6. Windows Domain Controller - Fooster171/Wazuh-SEIM-Home-Lab GitHub Wiki

Initial Setup

The Windows Server 2019 ISO can be found at the following link, go here to download:

Windows Server 2019 ISO:Windows Server 2019 | Microsoft Evaluation Center

Launch Virtualbox and select Machine -> New.

Select the Windows Server 2019 ISO file and select next. IMPORTANT: If you run into a licensing error when launching the VM, you may need to revisit this step and disable unattended installation:

I assigned 1 CPU and 2gb of RAM to the server along with 30gb of virtual disk space:

Before launching the VM, open the settings menu. Under General, go to "Advanced" and change "Shared Clipboard" and "Drag'n'Drop" both to "bi-directional". This is a nice quality of life change:

Next go to the "Network" tab and change the network adapter to use internal network with "intnet" so the domain controller sits behind the firewall and gets it's IP address from the Pfsense DHCP server:

Windows Domain Controller Installation

On the Oracle Virtualbox UI, select the Windows server and hit "Start"

Windows server will begin setup when you launch the machine. After selecting install on the first couple of windows you'll be presented with a few options for which version to install. I chose Standard Evaluation(Desktop Experience):

After agreeing to the licensing agreement, select "Custom" install. Select "Next" to use Drive 0 which will be our virtual drive. Windows server will begin installation, this may take a few minutes:

After this finishes you may see a screen that says "Press any key to boot from CD". Don't press anything, just give it a minute to load. This screen might pop up twice, but eventually you should be given a screen to create credentials like this:

Set you password and select "Finish". After loading, you should be shown a login screen when you need to select Ctrl+Alt+Delete to go to the login page. The default keybind for this within virtual box is to select the "Left Ctrl + Del". Left Ctrl is the default command key for virtual box which is important to note.

After logging in for the first time, the windows server window will pop up. Leave it open since we will use it to setup active directory. To make sure things are working right, open up a command line and enter "ipconfig" in order to make sure our Domain controller is getting a DHCP address from pfsense:

As a last QOL feature, we need install the guest additions for virtualbox. From the VM window, open the "Devices" menu and select "Insert guest additions cd image". Then navigate to the drive for the guest additions.

Within this drive, select "VboxWindowsAdditions-amd64" and run it. Click through and install using the default options. Once done, go ahead and reboot.

Active Directory Setup

To begin Active Directory Setup, login to the Windows Server VM and from the Server Manager Dashboard, select "Add Roles and Features"

Hit next and select "Role-based features" before hitting next again:

Hit next again and on the "Server Roles" page select "Active Directory Domain Services"

Hit "Add features" and then select next.

Hit Next until you see a button to Install. Hit install.

Back on the server dashboard you'll see a notification flag that when clicked, shows there is a post-deployment step to take for our Active Directory installation. We've created active directory but we haven't created the domain yet, so we will do so now. Select "Promote this server to a domain controller" :

Select "Add new forest" and enter a domain name:

Next you need to enter a password for restore mode. This will probably be never used:

From here we can hit next until we see an install button. Hit install.

Now that it is finished, the server will restart to make the changes.

If you Navigate to "Tools" -> "Active Directory Users and Devices" you will be provided the interface needed to create your organizational groups and users. For starters, we need to create a Domain Admin user. If you right click on the domain in the left toolbar and select New -> Organizational Unit, create a new Domain named "Admins":

Within the "Admins" organizational unit, right click and select "New"->"User":

Create the user with whichever name and account name you would like to use. Double click on the newly created user to open the properties section. Navigate to "Member of" and select "Add". From the new window, type "Domain Admins" into the box and select "Ok". This should cause a new entry to be shown for "Domain Admins". This will give us an account with authority over the Domain Controller and someone to sign into as for our windows 10 machine which we will soon join to the AD domain:

From here we need to ensure that our Pfsense router is aware of the Windows Server for DNS. This will ensure we are able to add our Windows 10 machine to the Active Directory Domian, Bungus.com. For this step, we will use our Windows 10 machine. Go ahead and start up the Windows 10 VM if it isn't already up and running. From the Windows 10 Machine, open a web browser and navigate to the Pfsense firewall's IP address. This IP address will be the default gateway(If needed, open command line and type "ipconfig"). Ignore the warning and hit continue:

After signing into the Pfsense admin console, navigate to Services -> DHCP Server -> LAN. Under "General Options" take notice of the IP Address range that is set. IP Addresses in this range are ones that will be randomly assigned by the DHCP server. To provide our AD Domain a static IP, we will choose one from outside of this range(I will choose 192.168.1.9).

Now in order to assign a static IP, we will navigate to Status -> DHCP Leases. Here we can see our Windows Server and Windows 10 machine which both have IP addresses assigned by DHCP. Select the "+" icon next to the windows server to open the page where we can set our static IP:

Enter a IP address from the same subnet that falls outside our DHCP IP address range. Scroll down to the bottom to save the change.

A window will appear to apply the changes. Apply the changes:

Our windows server should now have an IP address of 192.168.1.9. This can be verified by the command line(you may need to use "ipconfig /renew").

Likewise, the DHCP leases section within Pfsense should now display our static IP:

Now we need to use this to make sure our AD Domain resolves to this IP address. We can configure this in Services -> DNS Resolver. If we scroll down to the bottom we can see a section that says "Domain Overrides". Add a new override and input the static IP and the domain name:

Once this is saved it should be displayed in the Domain Override section:

Now we can add our Windows 10 PC to the AD Domain. In the search bar, enter "Your account info". This should bring up the account settings page with a section for "Access School or Work". Select "Connect"

Select to join a local AD domain:

From here you'll enter the domain name(Bungus.com) and then be prompted to enter account details. At the end you should be prompted to restart the machine. Go ahead and reboot. Once restarted, we should see our username that was created in active directory along with the domain:

After signing in it may take a minute. This machine should now be setup for use in our lab with access to the internet through our Pfsense firewall and then to our home's default gateway. If we open up Active Directory Computers & Users, we should now see our windows 10 vm listed as a computer:

In this lab, devices are using the Pfsense router for DHCP and DNS. If you find that your windows server doesn’t have internet access, you can fix this by right clicking on the network icon in the bottom right of the screen and selecting "Network and Internet Settings". Navigate to "Ethernet" and click on "Change Adapter Settings".

Now right click on the ethernet adapter and select "properties". Click on the entry for "IPv4" and click on "properties". I selected "Obtain DNS Server Address Automatically".

If it doesn't work you may need to go to cmd and enter "ipconfig /flushdns".

Add DC as a static IP

From the Windows 10 Machine, open a web browser and navigate to the Pfsense firewall's IP address. This IP address will be the default gateway(If needed, open command line and type "ipconfig"). Ignore the warning and hit continue: