https:\/\/github.com\/JonCyberGuy\/ActiveDirectoryLab\/blob\/main\/names.txt<\/a><\/li>\n<\/ul>\n\n\n\nProgram walkthrough<\/h3>\n\n\n\n The network diagram I will be using for this project<\/strong><\/p>\n\n\n\n
For the Virtual Machine that will be hosting my Domain Controller, I need two network adapters. I need the NAT that will use my host IP address from my home router and an Internal Network Adapter so that my DC can communicate with other Virtual Machines. For the Internal Network I will be using VMnet0. Refer to the diagram at the beginning<\/strong><\/p>\n\n\n\n
\n
After downloading Windows Server 2019 on the Virtual Machine the first thing I have to do is configure the two network Adapters I have. One is the external NIC and one is the Internal NIC<\/strong><\/p>\n\n\n\n
Now I have to figure out which NIC is our NAT. It is Ethernet0 because its DNS is localdomain<\/strong><\/p>\n\n\n\n
\n
I rename the adapters so it is easier for me to tell which is which and it is important later on when setting up the DC and DHCP<\/strong><\/p>\n\n\n\n
I configure the Internal network adapter and assign it an IP address based on the diagram above (172.16.0.1) and I do not need to give it a default gateway because the Domain Controller is the gateway. As for the DNS server I assign it an IP based on the diagram because when I install Active Directory it will install DNS. I set it as a loopback address so it pings itself<\/strong><\/p>\n\n\n\n
Now that I know which network adapter is our external and internal, I go ahead and rename the PC from the long complicated name is has now to just DC (Domain Controller). This forces a restart, which is fine<\/strong><\/p>\n\n\n\n
After booting back in I start the process of downloading Active Directory. Video cut short but it downloads successfully.<\/strong><\/p>\n\n\n\n<\/video><\/figure>\n\n\n\nI installed Active Directory Domain Services, but we never actually set the server (or computer) as the domain. I have to actually create the domain<\/strong>.<\/p>\n\n\n\n<\/video><\/figure>\n\n\n\nWhen the server is promoted to a domain, it forces a restart. When I log back into the system, you can see that the domain was created successfully because my admin account now has MYDOMAIN in front of it!<\/strong><\/p>\n\n\n\n
Instead of using the built in Admin account, I will create a dedicated domain Admin account<\/strong><\/p>\n\n\n\n<\/video><\/figure>\n\n\n\nI created a domain specific admin account, but it does not have admin priviledges. I have to go into Active Directory and promote this new account to Administrator. After I do that, I then log out of the built in Admin account and into my newly created Domain Admin account!<\/strong><\/p>\n\n\n\n<\/p>\n\n\n\n<\/video><\/figure>\n\n\n\nI need to install and configure the RAS\/NAT so that my Windows 10 client computer will be able to access the internet through the internal network via the Domain Controller<\/strong><\/p>\n\n\n\n<\/video><\/figure>\n\n\n\nNow that the role is installed I need to configure the Routing and Remote Access<\/strong><\/p>\n\n\n\n<\/video><\/figure>\n\n\n\nGreat! Now that Remote Access is installed and configured, it is now time to Install a DHCP Server. This will allow our Windows 10 clients to be assigned an IP address and allow them to browse the internet.<\/strong><\/p>\n\n\n\n<\/video><\/figure>\n\n\n\nNow to configure the DHCP and setup a scope. The whole purpose of DHCP is to allows computers on the network to automatically be assigned an IP address. The scope I will be creating will give assign IP addresses in a range, the range being 172.16.0.100-200. So the DHCP will be able to assign 100 IP addresses. I also set the amount of time the IP addresses can be leased out to 20 days. The reason for the lease is when an IP address is assigned, it can’t be assigned to other devices. So if I only have 100 IP addresses and 100 are used, new devices can’t be assigned an IP address on the network, meaning they can’t connect to the internet. A lease is just an amount of time an IP address can be owned (leased) by a device before being recycled. <\/b>for example<\/strong>: A Caf\u00e9 offers wifi to it’s patrons. The average time a person spends inside said Caf\u00e9 is 2 hours. It would make no sense to lease an IP address to them for 20 days. That would effectively lock up that IP address for that amount of time and no one else could use it. If this were a Caf\u00e9 I would recommend setting the lease duration to under 4 hours and have a bigger range. Since this is only a Homelab, the lease duration doesn’t matter.<\/strong><\/p>\n\n\n\n<\/video><\/figure>\n\n\n\nTo get my Powershell script from the internet I need to be able to browse the web. I have to disable the security features on the Domain Controller. If this was an actual production environment I would never do this, huge security risk. Since this is only a lab environment for myself it is not an issue. I could browse the internet without doing this step but it is annoying because it will spam us warnings for every webpage we visit<\/strong><\/p>\n\n\n\n<\/video><\/figure>\n\n\n\nNow that Active Directory is configured and my Domain Controller is configured as well, I use the Powershell script to create over 1000 user accounts<\/strong><\/p>\n\n\n\n
Here is a video of the script running!<\/strong><\/p>\n\n\n\n<\/video><\/figure>\n\n\n\nThe script has run successfully and the output confirmations that the user accounts has been created looks amazing. There were some duplicates that were not created, but that could be solved by adding a few lines of code to the Powershell script that will tell it what to do in case duplicates occur.<\/strong> For example: “If a duplicate occurs, add a 1 to the end of the account name.” If you want to see the full code used, navigate to my Github. The script is under CREATE_USERS.ps1<\/strong><\/p>\n\n\n\n
