Scribd
Upload
102 views112 pages

#1 Building A Personal Active Directory Lab: A Step-By-Step Guide

This document is a step-by-step guide for setting up a personal Active Directory lab using VMware Workstation and Windows Server. It covers the installation of VMware, creation of a virtual machine, installation of Windows Server, and the configuration of Active Directory, including creating organizational units, groups, and users, as well as setting up Group Policy Objects. The guide provides detailed instructions for each step, making it suitable for users looking to establish an Active Directory environment for learning or testing purposes.

Uploaded by

radwa.aboelkhairrabea
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
102 views112 pages

#1 Building A Personal Active Directory Lab: A Step-By-Step Guide

This document is a step-by-step guide for setting up a personal Active Directory lab using VMware Workstation and Windows Server. It covers the installation of VMware, creation of a virtual machine, installation of Windows Server, and the configuration of Active Directory, including creating organizational units, groups, and users, as well as setting up Group Policy Objects. The guide provides detailed instructions for each step, making it suitable for users looking to establish an Active Directory environment for learning or testing purposes.

Uploaded by

radwa.aboelkhairrabea
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 112

#1 BUILDING A PERSONAL ACTIVE

DIRECTORY LAB: A STEP-BY-STEP


GUIDE

Dinesh Gorapalli
Table of Contents
Basic Active Directory Setup Activity: ..................................................................................................... 2
Installing VMware Workstation .............................................................................................................. 2
Windows server ISO download ............................................................................................................... 5
Creating a new VM.................................................................................................................................. 6
Installing Window server on VM............................................................................................................. 7
Windows Server Setup. ......................................................................................................................... 10
Installing Active Directory: .................................................................................................................... 17
Active Directory Forest Structure. ........................................................................................................ 20
Creating OU in Active Directory. ........................................................................................................... 21
Creating Groups in Active Directory. .................................................................................................... 23
Creating Users in Active Directory. ....................................................................................................... 26
Creating Computer in Active Directory ................................................................................................. 29
Setting up Group Policy Objects (GPOs) in a home lab ........................................................................ 31
Group Policy Object (GPO) .................................................................................................................... 31
Installing GPMC ..................................................................................................................................... 32
Creating GPO ......................................................................................................................................... 36
Group Policy 1: Password Policy. ..................................................................................................... 40
Group Policy 2: Drive Mapping ......................................................................................................... 52
Group Policy 3: Desktop Wallpaper Policy........................................................................................ 56
Group Policy 4: Restrict Access to Control Panel .............................................................................. 60
Group Policy 5: Disable USB Storage. ............................................................................................... 63
Installing Client ( Windows 10 Enterpriser) 2023 Setup in VMware. ................................................... 67
Configure Windows Server ................................................................................................................... 91
Adding Computer to Domain: ............................................................................................................... 94
Joining the Computer to the domain: ............................................................................................... 99
User Login with Domain .................................................................................................................. 107

DINESH GORAPALLI 1
Basic Active Directory Setup Activity:
Objective: Set up an AD domain from scratch.
Steps:
1. Install windows server in a virtual machine.
2. Promote the server to a Domain Controller(DC).
3. Create an AD domain.
4. Create organizational units(OUs) for different depertments.
5. Create user accounts and groups within these OUs.

Installing VMware Workstation

1. Search for VMware workstation in any search engine or else simple click this link Download
and license VMware Desktop Hypervisor for personal use (Fusion Pro and Workstation Pro)
(broadcom.com)

2. Now need to register in to Broadcom website. After that login into Broadcom with
credentials, now need to select VMware Workstation Pro.

3. After Download, it takes some time. Once download is completed open that by click that
application.

DINESH GORAPALLI 2
4. We can see license agreement, as we seen below just click next.

5. After that, again click next.

DINESH GORAPALLI 3
6. Again click next.

7. Click finsih

8. After all set up, we can see in VMware Workstation on desktop click open, then it shows
alike below. Select a option Use VMware workstation 17 for Personal use.

DINESH GORAPALLI 4
9. Click finish.

10. Now, we see the VMware platform.

Windows server ISO download


1. To install Windows server ISO, you can search in any search engine as Windows server ISO
version or Windows Server 2022 | Microsoft Evaluation Center click for windows server
2022 latest.

