Active Directory Home Lab with PowerShell Project Documentation

Selvyn Allotey
18 min readAug 27, 2022
FlashStart

Purpose of This Project

Considering how important and ubiquitous an active directory is in roughly every organization for the authorization of users, access, and applications throughout organizations making it sort of bread and butter for hackers, to be honest. In light of this, I have decided to take some time to learn more about active directory, and what better way to learn about IT than to actually build it?

What is Active Directory (AD)?

Well, to put it simply. Active Directory offers a collection of services to aid in the administration of an IT network. These services run on Windows Server which acts as the domain controller and enables the administrators to manage permissions and access to network resources. You’ve probably seen this before in your school or perhaps your corporate office but if you haven’t, this post will explain how it works in a virtual environment.

General Steps of The Project

  1. Download Virtual Box.
  2. Download Windows 10 ISO and Windows Server ISO.
  3. Create the first Virtual Machine as the Domain Controller.
  4. Give the Virtual Machine 2 Network Adapters. One connecting to the outside internet and the other to the internal private network.
  5. After the VM is created, install the Windows Server ISO onto it.
  6. Assign IP addressing for the internal network.
  7. The External Network automatically receives IP addressing from your home router.
  8. After IP addressing, the server is named and active directory is installed to create our domain
  9. Configure NAT and routing so the client on the private network can reach the internet through the domain controller.
  10. Set DHCP on the Domain Controller so the Windows 10 Machine can automatically be assigned an IP Address.
  11. Lastly, on the Domain Controller, run the PowerShell script to create about 1000 Users automatically.
  12. Create another Virtual Machine and Install Windows 10 to connect it to the internal private network.
  13. Name it and join it to the domain and log in with one of our client accounts.

How to Install Virtual Box

I’m assuming some readers are new to this, as I was a few days ago so I will demonstrate installing virtual box first. To start with, you would want to head to this website.

Click the big blue box that says “Download VirtualBox 6.1” or whatever version you see when you actually see this post.

Depending on your OS, click one of the platform packages to download and also below the platform packages. You should see VirtualBox Extension Pack and you should definitely install that too.

So after downloading and installing successfully, you should have something like the image right above. Ignore the VMs already on my system, they’re irrelevant to this tutorial.

Downloading Windows ISOs

To download the Windows 10 ISO and the Windows Server 2019 ISO. Click on the links here: Windows 10 & Windows 2019.

Windows 10

On the webpage, click “Download the ISO — Enterprise” . It would most likely ask you to enter some details so you could just fill that form in and then click Download now just like on the image below.

Windows Server 2019

The process is pretty much the same for the Windows Server 2019. Click the “Download the ISO” button and it should take you to a similar form as the Windows 10 form to fill before you can download.

Key Information: The ISOs will save in some strange name, I would recommend dedicating a folder you can easily locate for saving the ISOs.

You should have something similar to this directory if you stored it in a new folder like I suggested and now you’re ready to set up the first Virtual Machine as the Domain Controller.

Configuring The First Virtual Machine as the Domain Controller (DC)

Great, now to set up the domain controller we’re going to open our VirtualBox and click New and follow these steps:

  1. Set the Name as DC or Domain Controller. It could be anything but for simplicity, just set it as DC.
  2. Set the Version as “Other Windows (64-bit).
  3. Set the memory size as 2048 MB depending on how much RAM you have. 2048 works just fine.
  4. Select Create Virtual Hard Disk now in the Hard Disk Section.
  5. Click Create

You should have something like this image below.

Another window would pop up and if your settings look like the image right below this then you can quickly click create.

Configure 2 Network Adapters for the Virtual Machine

You would want to hit settings and configure your settings with these:

General

  1. Click General
  2. Select advanced in the tabs.
  3. Set Shared Clipboard and Drag’ n ‘Drop to Bidirectional. This just allows you to copy and paste stuff from the physical machine to the virtual machine and the drag n drop lets you drag stuff from the physical machine to the virtual machine.

System

  1. Click System
  2. Select Processors
  3. Increase Processors to roughly 4 CPU’s. You can also leave it at 1 if you’re not sure if your computer can handle it.

Network

  1. Click Network
  2. Select Adapter 2.
  3. Click Enable Network Adapter.
  4. Select Internal Network.

Adapter 1 connects to our home network.

After configuring the Virtual Machine, click on it and you should see something like this.

Now after this opens, click the folder with the green arrow on it. You should see something like this:

Click add and browse your computer to locate the folder you saved your ISOs in.

After adding it, click on it and click choose and you should have something just like the image below.

Finally you can click start.

Now click next and you should have an image asking you to install now. Click install now.

Afterward, you should get an image like this, make sure to select the Desktop Experience. Otherwise, you won’t get the GUI experience. Then click I accept the terms and conditions and then click next again.

You would come across this image above. Click Custom so the VM can start from scratch.

Click Next.

This might take a little while but uhm bare with me. The VM will restart after the installation is done.

Key Information: Do not push anything when the VM tells you to, just let it get ready.

You should see this on the virtual machine now. Enter the password as “Password1” just to keep things consistent.

Now to log in, on Virtual Box there’s a different way to press Ctrl + Alt + Delete apparently. These are the short steps:

  1. Hover Mouse to Input.
  2. Click Keyboard
  3. Click Insert Ctrl + Alt + Delete.

Now you can log in with “Password1”.

Furthermore, we would want a better experience. I’m pretty sure you’re experiencing the same lag as I am so what you’d want to do is Click Devices and then click Insert Guest Addition CD image just as the image below.

Now head over to explorer and click this PC. You should see something similar to the image below. Click VirtualBox Guest Additions

Select the AMD file and install it. Click I want to reboot manually. After this then shut down the virtual machine.

Start up the virtual machine again and then log back in.

Assigning IP address for the internal network

So when your screen loads up you should click that tiny network icon in the taskbar. That pop-up will show and click the button the poorly drawn red arrow is pointing at.

Following this, another window would pop-up and then click change adapter options.

You would get a window open like the one below. Right-click on one network and click status. After doing that, another window will open. Click details to check the IPv4 address.

Now, if you notice the IP address looking like the one in the image below 10.0.2.15. Then that would most likely be the one connected to the internet.

However, if you end up finding an IP address like the one below. That’s the internal network. It basically shows the NIC (Network Interface Card) was trying to find an IP address from somewhere but it couldn’t so the IP address was automatically assigned to it.

Now from there on it would be good to rename both network adapters. Just to make it easy to identify them.

Now assign the IP address to the internal network. These are the steps:

  1. Right-click on the Internal Network.
  2. Select Properties
  3. Select Internet Protocol Version 4
  4. Use the settings below.

Lastly you would want to right click the Start menu button and select System. Click rename this PC and set the name to “DC”. Click Next and Click Restart Now.

Install Active Directory Domain Service to create the Domain

After logging back in, you’re going to want to head over to the Server Manager window and select Add Roles and Features.

From there, just keep selecting next until you reach Server Roles. Locate Active Directory Domain Services from the list and make sure to check only that. Afterward, you would want to hit Add Features.

Moving on, you would want to keep selecting next until you reach the install button, then just click install. The installation success should look just like the one below.

Now you can close that window and you can see to the top right of the server manager. There’s a flag with a yellow triangle next to it, you should click that and click “Promote this server to a domain controller”. This actually creates the domain and what you did before just installs Active Directory Domain Services.

After doing this you’re gonna want to click add forest and name the root domain name as “mydomain.com” and click next.

Enter the generic password we’ve been using from the start “Password1” and hit next. We won’t really use this but uhm just for formalities.

Keep clicking next until you reach install from there. After it’s done, the virtual machine will automatically restart.

Install and Configure NAT and Routing

Now you should attempt to log in again after your computer restarts. You should come across MYDOMAIN\Administrator on the log in page. Login with the same password we’ve used throughout.

