Creation and Implementation of an Active Directory Server.

Presentation of the Setup Process By Faury A. Abreu

Table of Content:
Introduction:.................................................................................................................................................1
Downloading the ISOs and Creating the VMs.......................................................................................... 1
Network Setup.............................................................................................................................................. 9
Installation of Active Directory Domain Services and Creation of a Domain...................................... 11
Installation of the NAT/RAS (Network Address Translator/Remote Access Service) in the Server..18
Creation and Configuration of the DHCP server................................................................................... 22
Powershell Script to Automate user creation in Active Directory.........................................................26
Final Steps...................................................................................................................................................27

Introduction:
This project presentation report outlines the process of setting up an Active Directory (AD) lab using
Windows Server 2019 on a VirtualBox virtual machine. Also, I will add a windows 10 machine inside
the AD server for demonstrative purposes. Active Directory is a crucial component in enterprise IT
environments, providing centralized authentication, authorization, and management of network resources.
By creating a virtual lab, IT professionals and students can gain hands-on experience configuring and
managing AD without the need for physical hardware. In order to get this done, it is necessary to have a
clear understanding of how to create and configure virtual machines, Setting up domain controllers,
managing users, groups, and policies in Active Directory, and networking knowledge such as Configuring
IP addresses, DNS, and domain services.

Downloading the ISOs and Creating the VMs

1.​ Download the windows server’s ISO from the official site:
https://www.microsoft.com/en-us/evalcenter/download-windows-server-2019
2.​ Download windows 10 ISO:https://www.microsoft.com/en-us/software-download/windows10
3.​ Create and configure the machine for the AD server:
a.​ Create the machine: GO to VirtualBox and hit “New”, then give the machine a name and
choose “Other Windows (64-bit)” option:

b.​ Select the RAM size and the disk storage attributed to the machine. IMPORTANT! Select
“Dynamic allocated” when setting the disk space, this will the machine to occupy the
entire assigned space even if it is not being used.

c.​ Once the machine is created, there are some adjustments needed. Go to settings
d.​ Adjust the amount of processor(s) assigned to the machine when this is running:
recommendations are between 1-4, more than that is just not necessary.

e.​ Set the network interfaces that the machine will use to interact with the networks. This
machine will have two interfaces; one is for the internet connection (INTERNET), the
other one is for the internal network (INTERNAL)
●​ Interface 1: NAT. NAT acts as a virtual router, translating the VM’s private IP
address into the host’s IP address for outbound traffic.

●​ Interface 2: Internal network. This is the interface that I will use to communicate
internally with the subnet hosts being managed by the AD server
f.​ Great, the machine is created and set, but it is still empty. The ISO has not been installed
yet. Let’s open the machine and browse the ISO in the computer:
●​ Press start the machine

●​ Browse the ISO

g.​ Once the ISO has been installed, start setting up the OS. In thai case, I selected the
“Standard Evaluation” option in order to have the GUI version:

h.​ Since this is a new installation, I did choose “Custom” installation

i.​ Once the installation has finished, set the Administrator credentials:
j.​ Now, Log in as administrator:

k.​ OPTIONAL: Install the VirtualBox Guest Addition to get a better experience. When the
installation is done, shut down the machine and start it again.
 l.​ Great! The server is up. The next step is to rename the Host by going to system →
rename this PC.
4.​ Create the Host machine (Windows 10)
a.​ Following the same procedure, we click “New” and set it up appropriately for Windows
10 ISO.

b.​ Give it some RAM, in my case I gave it 4GB. For the disk, I gave it 20GB dynamic.
c.​ Set the Adapter 1 as Internal, this will contain this machine inside the server’s
network/domain
d.​ Start the machine and browse the ISO to be installed.

e.​ Choose the OS version and custom installation. Then install it into the virtual disk
previously created for the machine:

f.​ Once it finishes, choose and continue with limited setup to avoid
having to create a microsoft account.
 g.​ Set the username → next → accept → not now
h.​ The machine should initiate with no issues.

Network Setup
So far, we have the machines working, but, how are those machines going to communicate? How does the
server manage the hosts under the subnet? Well, the IP addresses and the DNS server have to be set. Since
I opted to have a simple conventional network with two NIC; – one for the DHCP taken from the internet
router and other for the server – I will set a specific IP for the server.
1.​ Setup the server’s IP
a.​ Go to Network settings → Change adapter options

b.​ There are the two interfaces previously configured.

c.​ Rename them appropriately: Check which one of the interfaces has the IP starting on
“10.X.X.X”, that one is the internet interface, the other one starts as “169.X.X.X” that
one is the internal interface that will be used to connect to the hosts.
●​ Internet access IP (NAT adapter)
 ●​ Internal interface

d.​ Change the DNS IP: right-click on the internal interface → Properties → Internal
Protocol Version 4 (TCP/IPv4).