DINESH GORAPALLI 5
2. It takes some time. Once download was completed. Then open VM ware workstation app to
create virtual machine.

Creating a new VM

1. Open VMware, click create a new virtual machine.

2. Give some size for disk. Later, it can increase based on usage.
DINESH GORAPALLI 6
3. Once all setup completed, we can see VM ware like as show below.

Installing Window server on VM


1. To install Win server 2022 on VMware, open VMware, then click on CD/DVD( SATA).

DINESH GORAPALLI 7
2. Enable the use ISO image file

3. By clicking on browser, open the downloaded ISO file.

DINESH GORAPALLI 8
4. Once it is done, Click Ok.

Hence, in this way we install Window server on VMware workstation.

DINESH GORAPALLI 9
Windows Server Setup.
1. To setup window server 2022, now click on power on the vm.

2. Once on, click any key asap if not you can see this kind of error. In that situation just right
click on sever name stop server and again start.

3. Now we see this kind of pop window, just click next.

DINESH GORAPALLI 10
4. After the it takes some more time to setup.

DINESH GORAPALLI 11
5. Now, select the Windows server 2022 standard evaluation( Desktop Experience).

6. Accept that software license by clicking on checkbox then click next button.

DINESH GORAPALLI 12
7. After that , select Custom and wait for some time to setup.

8. Now , we see customize setting for password to set.

DINESH GORAPALLI 13
9. Now to login into server, we enter with that credentials.

DINESH GORAPALLI 14
10. Once After the login we see as shown in below

11. To check whether we install correct server version or not, just type in search as winver as
shown below. Then we see details of server with that pop window.

DINESH GORAPALLI 15
12. Click ok

Therefore, in this way we setup window server 2022 on VMware workstation.

DINESH GORAPALLI 16
Installing Active Directory:

1. Login into the Window Server.

2. Open Windows server, then search for “Server manager “

3. Click the manage, then select Add Role and Features.

DINESH GORAPALLI 17
4. Then the select type “Role-based or feature-based installation”.

5. Select destination server, click Next.


DINESH GORAPALLI 18
6. In the select server roles we have to select “Active Directory Domain Services” , then click
next.

DINESH GORAPALLI 19
7. In feature, we can see “Group Policy Management (Installed)”. Select and install it.

Hence, In this way will create Active directory Installation.

Active Directory Forest Structure.

1. Tree - A hierarchical collection of domains with a single starting organizational unit (OU) and
a series of subdomains. Domains and subdomains share a common naming convention.
2. Forest- A collection of one or more trees that share a single database, global address list,
and security boundary
3. Trust relationships - Domains in a tree have a transitive trust relationship, meaning that if a
domain joins a tree, it automatically trusts all the other domains in that tree.
4. Security boundary - The security boundary of Active Directory is at the forest level. By
default, a user or administrator in one forest cannot access another forest.
5. Isolation - Forests can be used to isolate Active Directory trees with specific data.
6. Trust between forests - A trust relationship can be set up between two forests to allow them
to share resources together. This is called a forest trust.

DINESH GORAPALLI 20
Creating OU in Active Directory.

An organizational unit (OU) in Active Directory (AD) is a container that groups objects like users,
computers, and groups. OUs are similar to folders and can be organized hierarchically to reflect an
organization's structure

DINESH GORAPALLI 21
1. To create OU, go to Active directory User and Group, there we see domain name , right click
on it select new , then select Organizational unit.

2. Type the name of the OU which you want. Then click ok.

3. We see the OU’s in left control panel side.

DINESH GORAPALLI 22
Hence, in this way we create OUs in Active Directory.

Creating Groups in Active Directory.


Active Directory (AD) groups are collections of objects, such as users, computers, and other groups,
that are used to simplify the administration of user accounts and computers.

There are two types of AD groups:

1. Security groups: Used to assign permissions to shared resources

2. Distribution groups: Used to create email distribution lists

There are three of AD groups scopes:

• Domain Local group


• Universal group
• Global group

DINESH GORAPALLI 23
1. To create Group, go to Active directory User and Group, there we see domain name , right
click on it select new , then select Group.

DINESH GORAPALLI 24
2. Enter the group name you want, then select “Group Scope” and “Group Type”.

3. After that click ok.

DINESH GORAPALLI 25
Hence, In this way we create Groups in Active Directory.

