AD01 350 Setup - ItsMmmike/SYS-350 GitHub Wiki

Installing WinSrv2019 Standard Eval (Desktop)

In this milestone, I configure an AD server which will provide ADDS, DNS, and DHCP services for my local vCenter environment.

  • First I created a new VM on my ESXi host with the following specs:

    • Name: AD01-350
    • 2 CPU
    • 8GB RAM
    • 60GB Storage (Thin Provision)
    • NET-Adapter_1: (VM Network)
    • CD/ROM: "Win_Srv_2019-Installer.iso"

  • Select Windows Server 2019 Standard Evaluation (Desktop Experience) for installation

image

  • Continue selecting the default options for the installation configuration (Agree to the Terms and Conditions, and select storage devices) and then start the installer.

Sysprepping A Base Snapshot

  • On first startup, Press Ctrl + Shift + F3 to skip Admin Password (useful for sysprepping a clean base image)
  • Following this, Navigate to Windows Settings + make sure that the Current windows system is up to date before continuing to the next step
  • (Info on how to configure SSH goes here - you also want to ensure that you have key access available if you need it)
  • Setting up OpenSSH for windows Server 2019 --> Useful Link Here
# Commands used to install/enable OpenSSH on Windows
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
Start-Service sshd
Set-Service -Name sshd -StartupType 'Automatic'
  • From here, open a new cmd terminal and run sysconfig.
    • Set Windows Update to Manual after configuring SSH + ensuring all updates have been installed.
    • Configure Time Zone to use Eastern Standard Time
  • Install VMWare Tools
    • In ESXI > Select AD01 VM > Actions > GuestOS > Install VMWare Tools (mounts VMWare Tools CD/DVD ROM to system)
    • Navigate to the newly mounted VMWare Tools ROM and Run setup64 (Use default options)
    • Restart System

From here, you should be able to verify a successful VMWare Tools Installation via the ESXi Status Page for the AD01 VM

{F682BDAE-3861-42E8-BCD7-906E57DC660E}

  • Creating a Deployer Management Account and Sysprepping AD01
    • You can use the following script below to Sysprep the system
# Script used to configure a new "Deployer" User Account and Sysprep the system 
Set-ItemProperty "HKLM:\Software\Microsoft\Powershell\1\ShellIds" -Name ConsolePrompting -Value $true
New-ItemProperty -Path HKLM:\SOFTWARE\OpenSSH -Name DefaultShell -Value "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -PropertyType String -Force
Write-Host "Create a deployer user: Enter Password"
$pw = Read-Host -AsSecureString
New-LocalUser -Name deployer -Password $pw -AccountNeverExpires -PasswordNeverExpires:$true
Add-LocalGroupMember -Group Administrators -Member deployer
Write-Host "Pull down unattend.xml and then sysprep the box"
wget https://raw.githubusercontent.com/gmcyber/480share/master/unattend.xml -Outfile C:\Unattend.xml
C:\Windows\System32\Sysprep\sysprep.exe /oobe /generalize /unattend:C:\unattend.xml
Write-Host "Set Power to High Performance"
powercfg -setactive 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c
  • After the sysprep is completed: Power off the VM > Change the network adapter to the 350-Internal network > Change the CDROM to Host Device > and create a new VM snapshot called Base

Configuring AD01

In this section, I will be covering the configuration for my SYS-350 AD01 (ADDS + DNS)

  • On AD01-Michael, I configured the following settings:
    • Using Server Manager, I added the ADDS and DNS role to the local server
    • From here, I used settings in the table below to complete the new AD install/create a new AD Domain
Setting: Config:
IP 10.0.17.4/24
GW 10.0.17.2
Initial DNS 10.0.17.2
Hostname AD01-Michael
Domain Name michael.local
  • After this, I created a new michael-adm user and added it to the Domain Admins and Enterprise Admins Group (**Important for setting up vCenter SSO)

{5A6B2C90-A9A0-4AD2-9FE5-66A1EC166A3E}

Configuring DNS

After setting up my AD Domain, We need to configure the following A + PTR Records for devices on the local network

  • I used the following table below to configure my domain's DNS Records on AD01
A Record: PTR Record:
fw01 10.0.17.2
mgmt01 10.0.17.100
ad01-michael 10.0.17.4
Super13 192.168.3.213
vCenter 10.0.17.3
  • Screenshot of me using the Get-DnsServerResourceRecord command in PowerShell to verify that my DNS Records were properly configured

{F56383CE-DE4E-4AC1-A6FC-328743833AAC}