services” and then add features. Then click next.
For everything else, just click next, and at the end just install.
Just wait for the installation to finish. It should say “Installed succeeded on DC” below the progress bar once it’s done. When you see that, you can close the wizard window.
Once back in the Server Manager, to the top right, there will be a yellow symbol. This is telling us that we need still need to configure the Active Directory Domain. So click on the symbol and click on “Promote this server to a domain controller” as seen below.
Once you clicked that, click on “Add a new forest”. When it comes to the root domain name you can use something like “mydomain.com” or since this is a lab, your name as seen below. After resetting that click next.
For the password, in this lab environment, I will be using the same password I used for the administrator account. Then click next.
Keep clicking next until you can install it. Once the installation is finished, the server will restart on its own.
After the new computer settings are applied, we’ll be able to send a Ctrl+Alt+Delete. Once it’s sent, we can see that our domain will appear on the left side of the Administrator account.
Let’s create a Domain Admin Account so that we don’t keep using the Administrator Account for this Server.
Once logged in, the server manager should open up immediately. Navigate to Tools on the top right and the drop-down menu click on “Active Directory Users and Computers”.
We will be able to see our freshly made domain.
Right-click on the domain name, in this case, for me, it will be “victor.coil”. On the drop-down menu hover over New and select “Organizational Unit” as seen in the picture below.
On the new Object Window, The name I placed is “_ADMINS” and I unchecked the “Protect container from accidental deletion”.
The new Organization Unit will appear on the left side under our domain. We can then right-click on the newly created ADMINS folder and select New -> User
The image below will show what I imputed in the New User window. The “a” in the username is just a way to know that it is an “admin” account. After inputting your information in this window, click next.
The next window will take us to the Password for the user. I will use the same password That I’ve been using for this lab.
I unchecked “User must change password at next logon” and checked “Password never expires” and then clicked next and finished.
We will be able to see the new user inside the ADMINS folder.
Right-click on the user, click on properties, at the top click on the “Member Of” tab, and inside of this tab click on the Add button.
Inside the “Enter the object names to select” box, type in “Domain admins” and click on “Check Names” on the right. It will put the correct object in the box. Then click OK, then apply, and ok again.
Now we have a proper Domain Admin Account. We can test it out by closing everything out and signing out of the current administrator account we are in.
After sending a Ctrl+Alt+Delete, instead of signing in to the administrator account, navigate to the bottom left where it says “Other user”. Plug in the credentials of the User we created under our Domain.
Inside the Domain Administrator Account, the server manager will open up again once logged in.
Navigate to “Add Roles and Features” once more. Keep clicking next until you reach Server Roles, and select “Remote Access” as seen below.
Keep clicking next until you reach “Role Services”, and select Routing. Click Add feature. This will also select DirectAccess and VPN(RAS) which is fine. Keep clicking Next until you reach confirmation, once there click Install. Once it is finished installing, close the wizard window.
Once back in the server manager, navigate to tools and click on “Routing and Remote Access”.
Right Click on “DC (local)” and select the top option as seen below.
Inside the Routing and Remote access Wizard, click next, then make sure NAT is selected on the second window.
On the Window in the image below, if you don’t see adapters inside of the little box, simply click cancel and close the Routing and remote access window and open it up again through Server Manager. This little bug also happened to me during this but this seemed to do it. It should look like the image below.
Select the Internet Interface for this step, then click next, and finish.
You know it’s up and configured when you can see a little green arrow next to DC (Local) in the Routing and Remote Access window.
Setting up DHCP on AD
DHCP will give an IP to clients in the environment
We will be setting up a DHCP server on the 2019 server
In the server manager, select “Add roles and features” and click next until you are at “Server Roles”. In the list of roles, select “DHCP Server” and add the feature. Then keep clicking next until you can install. Once it finishes installing, close the wizard window.
Inside Server Manager navigate to tools and select “DHCP”
Once the DHCP Window opens, right-click on IPv4 and select “New Scope” as seen below.
In the newly opened wizard, just click next. For the scope name I simply used “172.16.0.100-200”.
The image below is what I imputed for the scope.
Once in the exclusion and delay window, you can just click next. Same for lease duration, for this lab environment we can leave it at 8 days. Then “Yes, I want to configure these options now”.
As seen below, use the IP Address of the DC. Don’t forget to click the Add button.
For the Domain name and DNS Servers window just click next. Same with the WINS window, click next. Then keep the “Yes, I want to activate this scope now” checked and click next, and finished.
After this, right-click on the DHCP server on the right and select Authorize as seen below.