Creating Users in Active Directory.


1. To create USER, go to Active directory User and Group, there we see domain name ,
right click on it select new , then select User.

DINESH GORAPALLI 26
2. Enter the User first and last name. Then give the user logon name.

3. Set Password for the User.

DINESH GORAPALLI 27
4. Then Click finish

5. Now you can see the user.

DINESH GORAPALLI 28
Hence, in this way we create user in active directory.

Creating Computer in Active Directory


1. To create Computer, go to Active directory User and Group, there we see domain
name , right click on it select new , then select Computer.

DINESH GORAPALLI 29
2. Give any name to Computer you want to give then click ok.

3. We can see the computer.

Hence, In this way we create Computer in active directory.

DINESH GORAPALLI 30
Setting up Group Policy Objects (GPOs) in a home lab
Prerequisites
1. Windows server Installation: Install Windows server on a virtual machine or physical
machine.
2. Active Directory Domain Services (AD DS): Install and configure AD DS to create a
domain.
3. Group Policy Management Console (GPMC) : Install GPMC on your windows server to
manage GPOs.

Group Policy Object (GPO)


It is Collection of policies and active directory that can be applied to domains and OUs.

It was used by admin to manage the settings that are applied in users and computers.

DINESH GORAPALLI 31
Installing GPMC

1. Open Windows server, then search for “Server manager “

2. Click the manage, then select Add Role and Features.

DINESH GORAPALLI 32
3. Then the select type “Role-based or feature-based installation”.

4. Select destination server, click Next.

DINESH GORAPALLI 33
5. In the select server roles, then click next.

6. In feature, we can see “Group Policy Management (Installed)”. Select and install it.

DINESH GORAPALLI 34
7. Once installation done, search GPMC. Then we see open it.

8. We Can see this, forest domain name.

DINESH GORAPALLI 35
Creating GPO

1. Open Group Policy Management (GPMC).

DINESH GORAPALLI 36
2. Here You see, forest elaborate it.

3. Where you can see your domain under the forest

4. Expand that, you can ADDC OU’s that you have created.

DINESH GORAPALLI 37
5. There we can Group policy objects, expand we can “default domain controllers’ policy” click
on it.

DINESH GORAPALLI 38
6. After selecting it, right click on it, we can edit.

7. When you click on it you can see group policy management editor, These where we create
different policies for our domain.

DINESH GORAPALLI 39
Group Policy 1: Password Policy.
Set a password policy to enforce strong passwords and enhance security.

1. Go to GPMC, right on domain name here we can see parent.com.

2. Select the “Create a GPO in this domain, and Like it here”.

DINESH GORAPALLI 40
3. We have to give policy name. I am giving this policy name as “Password Policy”. Click Ok .

4. We can see that policy was created.

5. Select on it, right click select the edit.

DINESH GORAPALLI 41
6. Now we can see, group policy management editor. In these case, we need to add this policy
in the “computer configuration”

7. we need to add this policy in the “computer configuration” select “policties” then select
“Window setting”

DINESH GORAPALLI 42
8. Under the “Windows setting” we can see “Security settings”

9. Now we need to select the account policies, expanded it.

DINESH GORAPALLI 43
10. There we can find the “Password Policy” then select it what policy need to give.

11. If you want have Minimum password length select it

DINESH GORAPALLI 44
12. There you give some number you want. I am giving 8 minimum character are required. Then
click ok.

13. Now we can see the length which we have given.

DINESH GORAPALLI 45
14. If need to put some complexity in the password select “Password must meet complexity
requirements”

15. Click on it , select the properities.

DINESH GORAPALLI 46
16. Click on the check box “Define the policy setting” then select “enable” then click ok

DINESH GORAPALLI 47
17. Now you view the explain the required complexities, after the click ok.

18. So we can see that “Password must meet complexity requirement” is enabled.

DINESH GORAPALLI 48
19. If you want have “ Maximum Password age “ select on it. Right click on it . select Properties.

20. Click on the check box “Define the policy setting” then select “enable” then click ok

DINESH GORAPALLI 49
21. Set some days to “Password to expire”

22. Click ok.

DINESH GORAPALLI 50
23. Now we can see, what we have given policy for password, we can view that.