Installation of Active Directory Domain Services and

Creation of a Domain
Active Directory is the core service that enables centralized management of users, computers, and
network resources within an organization. Without AD DS, your Windows Server is just a standalone
machine and cannot function as a Domain Controller (DC), which is essential for managing
authentication, security policies, and resource access across the network.
1.​ In this case I'll install the Roles and features Wizard: the Server Manager → Dashboard, go to the
Add roles and features:

2.​ Select the server: Remember, the IP addresses of the interfaces are the distinctive attribute of the
server, so select them:

a.​ Choose active directory Domain server

3.​ Configure the Settings of the Domain Server: Once the service is installed, it must be configured.
These configurations establish essential services, security settings, and network integration for a
fully operational domain environment.
a.​ Click the flag icon on the upper-right side:

b.​ In the pop-up window, select “Add new forest” and give your domain a name. The name
must be consistent with the corporate naming convention, in case of adding other
subdomains, the name convention must be followed to ensure consistency. In my case,
for demonstrative purposes, I’ll name mine as “mydomain.com”
 c.​ Now, set the credentials for the forest, even though those credentials will rarely be used,
it is important to keep it safe and don't forget them.

d.​ Click next, then Install.the machine will restart.Once the machine has restarted, the
hostname will appear accompanied by the domain name previously assigned to the
“forest”.
4.​ So far, the server is running under the default Administrator account. It is a good practice to
create an individual administrator account for domain:
a.​ Click windows button → Windows Administrative Tools → Active Directory Users and
Computers

b.​ Create the admin account as an Organizational Unit to allocate all the potential
administrators:

c.​ Create the new Admin user: right-click on the just created organizational unit → New →
User. give it a name, and the logon name. NOTE: some companies have a user naming
convention, usually, the admin users will appear with an “a-” before their user logon
name. If you select “user must change the password at next logon” the user will be forced
to set a new password when he/she tries to log in with the new password, so for now, ill
 select the “Password never expires” option since this is a demonstration and I don't want
to change the password.

d.​ Give the user the Admin permissions: Right-click on the user → Properties → Member
Of → Add → Domain Admins → check names → Ok → apply. Now the user is part of
two groups, Users, and Admins.
Installation of the NAT/RAS (Network Address
Translator/Remote Access Service) in the Server
Together, RAS and NAT help organizations provide secure remote access while efficiently managing IP
addresses and network traffic. In Windows servers, a RAS allows configuring secure access to a private
network. It enables users to connect to the organization's network from remote locations through the
internet or private networks. Basically, by installing those features, the clients will be able to securely
connect to the internet through the server.
1.​ Go to Add roles and features → next → next → select the server → Remote access → Routing →
next until install

2.​ Go to Tools → Routing and remote access

3.​ Right-click on the local machine → Configure and Enable routing and remote access → Network
address Translation → Use this public interface to connect to the Internet → Finish. NOTE: if the
interfaces does not appear in the public interface connection, close the routing and remote access
window and try again
At the end, the local domain server has the proper settings available.
Creation and Configuration of the DHCP server
This DHCP server will resolve the IP assignments to the server’s clients, hence the clients will be able to
connect to the internet through the private host.
1.​ Following the same procedure to add roles and features; Add roles and features → next → next
→ select the server → DHCP server → add features → next → next → install

2.​ Go to tools to configure the DHCP server: Tools → DHCP → open IPv4 settings → new scope
→ next → give it a name and description (recommended to name it with the IP range that the
domain will allocate) in my case 172.16.0.100-200 → set the start and end IP and the length of
the bits used to identify the host (24) → next (there is no need to add excluded IPs) → on the
“Lease Duration” we select the time period in which the IPs will be resigned to the clients →
“Yes, I want to configure this options now” → Add the IP of the Domain Controller as the
router,Click “Add” → next → next → “yes i want to activate the scope now” → Finish

The DNS ir ready, it should look like this:

 3.​ For accommodation purposes, it is better if the “Enhanced security”. When it is activated, every
time the browser is open, there will be a message asking if we are sure to open, which is
uncomfortable.

4.​ Now it is time to add some users.

Powershell Script to Automate user creation in Active

Directory
1.​ Create a text file named “names.txt” that contains all the usernames, and add some user into it
(name last-name), each separated by a line jump.
2.​ Open Powershell ISE as administrator and set the execution policy as unrestricted. This will allow
us to run scripts.
 3.​ Create a script that automates the user creation process using the names file.
# ----- Edit these Variables for your own Use Case ----- #
$PASSWORD_FOR_USERS = "Password1"
$USER_FIRST_LAST_LIST = Get-Content .\names.txt
# ------------------------------------------------------ #

$password = ConvertTo-SecureString $PASSWORD_FOR_USERS -AsPlainText -Force

New-ADOrganizationalUnit -Name _USERS -ProtectedFromAccidentalDeletion $false

# —----------- Loop through the names file —------------- #

foreach ($n in $USER_FIRST_LAST_LIST) {
$first = $n.Split(" ")[0].ToLower()
$last = $n.Split(" ")[1].ToLower()
$username = "$($first.Substring(0,1))$($last)".ToLower()
Write-Host "Creating user: $($username)" -BackgroundColor Black -ForegroundColor Cyan

New-AdUser -AccountPassword $password `

-GivenName $first `
-Surname $last `
-DisplayName $username `
-Name $username `
-EmployeeID $username `
-PasswordNeverExpires $true `
-Path "ou=_USERS,$(([ADSI]`"").distinguishedName)" `
-Enabled $true
}

Note: the script and the names file must be the unique files in the folder.
4.​ Run The script by placing the PS session in the folder where the script is located at, then hit the
“Run” button on powershell ISE.

Final Steps
5.​ On the client machine, confirm the access to internet by pinging the google domain:

6.​ Yex! Everything is working fine

7.​ Rename the client machine with the advanced settings to set the relative client.domain name:
Then click: restart
8.​ The client’s addition to the domain can be confirmed from the Active directory server from the
DHCP Tool: Tools → DHCP → scope → Addresses leases

9.​ Also, in the Active Directory Users and Computers there is a organizational unit dedicated to
allocate the client hosts: windows start menu → Active Directory Users and Computers →
computers
10.​ Now that the host pertains to the domain, we can log into the client machine with any of the
credentials of the users previously created.

11.​ SUCCESS! Now the entire architecture is ready to be used. This is a similar approach used for
corporations to implement internal networks and administration.