Active Directory Setup | Windows Server, VirtualBox, RAS NAT




In this lab, we'll configure Active Directory in Windows Server 2016, then create user accounts then configure the connection and networking in the domain group.
to get more information about what Active Directory is, you can check out this article Active Directory.

Project steps

  • Download and install VirtualBox and Extension Pack
  • Download Windows 10 and Windows Server 2019 
  • Install Windows Server 2019
  • Configure the VM
  • Configure Active Directory (RAS/NAT, DHCP, Routing)
  • Create 100 users and add them to the domain using PowerShell script 

Let's begin

1/ Download and install VirtualBox and Extension Pack

you can download and install it from the official site: virtualbox.org/Downloads
else, if you're using Kali Linux, you can use these commands:

- update and install the package lists 

sudo apt update && sudo apt full-upgrade -y    

- import VirtualBox’s repository key  

wget -q https://www.virtualbox.org/download/oracle_vbox_2016.asc -O- \
| gpg --dearmor \
| sudo tee /usr/share/keyrings/virtualbox-archive-keyring.gpg   

- add VirtualBox repository to source list

echo "deb [arch=amd64 signed-by=/usr/share/keyrings/virtualbox-archive-keyring.gpg] http://download.virtualbox.org/virtualbox/debian buster contrib" \
| sudo tee /etc/apt/sources.list.d/virtualbox.list   

- update the source list again    

sudo apt update

- make sure the VirtualBox kernel modules are kept up-to-date when the Kali kernel gets updated

sudo apt install dkms -y

- install VirtualBox & Extension Pack

sudo apt install  virtualbox virtualbox-ext-pack -y


2/ Download Windows 10 and Windows Server 2019  

go to microsoft.com/evaluate-windows-server-2019, choose ISO, and continue
   


fill in the form and click continue to start downloading
   

do the same with Windows Enterprise 10
it's better to install windows 10 Pro if you have 8GB of RAM or less
Ps: Windows 11 requires 4GB of RAM
you can download it from here microsoft.com/windows10ISO

3/ Configure the VM   

go to New 


name it
type: Microsoft windows
version: Other Windows (64-bit)    


memory size: at least 2GB of RAM   


choose "Create a virtual hard disk now"   


choose "VDI"


choose "Dynamically allocated"



Now go to Setting


go to General > Advanced
Shared clipboard: bidirectional
Drag'n'drop: bidirectional   


Storage > Empty > Optical Drive
choose the Windows Server's ISO   


Network > Adapter 1: NAT


Network > Adapter 2: Internal Network   
OK   



4/ Windows Server 2019 installation

after setting up the VM, double click on the VM to start installing Windows Server
first, select your favorite language and keyboard
Next 
then hit "Install Now"


select “Standard Evaluation (Desktop Experience)” comes with the GUI   


Next
Accept Licence
Next   
choose "Custom: install Windows only"


choose New > Apply > Next


and just wait for the installation to finish
   



5/ Windows Configuration (Networking)   

after the installation's completion, it will start a basic configuration 
give a password (8 letters, one upper and one number at least)   


to unlock: Input > Keyboard > insert Ctrl-Alt-Del   


Allow Public Network: Yes   
Devices > Insert Guest Additions CD image > Download it   





wait for the download to complete then go to My PC and install “VBoxWindowsAdditions-and-64.exe”    


after the installation is completed, shut down the VM and start it again; you can use it on full screen now
click on the network icon on the taskbar   


Change adapter options   


there are two connections: Ethernet and Ethernet 2, they are the two adapters we configured before (NAT & local)    


when you look for the Ethernet's details you'll notice that it has a private IP address provided by your home router, this connection is the provider of the internet connectivity   


when you look for the Ethernet's details you'll notice that it has a private IP address provided by your home router, this connection is the provider of the internet connectivity   


assign an IP address for the internal connection
right-click > Properties > select IPv4 > Properties > assign a class C IP, a mask, and a DNS server that points to the machine itself (localhost), it's 127.0.0.1, or just repeat the IP address of the machine    


rename them
    

rename the PC
right-click on the Windows icon > System > Rename this PC > choose a name and restart now   




6/ AD Installation   

go to the search bar and look for Server Manager


Add roles and features   


Next
select Role-based or feature-based installation
Next   


choose the server you're working on now since it's the only one   


select active directory domain services
Next > Install   


   
now, we just installed the AD domain services, but we didn't create the domain yet 
choose promote this server to a domain controller    
  

choose "Add a new forest" 
name it   


check the DNS server capability   
set a restore mode password    
Next


leave the DNS Options, Additional Options, Paths, Review options as they are   
Install

After the installation (it may take a couple of minutes), the PC will restart automatically   


after restart, you'll notice the login account changed to "your_domain_name/Administrator    


open the Start menu > Windows Administrative tools > ActiveDirectory Users and Computers   


right-click on your domain name from the left list > New > Organizational Unit   


name it and click Ok    


right-click on the object you just created > New > User   


insert the user's name, login name, and hit Next   


now, create a password, check the options you want to apply for users according to the company's password policy:
  • if you assign a default password for all users, check this box so that the user change it on the first logon
  • if you have control over the users' passwords
  • this option is used most of the time only in labs
  • when the user has not entered the company yet, you can prepare the account for him before he comes in
choose the options that suit you and hit Next > Finish   


now you need to add the user to admin group
double click on the user > Member Of > Add > Domain Admins > Ok > Ok   



logout   
select "Other user" and insert your credentials to verify   


now, we need to install "Remote Access" services   
so go to roles and features like we did before    


select Remote Access
   
select routing and RAS   
Next > Install


go to Tools in the up-right corner
choose routing and remote access
   

right-click on your server
choose the first option: Configure and Enable Routing and Remote Access
   

Next
we want to use NAT to allow internal clients to connect to the internet using one public IP address   


select the external interface that connects to the internet
Next and Finish   


as you can see, the color is changed to green,
you can see the routing configuration menu under the server's name   


now, we will set up a DHCP server
to do so, enter to “Add Roles and Feature” menu again
select “Role-based or feature-based installation” like we did before
Next > Install   


wait for the installation to finish and close the wizard window
get back to the Tools menu > DHCP   


right-click on the IP4 menu > New Scope > Next   


name it (ex: with the range, you want to use)   


set the start and end IPs and the subnet mask to 24   


Next
leave the exclusions options as it is > Next

add the IP address of the NAT controller (the gateway) > Add > Next until the end > Finish   


right-click on the Controller > Authorize & Refresh    


we need to use the internet so we must configure Internet Explorer
go to Configure this local server   


turn off IE Enhanced security   



go to the Start menu and open Windows PowerShell ISE as administrator   


type: Set-ExecutionPolicy Unrestricted > yes to all     


change the working directory: cd C:\Users\"your user account"\Downloads\AD_PS-master\AD_PS-master    


go to github.com/AhmedBlh/AD_PS/master.zip and download and extract it   
the script will create an Organizational Unit and add the accounts from the names.txt file
Click Open and look for the downloaded script  
 

go to Tools > Active Directory Users and Computers, you can find the added users



now we need to create the Windows 10 VM
follow the same steps we already did when you created the Windows Server VM
New VM > name it and select your Windows version > Next > Finish
go to Settings > Advanced > set Shared Clipboard and drag'n'drop to Bidirectional
go to Network > Attached to Internal Network


double click on the VM > browse to your Windows ISO file   
you just need to install Windows 10 the same way you installed Windows Server before 

choose your location and keyboard
skip adding a second keyboard
choose “Domain join instead”   


type any username > Next > leave the password blank > Next   


turn off all options as you won't need any of them > Accept   
"Not now" to Cortana settings


after the Windows, boot-up go to CMD and verify your IP address and internet connectivity
you will see your IP address (172.32.0.10) allocated by the Windows server (172.32.0.1)


go to Windows Server VM > Tools > DHCP > IPv4 > Scope > Address Leases to verify   


now we need to add this Client to the domain we created earlier
right-click on the start menu > System    


scroll down to "Rename this PC (Advanced)"   


Change > name the computer > insert your domain name below > Ok   



enter your username and password “Pass0worD” > Ok    



you need to restart the computer now
go back to your Windows Server VM > Start menu > Windows Administrative Tools > Active Directory Users And Computers  


go to computers tab, you can see our Windows computer has joined the domain   


you can log in using any of the accounts from the names inserted before


Windows will prepare the client's environment for the new client      


verify the username you just logged in with




Congratulations, you finished the Lab 

I want to thank Josh Madakor for the very great content he's providing 
you can find him on Youtube, Linkedin, and Twitter
I hope you enjoyed this tutorial as I did; if you have any questions feel free to ask them in the comments below, I'll be happy to answer them all

to the next time, keep calm & keep learning ...





Comments

Post a Comment

Popular posts from this blog

OpenVas: Vulnerability Scanning | Installation Guide

Image
  Introduction: OpenVAS is a vulnerability scanner that analyzes endpoints and web apps to uncover and detect flaws. Corporations frequently employ it as part of their mitigation strategies to initially identify any weaknesses in their operational or testing servers and apps. This isn't an ultimate solution, but it can assist in the elimination of any common weaknesses that may have sneaked through the gaps. Installation: There are three methods to install GreenBone openVas: 1- Install from Kali/OpenVas repositories:  This way varies in difficulty because of the needed configurations, you can simply install it with apt. sudo apt-get update -y &&  sudo apt-get upgrade -y &&  sudo apt-get dist-upgrade -y sudo apt-get install openvas sudo gvm-setup sudo gvm-check-setup 2- Install from source (Manually): This way is not the best for beginners due to prerequisite installations and error handling can be challenging. github.com/greenbone/openvas-scanner 3- Run from docker:
Read more

Nmap | TryHackMe Walkthrough

Image
  An in-depth look at scanning with Nmap, a powerful network scanning tool. This room was created by DarkStar  and  MuirlandOracle , as it provides a great way to learn and start practicing nmap. I encourage you to give it a try by yourself since the hands-on practice will give you more understanding of the topic (take advantage of the manual page man nmap ). Task2: What networking constructs are used to direct traffic to the right application on a server? Ports How many of these are available on any network-enabled computer? 65535 [Research] How many of these are considered "well-known"? (These are the "standard" numbers mentioned in the task) 1024 Task3: What is the first switch listed in the help menu for a 'Syn Scan' (more on this later!)? -sS Which switch would you use for a "UDP scan"? -sU If you wanted to detect which operating system the target is running on, which switch would you use? -O Nmap provides a switch to detect the version of the
Read more

Azure Sentinel: Use Microsoft's SIEM to map global attacks

Image
 in this tutorial, we will display attacks from all over the globe on a world map using Microsoft cloud SIEM (Security Information and Event Management) this is a step-by-step guided lab so it will be a long tutorial. Project steps this project needs multiple stages to be completed, when you finish this guide you will be able to: create and configure a Virtual Machine using Azure configure a cloud network security group and create firewall rules create and configure a Logs Analytics Workspace collect data from Virtual Machines into Azure get familiar with PowerShell scripting and APIs use (KQL) Kusto Query Language (the Azure data exporter language)  Let's get started First of all, go ahead and create a free Azure account at  https://azure.microsoft.com/en-us/free/   When you're done with that go to your dashboard at  https://portal.azure.com/ Ps: Just a quick note before we begin, you will notice in Azure as in GCP or AWS that the search bar is your b
Read more