DINESH GORAPALLI 51
Group Policy 2: Drive Mapping
Map network drives for users when they log in.

1. Right click on the domain name, select the create GPO and name it as “Drive Mapping”. Click
on ok.

2. Then right click on the Drive Mapping, select edit.

DINESH GORAPALLI 52
3. Now we can see editor, in this case we have to select “user configuration” it need to be
“preferences”.

4. Expand preferences, expand the window settings. We can see drive maps.

5. Then right click on it, select new then Mapped drive.

DINESH GORAPALLI 53
6. Then we need to put location of the network share. For example \\servername\folder.
Choose Drive etter .

7. Then select any drive then click apply.

DINESH GORAPALLI 54
8. Now we can see this Drive Maps, with path given.

DINESH GORAPALLI 55
Group Policy 3: Desktop Wallpaper Policy
Set a default desktop wallpaper for all users.

1. Right click on the Domain name, select the Create GPO

2. Type a name as Desktop Wallpaper. Click ok

3. Right click on Desktop Wallpaper, select edit.

DINESH GORAPALLI 56
4. In case it is user configuration, it will be policies. Expand policies.

DINESH GORAPALLI 57
5. Expand the Administration Templates -> Desktop -> Desktop.

6. Select the desktop wallpaper.

7. Right click on it, select edit.

DINESH GORAPALLI 58
8. Select enabled and then select the path of it.

DINESH GORAPALLI 59
Group Policy 4: Restrict Access to Control Panel
Prevent users from accessing the Control Panel

1. Right click on the domain name, click on create GPO, Name it as “Restrict Access to control
Panel”.

2. Right click on Restrict Control panel , select edit

DINESH GORAPALLI 60
3. Now we can see editor, In these case it is user Configuration then it is policies.

4. Then expand Policies -> Administrive templates ->control Panel. Then choose “prohibit
access to control panel and PC settings”

DINESH GORAPALLI 61
5. Then right click on it, select Edit.

6. Select the Enabled. Then click on apply.

DINESH GORAPALLI 62
Group Policy 5: Disable USB Storage.
Prevent users from using USB storage devices.

1. Right click on the domain name, select Create GPO, then name it as “Create USB
Devices”.

DINESH GORAPALLI 63
2. Choose the “Disable USB devices” click on Edit.

3. Now we can see policy editor. In this case, it is computer configuration, it will policies

4. Expand Policies -> Administrative Templates -> System

DINESH GORAPALLI 64
5. In system we see, “removal able Storage Access”

6. Now click on the “All removable Storage classess: Dany all access” click edit.

DINESH GORAPALLI 65
7. Then enable it.

DINESH GORAPALLI 66
Installing Client ( Windows 10 Enterpriser) 2023 Setup in VMware.

1. Create a VM for Win 10/11 Pro or EnterPrise


Link for the ISO download:
https://www.microsoft.com/en-us/evalcenter/download-windows-10-enterprise

2. After click it, we can see these website select 64-bit edition.

3. Open Vmware software.

4. Click on the new Virtual Machine.

DINESH GORAPALLI 67
3.After that click next.

4. Select the “I will Install the operating system later.” Then click next.

DINESH GORAPALLI 68
5. Select the OS which have download , here I download the windows I selected the
Microsoft Windows.

6. Select the version the which version windows enterprise downloaded.

DINESH GORAPALLI 69
7. Click on the next button.

8. Rename the Virtual Machine name.

DINESH GORAPALLI 70
9. Here I put name as “Windows 10 Enterprise” and click the next.

DINESH GORAPALLI 71
10. After that, allocate some disk size before. After if required it can increase.

11. Here I have put disk size as 20 GB and click next button.

12. Then click the finish button.

DINESH GORAPALLI 72
13. Now, you can see Window 10 Enterprise in VMware Desktop.

14. Select the client desktop which Window enterprise and right click on it.

DINESH GORAPALLI 73
15. Select the settings to import the image of window 10 enterprise OS.

16. Select the CD/DVD(SATA) and double click on it.

DINESH GORAPALLI 74
17. Unselect use physical drive, instead select “Use ISO image file”.

DINESH GORAPALLI 75
18. Select that image file from your device. And click open.

19. Then click the OK button.

DINESH GORAPALLI 76
20. After that, “power on the VM Windows 10 Enterprise”.

