What is Active Directory?
Active Directory (AD) is a crucial component of Windows Server, acting as a centralized directory service for efficient network management. It simplifies administration, enhances security, and boosts overall system efficiency.
Key Components of Active Directory:
Domains: In AD, domains group network objects (computers, users, devices) with a shared security database, simplifying user authentication and resource management.
Domain Controllers: Servers running Windows Server with AD DS role, Domain Controllers store the AD database, authenticate users, and enforce security policies.
Organizational Units (OUs): Containers within a domain used for organizing and managing objects, enabling a hierarchical structure for efficient administration.
Users and Groups: AD facilitates the creation and management of user accounts and groups, streamlining user permissions and access.
Group Policies: These define and enforce specific settings on computers and users, providing centralized control over security settings, software installations, and system configurations.
Trust Relationships: Establish secure communication between different domains, allowing users in one domain to access resources in another.
Setting Up Your Active Directory Home Lab:
1. Add the Active Directory Domain Services Role:
- Log in to the Windows Server VM with the administrator account.
- Open Server Manager, click “Add Roles and Features.”
- Choose “role-based or feature-based installation,” select the current server, and add “Active Directory Domain Services” role.
- Review features and install. Once done, close the wizard
2. Promote the Virtual Machine to a Domain Controller:
- In Server Manager, click “Notifications” and “Promote this server to a domain controller.”
- Choose “Add a new forest,” enter a domain name (e.g., Contoso.com).
- Create a password for DSRM, click through the options, and install.
- After the server restarts, log in and open Active Directory Users and Computers.
3. Create Users, Groups, and Organizational Units (OUs):
- Right-click on “Contoso.com,” create an “Sales Department” OU, and add a user named “John Doe.”
- Create a group with the department name and place the user in that group.
- Share a folder with read and write permissions, and create a text document inside.
4. Attach a Group Policy Object (GPO) to the OU:
- Open Group Policy Management from Server Manager.
- Right-click on “Sales Department,” create a new GPO, and link it.
- Edit the GPO to apply specific rules.
5. Configure GPO Rules:
- Display a message during startup.
- Prevent access to CMD.
- Add a script to map the share during login.
- Disable the run command from the start menu.
6. Check Event Logs for Successful Login:
- Open Event Viewer, filter Security events with specified criteria.
- Event ID 4624 indicates successful logins.
7. Install a DHCP Server:
- DHCP automatically assigns IP addresses and network settings.
- Install the DHCP server role through Server Manager and configure a new scope.
8. Run a PowerShell Script to Create Users:
- Download and extract the PowerShell script.
- Open PowerShell ISE with administrative privileges.
- Enable script execution, navigate to the script, and run it
- Confirm users are created in Active Directory.
9. Configure DHCP:
- Install DHCP server role.
- Create a new scope and authorize the DHCP server.
Conclusion:
By following these steps, you’ve successfully built an Active Directory home lab using VirtualBox. This lab allows you to explore Active Directory features, group policies, event logs, PowerShell automation, and DHCP configuration in a controlled environment. Continuously practice and troubleshoot to enhance your expertise in Active Directory administration.