Now we’re going to create a dedicated admin account instead of using the built-in one we’re logging into at the moment.

To do this, you should follow these steps:

  1. Click the start button.
  2. Locate and click Windows Administrative Tools.
  3. Click Active Directory Users and Computers.
  4. Right-Click on mydomain.com.
  5. Click New and select Organizational Unit.
  6. Enter the name as _ADMINS and uncheck the protect container from accidental deletion and click okay.
  7. Right-click on the _ADMINS folder, Click New and Select User.

You should see this image. Set the User logon name with a common naming convention so something like a.sallotey. The “a” stands for admin here in this case. So it’s First Initial + Last name. Then click next

Use the usual password and use the settings checked as the image below. It’s just a lab environment so really you don’t need to worry about the password never expiring. Click finish and there you have your user.

Note: The User is still not an admin yet.

Now on your list of users right click on the user, you created and click “Add to a group”.

Type “domain admins” and click check names. It should resolve to the actual object name and then click ok. Just like the image below.

After doing this you’re going to want to sign out of the DC and login to the account we just created.

Click “Other User” and login.

Install RAS/NAT

Here are the steps to take to do this quickly:

  1. To do this we will go to “Add Roles and Features”.
  2. Click next until reaching Server Roles.
  3. Locate Remote Access on the list.
  4. Click Next until you reach Role Services.
  5. Check Routing and click Add Features.
  6. Click next until you reach Install and click install.
  7. After it’s done you’re going to want to close it.

After doing all the things listed above, select tools and click Routing and Remote Access.

A window should pop-up and now you would want to right-click the DC (local) button.

After right-clicking, click “configure and enable routing and remote access” and click next.

Then select NAT to install NAT to allow internal clients to connect to the internet using one address.

That’s why we renamed the interfaces, so select the “_INTERNET_” and click next. Afterward, click finish.

Note: If you do not see the first option available, simply close the window and click tools and then remote access and do the whole right click thing. Just repeat the previous 3 steps I’d say.

After it’s finished you should see a green arrow by the DC (local) like in the image above.

Now the RAS/NAT is configured.

Set DHCP on the Domain Controller

Here are the steps to take to do this quickly:

  1. To do this we will go to “Add Roles and Features”.
  2. Click next until reaching Server Roles.
  3. Locate DHCP on the list.
  4. Check DHCP and click Add Features.
  5. Click next until you reach Install and click install.
  6. After it’s done you’re going to want to close it.

You should have something like this image below after it’s done.

Setting Up the DHCP Scope

The whole purpose of the DHCP is to enable client computers on the network to automatically be assigned IP addresses. So we’re creating a scope to assign IP addresses within this range.

Here are the steps to do this:

  1. Go to tools and click DHCP.

2. You’ll notice they’re down so right-click the IPv4 and click New Scope.

3. Click Next.

4. Enter a name of the scope. We’ll use the IP range as the name 172.16.0.100–200 .

5. Set the IP Range using the following settings.

6. Skip the exclusions and delay.

7. Put the lease duration as 8 days. This duration depends on your use case but for this use case we can just leave it as 8.

8. Select, Yes I want to configure these options now and click next.

9. Enter the IP address 172.16.0.1 and click add. Afterward, click next.

10. Add the 172.16.0.1 to the list.

11. Ignore the WINS Server and click next.

12. Make sure “Yes, I want to activate this scope now” and click next.

13. Click Finish.

14. Afterward right-click dc.mydomain.com and click Authorize.

15. Now we have our DNS set up.

Enable Browsing on the DC

You’d want to enable browsing to download the powershell script:

  1. Click configure this local server.

2. Disable the IE Enhanced Security Configuration

Running the PowerShell Script

1. You shouldn’t disable this in a normal setting but since it’s a lab theres no issue here. Open internet explorer and enter this link.

