Lab 02: DNS ADDS Role - Hsanokklis/2023-2024-Tech-journal GitHub Wiki

Take snapshot of VMs before start of lab

Important Specs:

MAC address of AD01: 00:50:56:a1:ad:5f

Admin Pw AD01: 4Hannelore

ad01 hostname: ad01-hannelore

DSRM pw: redacted (you know the pw)

Domain Admin pw: redacted (you know the pw)

Domain User pw: redacted (you know the pw)

Server 2019

Find and edit the virtual machine properties for ad01 by adjusting the network adapter to you LAN

Go to VM Hardware --> edit

LAN is connected

Server 2019 has already been installed for you. Start the VM and configure it as shown in the following steps!

Use default settings with the following exceptions

Product Key

Host and Network Configuration

Find and start Server Manager from the start menu

Go to the local Server

The Local Server Manager is probably the easiest way to begin the configuration changes

Another way to change Ethernet adapter options for IPv4 properties is via the network icon on the bottom-right in the task bar.

Do these steps in the Network Settings

Go to Network and Internet Settings
Change adapter options
Go to Ethernet0

Go to properties
Go to IPv4 Settings

Configure IPv4

IP Address: 10.0.5.5

Netmask: 255.255.255.0

Gateway 10.0.5.2 (Make sure fw01 is running).

DNS 10.0.5.2

Turn on Networking Discovery option

Server Manager after connecting to the internet

Rename the PC

I name it ad01-Hannelore

Check Networking

Using a command or powershell prompt, double check that your hostname has been set and that you have external connectivity as shown below

Check that host name has been changed with command "whoami"
Check network connectivity by pinging "google.com"

Installing the ADDS Role

Open Server Manager. From the Manage menu, Select Add Roles and Features

In the Add Roles and Features Wizard and under "Server Roles" click "Active Directory Domain Services"

Info about Active Directory

Choose the restart destination server option, and select yes on the confirmation dialog

Click install and wait for installation

Promotion

After installation, we need to configure our server(ad01) to be the primary domain controller for our domain (hannelore.local). Select the link to Promote this server to a domain controller. Make absolutely sure you have set the hostname before moving forward with promoting this system.

Successful Configuration and option to promote the server to domain controller

We are going to create a new forest. Name this forest yourname.local, where yourname is your first name.

Enter a DSRM password

DNS Error

Because we gave our environment a .local top level domain(TLD), an error is indicated during installation. Valid top level domains are domains like .com, .gov, .edu, .net. Because this is an internal domain, we will leave it as is. The naming of local domains is the subject of many debates among systems administrators.

This is the DNS error that comes up

The NetBIOS name is HANNELORE

make sure prerequisite check pass successfully and then install

Successful Restart for Admin account

DNS

After installation and a lengthy reboot, you will find that your ad01 server's network configuration has changed somewhat. Your DNS server now points to 127.0.0.1 (which is the local loopback adapter for ad01, i.e. it’s pointing back to itself), and DNS queries not handled locally are forwarded to fw01 which will in turn forward to its DNS Server.

Adding a DNS Record

The following commands run from ad01 show that we cannot access fw01 by name and only by IP address. We are going to create a DNS record on our server such that anyone using ad01 as a DNS server (including itself) can resolve the domain name fw01.yourname.local to 10.0.5.2.

type in the hostname command
ping the firewall 10.0.5.2

DNS Manager

Find and open DNS Manager from the Server Manager/DNS/AD01 context menu

Find and expand the forward lookup zone for your new domain (hannelore.local)

Select New host A

Add an entry for fw01
check "create associated pointer (PTR) record"

When your host is added, the capability to resolve a host by its hostname is enabled. The reverse is not true. We cannot get a hostname by IP address until we create a reverse lookup zone

Reverse DNS

Add a reverse primary lookup for all IP addresses in the 10.0.5.0/24 Network by selecting the New Zone options from the right-click context menu as shown below. Use the defaults, and add a Network ID for 10.0.5.

Make a New zone in Reverse lookup zones

Network ID 10.0.5.

Completed the creation of a zone for Reverse Lookup Zones

Go to the Forward Lookup Zone for ad01-hannelore

Go into the hannelore.local folder

Go to properties for the firewall

Make sure "Updated associated Pointer (PTR) record is checked

You need to go in, unclick it, then click it again, and then press apply. then press okay. (a process for some reason?)

This means that the forward A record will have an associated Reverse a record created along with it since now we have a reverse lookup zone made.

The Reverse Lookup zones for fw01 and ad01 should now be visible Reverse Lookup Zones

Create Named Domain Users on ad01

It is very easy to become confused between local accounts on either WKS1 and AD01 and domain accounts that are available on every system in the domain. We are going to create a named domain administrator account as well as a named non-privileged user account.

Go to AD DS

Right click and go to Active Directory Users and Computers

go to the domains user folder

Create a new user

This user (first.lastname-adm) will be a Domain Administrator and will have a distinct suffix (ADM) to show this.

Click next, and make a password. UNCHECK "user must change password at next logon"

Confirm credentials are correct

Go into Users, right click on the new Domain Admin and press add to group

Add to the Domain Admins group

Create another account that is non-privileged

Repeat the same steps but without adding it to the domain admin group

notice that the name does not have -adm at the end of it

Confirm credentials are correct

I couldn't use my full name again so I used Han San for my full name

You should now see your Domain admin account and Normal User account

Preparing wks01 to join yourname.local

Set wks01's DNS to 10.0.5.5 (ad01's address)

_ since our DNS has those 2 new A and PTR records created earlier_

Go to Control Panel, Ethernet0, IPv4 config and set DNS

Now we can attempt to ping a hostname. You should now be able to do a reverse lookup to fw01's RTR record using nslookup.

You cannot ping by the unqualified "fw01" hostname because we are not a domain joined system yet nor do we have a DNS suffix configured for yourname.local on wks01.

Command hostname
Command whoami
command ping fw01-hannelore
command nslookup 10.0.5.2 (firewall)

command nslookup fw01-hannelore.hannelore.local

command ping fw01-hannelore.hannelore.local

ping the domain - ping hannelore.local

Joining WKS01 to your new domain

Make sure the PC is renamed, mine is wks01-HanneloreSanokklis

Go to control panel --> System and Security ---> System --> System Properties ---> Change

make the computer a member of the hannelore Domain

If everything went well then you should be prompted for your domain admin credentials

HUZZAH! You are in the Hannelore Domain

Deliverables!

Deliverable 1: Show that WK01 has successfully been added to the AD on the AD01 server.

Deliverable 2: On AD01, select the two new users you have added and provide a screenshot.

Deliverable 3: From powershell or a command prompt on WKS01, provide the results of the following commands in one screenshot:

nslookup 10.0.5.2 (this will perform a reverse dns query)
nslookup fw01-yourname (this will query by host name)
nslookup yourname.local (this will find the domain's DNS server)
whoami (this will show that you are logged in as DOMAIN/User
Hostname (this will show the name of your workstation)

Firstly make sure you log onto your Wk01 using your non-admin domain credentials which are [email protected]

Here are all the commands