Milestone 2 AD - 5huckle/OFFICIALTECHJOURNAL GitHub Wiki

Intro

This milestone mainly focused on the creation and set up of Active Directory on a newly provisioned Windows 2019 Server VM created in our ESXi host environment.

Setup

I followed this video for setup, however I did encounter a number of issues that were not specified in the video so let me specify them.

  • SSH is not enabled by default, to enable it you have to go to Host Devices (left taskbar) > Actions (top middle taskbar) > Services > Enable SSH

  • Make sure to double check your setup with the video, ensure it is the right operating system and all the settings are configured the same way

  • If you get a recurring blue screen, keep attempting to uninstall and reinstall the correct ISO file using wget via ssh, try fidgeting with it until it works. That was how we fixed it the first time, no ascertainable cause.

Server Setup

For Setting up my AD Server, I followed this video.

Active Directory Setup

Active Directory was intended to be set up through the GUI for this assignment to save time on future assignments, however I fell behind and I can't spare that time so I am just going to manually do everything via GUI and then create a script in the future if needed.

Requirements

  • Add the Administrative user password | ☑️

  • Change the segment to 480-WAN give it an ip of 10.0.17.4/24 and a hostname of dc1, you will want DNS and Gateway pointing to vyos:10.0.17.2 initially | ☑️

  • Do remember to rename the computer before installing the forest if you didn't set it already. | ☑️

  • Complete configuration using powershell/ssh from xubuntu-wan as deployer | ☑️

    • Document all commands in your tech journal! (Done via GUI)

  • install adds (yourname.local)| ☑️

  • install dns | ☑️

  • create A and PTR entries for

    • vcenter.yourname.local at 10.0.17.3 | ☑️
    • 480-fw as 10.0.17.2 | ☑️
    • xubuntu-wan at 10.0.17.100 | ☑️
    • dc1 (just PTR needs to be added) at 10.0.17.4 | ☑️

  • enable remote desktop via powershell | ☑️

    • image
    • Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -name "fDenyTSConnections" -value 0
    • Enable-NetFirewall -DisplayGroup "Remote Desktop"

  • install dhcp services | ☑️

    • this is a good reference
    • image
    • It was indeed a good reference

  • create a dhcp scope from 10.0.17.101-150 | ☑️

    • router should be 10.0.17.2
    • dns server should be 10.0.17.4

  • make sure to create a named domain admin (yourname-adm.yourlastname.local)

This should've been the end of the lab, I should've been able to run through the test case demonstrated in this video, however I ran into some issues.

My DNS was having some issues, I wasn't sure why. After some testing and trouble shooting, I, with the help of my peers, discovered that I simply needed to restart the network. Don't forget to restart the network!