It is now time to create a new Virtual Machine that will act as a user in the domain. I name this machine CLIENT1<\/strong><\/p>\n\n\n\n
I configure the network adapter so that it is not NAT and can’t connect to the internet on my local network. The only way this Virtual Machine should be able to connect to the internet is by being assigned an IP address from the DC on the Server VM. Refer to the Diagram at the beginning. I have to change the network adapter to be on the same internal network as the Domain Controller, in this case VMnet0<\/strong>\n
After configuring a separate virtual machine that will simulate an employee logging into the domain. Lets kill two birds with one stone by renaming the computer CLIENT1 and clicking the box to become a member of the mydomain.com domain. I am prompted to give my log in credential and I chose to use the Administrator account I set up earlier<\/strong><\/p>\n\n\n\n
I Successfully join the domain as a member!<\/strong><\/p>\n\n\n\n
I log into a user account I created from the Powershell script to test if everything is configured correctly. Instead of logging into the user account created when I made the virtual machine, I try to log into a user created account in MYDOMAIN<\/strong><\/p>\n\n\n\n
Running command promt to see if the client VM is getting the IP address properly assigned by the DC. We can see that I was properly leased an IP address by the domain controller (circled red) and when I ping the domain, it works (circled yellow)<\/strong><\/p>\n\n\n\n
A final test to see that the work environment and bulk users I created is working<\/strong><\/p>\n\n\n\n
I head back into my server VM and check the DCHP to see how many addresses has been leased. We can see here circled in red that my CLIENT1 Virtual Machine has been leased an address. If this was a real company environment there would be hundreds, if not thousands of leased addresses in this folder depending on what the lease duration is of course! I set mine to 20 days in this environment<\/strong><\/p>\n\n\n\n
Here is another way to check how many computers or devices are currently connected to the domain. We can see that my CLIENT1 computer is being properly recognized in Active Directory. Again, if this was a real environment there would probably be thousands of devices in this folder<\/strong><\/p>\n\n\n\n
Here I am scrolling through all the User accounts I created with Powershell. Over 1000 has been created!<\/strong><\/p>\n\n\n\n
Active Directory Home Lab With Bulk User Creation This project is a walkthrough of how I created an Active Directory home lab Environment using VMWare. I set up a Microsoft Server to run Active Directory on it. I then configure a Domain Controller that will allow me to run a domain. After that I ran […]<\/p>\n","protected":false},"author":1,"featured_media":201,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"saved_in_kubio":false,"footnotes":""},"categories":[9],"tags":[],"class_list":["post-133","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-projects"],"_links":{"self":[{"href":"https:\/\/jonthecyberguy.tech\/index.php?rest_route=\/wp\/v2\/posts\/133","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jonthecyberguy.tech\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jonthecyberguy.tech\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jonthecyberguy.tech\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jonthecyberguy.tech\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=133"}],"version-history":[{"count":12,"href":"https:\/\/jonthecyberguy.tech\/index.php?rest_route=\/wp\/v2\/posts\/133\/revisions"}],"predecessor-version":[{"id":783,"href":"https:\/\/jonthecyberguy.tech\/index.php?rest_route=\/wp\/v2\/posts\/133\/revisions\/783"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/jonthecyberguy.tech\/index.php?rest_route=\/wp\/v2\/media\/201"}],"wp:attachment":[{"href":"https:\/\/jonthecyberguy.tech\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=133"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jonthecyberguy.tech\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=133"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jonthecyberguy.tech\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=133"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
![\"\"](\"https:\/\/jonthecyberguy.tech\/wp-content\/uploads\/2022\/07\/Diagram1-1024x603.png\")
<\/figure><\/div>\n\n\n![\"\"](\"https:\/\/jonthecyberguy.tech\/wp-content\/uploads\/2022\/07\/VM_Server_Config_NAT.jpg\")
<\/figure><\/div>\n\n\n![\"\"](\"https:\/\/jonthecyberguy.tech\/wp-content\/uploads\/2022\/07\/VM_Server_Config_Internal_Network.jpg\")
<\/figure><\/div>\n\n\n![\"\"](\"https:\/\/jonthecyberguy.tech\/wp-content\/uploads\/2022\/07\/setting_up_internal_network-2-1024x792.jpg\")
<\/figure><\/div>\n\n\n![\"\"](\"https:\/\/jonthecyberguy.tech\/wp-content\/uploads\/2022\/07\/Configuring-network-1024x617.jpg\")
<\/figure><\/div>\n\n\n![\"\"](\"https:\/\/jonthecyberguy.tech\/wp-content\/uploads\/2022\/07\/Configuring-the-network-1.jpg\")
<\/figure><\/div>\n\n\n![\"\"](\"https:\/\/jonthecyberguy.tech\/wp-content\/uploads\/2022\/07\/RENAMING-1024x580.jpg\")
<\/figure><\/div>\n\n\n![\"\"](\"https:\/\/jonthecyberguy.tech\/wp-content\/uploads\/2022\/07\/CONFIGURING-THE-IP-1024x604.jpg\")
<\/figure><\/div>\n\n\n![\"\"](\"https:\/\/jonthecyberguy.tech\/wp-content\/uploads\/2022\/07\/Renaming_PC-1024x793.jpg\")
<\/figure><\/div>\n\n\n