You can also right-click on IPv4 and select Refresh. You will see a little green checkmark appear. This tells us that the server is up.
Automating with PowerShell
automating the creation of 200+ user accounts
On the server manager, click on “Configure this local server”, it’s the option above “Add roles and features”.
As shown below, click where the Red box is shown and put off both settings. This will allow the Domain Controller to be able to browse the web easier. Don’t do this in a production server.
After this click ok and open up Internet Explorer.
If the window to set up internet explorer 11 appears just click on “Ask me later.”
Then copy and paste the link below to the URL search bar.
https://github.com/joshmadakor1/AD_PS/archive/master.zip
Once you click enter on the link, at the bottom click on the arrow next to Save and click Save as. I saved the .zip file on the desktop. Once there, just double-click on it and drag the folder inside of the zip onto the desktop.
This will download a script that will take in a Txt file with names and create User accounts on the Active Directory. The zip file already comes with a list of 1000+ names. You can open the text file and delete a big chunk if you want fewer users. In my lab environment, I only left 200 names in the Txt file and added my name to the top.
After saving the txt file changes, navigate to the magnifying glass at the bottom left and search for Windows Powershell ISE. Right-click on it and run it as administrator. Click yes on the pop-up window.
Inside PowerShell, on the top left, there is a little open folder button. Click on that, then navigate to Desktop, into the folder that we pulled out of the zip file, and inside click on the 1_CREATE_USERS file
Below is an image showing the script contents.
Before we run the script we have to run this command first.
There will be a pop-up but simply click Yes to All.
We will also have to Change the directory to where the script and text file are located. So for me, I had to run the command below.
Once there, we can click on the green arrow on top of PowerShell. Once run, there will be a pop-up warning you about only using scripts that you trust. Just click Run once.
You will see the users being created in the bottom window of PowerShell. We can also confirm this further by opening Server Manager, navigating to Tools, and clicking on “Active Directory Users and Computers”.
Under our Directory, a folder named “_USERS” will be made, and inside will be the user accounts that were created.
Deploying the Windows 10
It can test if our environment is working
Now to create the second Virtual Machine. The name is Client1, I didn’t change the folder path, and I selected the Windows 10 ISO Image file that we downloaded in the beginning. After this click next.
As brought up before, 4 GB of RAM is used and 4 CPU Cores.
As for space, 60GB were selected. This space will be needed for future labs. Click next and finish.
After that, make sure that Client1 is selected and click on settings at the top. Navigate to Network and instead of NAT, change it to Internal Network. With the name being “intnet” instead of “DMZ”. After that, click ok and start the virtual machine.
Once at the window below, click next, and install now. When the “Activate windows” window appears, click “I don’t have a product key” at the bottom.
For the operating system, select Windows 10 Pro, and accept the licenses.
For the installation type, select Custom. Then select next. The installation will take a bit and the virtual machine will also restart a couple of times.
Again, do not press any key when it asks you to press a key.
Once the screen below appears, just click yes. Then yes for the keyboard window. After that skip.
If it asks you to connect to a network, click on “I don’t have internet” at the bottom left.
You may be told there’s more to discover when connected to the internet, click on “Continue with limited setup.”
If asked what setup you’d like, click on personal use.
Just keep it offline, and limited setup.
Once at the screen below, you can just use “User” and click Next. The password can just be blank.
Once at the privacy settings, just turn everything off.
Once inside the Windows 10 virtual machine. I opened the command prompt and ran ipconfig. As seen below, the IP of the Windows 10 address is 172.16.0.100 and the Gateway is 172.16.0.1 which is the Windows 2019 Server.
We are also able to ping Google which means that our infrastructure works as well as the NAT that we set up on the Domain Controller.
Let’s change the name of the Windows 10 virtual machine and join it to the domain. Right-click on the Windows button to the bottom left and then click on System.
Once in the about Window, scroll down until you see “rename this PC (advanced)”
You can ignore everything and just click on the change button shown in the image below.
In the new name change window, You can place the new name of the machine and the domain that it will join into. Below shows that I picked the name “Client1” and the domain name victor.coil. It then asked to log in with an account that is under that domain. I logged in with “vcoil”. An Administrator account is not needed.
After inputting the proper credentials of an account under the domain we made. The below message will appear. Then you’ll have to restart the Windows virtual machine.
We can further confirm that the Windows 10 Computer is in the domain by checking on the Domain Controller.
With Server Manager open, navigate to tools -> DHCP
The newly renamed computer will show up inside of the scope we created in DHCP.
That concludes the lab.