DINESH GORAPALLI 77
21. Incase if you get this error then go to client desktop name click right click on it , select
power click the restart.

DINESH GORAPALLI 78
22. When it open immediately click any random key fast. Then will not get an error. It looks
like below.

23. Select the language. Click next.

DINESH GORAPALLI 79
24. Click on install button.

25. Accept the license, click on next.

DINESH GORAPALLI 80
26. Select the “Custom: Install Windows only (advanced)”

27. Then click next.

DINESH GORAPALLI 81
28. Wait for some time to installation.

DINESH GORAPALLI 82
29. Select the region. Click yes.

30. Select the keyboard layout which language needed. Then click Yes.

DINESH GORAPALLI 83
DINESH GORAPALLI 84
31. Now, select the “ Domain Join instead” which is left below you see that.

32. Then click Next.

DINESH GORAPALLI 85
33. Enter the any name to use like “user1”. Click next.

34. Set password to it then click next.

DINESH GORAPALLI 86
35. Enter some answer the security question.

DINESH GORAPALLI 87
36. Then accept the privacy setting for the device.

DINESH GORAPALLI 88
37. Click on the Accept.

DINESH GORAPALLI 89
DINESH GORAPALLI 90
Hence, in this way create a client desktop.

Configure Windows Server

Change the domain controller’s IP address to Static IP

Change DNS Servers to loopback and google DNS.

1. Now go to Windows Server.

2. Check the IP address

DINESH GORAPALLI 91
3. Open Network & Internet Settings.

4. Or simply search Network connection. You can see Ethernet0.

DINESH GORAPALLI 92
5. Right click on it, select the properties.

6. In properties, select Internet Protocol Version (4 TCP / IPv4) and in that IP of the will
be the IPv4 address , subnet mask will 255.255.255.255, default gateway will be there
same in IP mentioned there. Preferred DNS server will be the DNS server number.

DINESH GORAPALLI 93
Alternet DNS server will google default IP address which is 8.8.8.8 . Then Click on ok.

Adding Computer to Domain:

1. Go to the client desktop which is Windows 10 enterprise.

2. Click on internet symbol down, select Network & Internet settings.

DINESH GORAPALLI 94
3. Click on the properties.

4. Click on the change adopter options.

DINESH GORAPALLI 95
5. Then, we can view the ethernet0. Right click on it, select properties.

6. In properties, select Internet Protocol Version (4 TCP / IPv4).

DINESH GORAPALLI 96
7. Check the IPv4 address from the server.

8. Here, in the preferred DNS server we have to put IPv4 address of the server. Alternate
DNS server put 8.8.8.8. Click ok.

DINESH GORAPALLI 97
9. To test the connectivity we the Domain controller, open cmd type ping ip address.

10. Another way of check the DNS is working , we have to server in cmd type nslookup
parent.com it gives an IP address.

DINESH GORAPALLI 98
Joining the Computer to the domain:

1. Open the Window 10 enterpriser client desktop.

2. Open the file explorer, right click on This PC, select properties.

DINESH GORAPALLI 99
3. Click on Rename this PC.

4. Select the “Rename PC(advanced)”

DINESH GORAPALLI 100


5. Click on the Change button.

6. Enter the computer name and domain as parent domain name here mine is
parent.com and make my computer name as computer01.

DINESH GORAPALLI 101


7. Again I need to put admin credentials to change name and to connect the domain.

8. After that , we can see pop message that, “Wecome to Parent.com domain”

DINESH GORAPALLI 102


9. At last it ask to restart the PC. So we have to close running programs.

10. After click restart, it takes some restart.

DINESH GORAPALLI 103


11. Now you can login see.

12. To view the name of computer. Just type ./ in user you can see the name.

DINESH GORAPALLI 104


13. Check the properties of user from the server. ADDC where in active directory user and
computers.

DINESH GORAPALLI 105


DINESH GORAPALLI 106
User Login with Domain

1. Now Login in to John Miller account from client desktop

DINESH GORAPALLI 107


2. Select the Other user, enter the credential of John miller created.

DINESH GORAPALLI 108


DINESH GORAPALLI 109
3. Now, we can see the desktop of User John miller.

Hence in this way we connect account with the domain.

DINESH GORAPALLI 110


DINESH GORAPALLI 111

You might also like