2. You will see a prompt to download the Powershell script.

3. Click Save As and save it to your desktop in the virtual machine.

4. You’ll want to open the zip and drag the folder onto the desktop.

5. Open the folder you just dragged onto the laptop and open the names.txt file.

6. Add your name to the top of the text file and save it.

7. Click the start menu and click Windows PowerShell.

8. Right-Click PowerShell ISE and select run as administrator.

9. After PowerShell ISE opens, click the open button and locate the folder on the desktop with the PowerShell Scripts you downloaded.

10. Open 1_CREATE_USERS.

11. A window like this would open. The script is essentially looping through the contents of the text file. While looping through this text it is sort of sorting the text content in the naming convention in for the users.

12. Afterward, you would want to use the command “Set-ExecutionPolicy Unrestricted” and click Yes-to-all.

13. Now you’d want to Change Directory using the command in the image below and press enter.

14. Now click play to create all your accounts. It would ask if you want to run the script because you got it from the internet. You’d just have to click run once.

Note: You may see some errors while the script is running but that’s as a result of the duplicates in the names.txt file. You can ignore it, the script should still run.

15. So you could go to the Active Directory Users and Computers program you visited before. Click the domain and select _USERS. You should have a list of the users created from the PowerShell.

16. After it’s done you can right-click and refresh the domain and then right-click it again and select find to and try searching for your last name. You will be able to see both the admin account you made and the one from the script.

Create Windows 10 Client to join the Internal Network

Here are the steps:

  1. Open Virtual Box.
  2. Click New and Use the settings below.

3. Click create.

4. Use the setting below and click create.

5. Use these settings for General

6. Use these settings for System. Feel free to increase or decrease depending on your system needs.

7. Use these settings for the network. This will help get a DHCP address from the domain controller.

8. In the same way you added the Windows Server 2019. Click the CLIENT1 Virtual Machine and choose the Windows 10 ISO.

9. The installation is very similar to the Windows Server. If for any reason during the installation you’re asked to activate windows. Select you do not have a product key. It may ask you to choose a Windows 10 version, do not select Windows 10 home but select PRO. However, you may not be asked any of that and all you have to do is click custom like I was asked.

10. Wait for it to install.

11. During your set up, if it asks you this image. Just select “I do not have internet.”

12. If you see this screen below. Select, “continue with limited setup.”

Note: The set up changes all the time, so just make sure you create a local account and not a Microsoft account.

13.Set the username as “user”.

14. No need for a password, just hit next.

15. You have the option to leave the privacy settings on and just hit accept or turn them all off and hit accept.

16. Click not now for Cortana.

17. This might take several minutes.

18. To check if the internet works. Hit Win + R and type cmd.

19. In the command line type ipconfig.

Note: If you do not see the Default Gateway, you probably forgot to add the ip address when setting the DHCP scope. It should have server options for a router.

20. To check if the internet works. In the command line, enter the command ping www.google.com

21. To rename the machine and join the domain. Right-click the start button and click system.

22. Click Rename this PC (Advanced)

22. Click change and enter these settings

23. Enter the normal account details.

24. You should see this on the screen.

25. Click OK and watch the client restart after closing the Rename Advanced.

26. Go back to your DC VM and log back in.

27. Enter Server Manager and go to tools and select DHCP.

28. Click the scope and go to address leases. You’ll notice an IP Address has been assigned to the client. As it’s showing just 1 lease that was automatically assigned.

29. Now go to Active Directory Users and Computers. Select Computers and you should see Client1. This indicates that the computer is on the domain and any of the accounts can be used to access the computer.

30. Now go back to the client machine and click other user. Instead of using the local user, you can use any of the accounts on the domain to login to the machine now.

31. It’s going to do that whole windows set up thing but at the end you can go to the command line and type “whoami” and then check the user.

Conclusion

This taught me a lot about Active Directory and has provided a home lab for me to play around with and pretend to be Tech support like they used to call them in my high school. It also allowed me to apply networking concepts in a rather practical sense.

--

--

Selvyn Allotey

Networking | Cybersecurity | AWS Cloud | Digital Forensics