Milestone 2 ‐ AD - Jacob-Mayotte/SYS480 GitHub Wiki

ESXI address: 192.168.7.34 Use RCD for xubuntu Jacob!

Goal of the Assignment: 💡Milestone 1 should be completed, we are going to augment our architecture further by deploying Windows Domain Controller. and vCenter. Additionally, we will begin managing our Hypervisor from xubuntu-wan.

Please take a snapshot of xubunutu mgmt at this point

Upload the ISO:

Navigate to the x drive and add the server eval & vmcenter isos to the iso DB.

Config of Windows Server:

Pulled ISO from the X:Drive and popped it into the data store

Select start and select the CD-rom to start fropm since our ISO is there
Go through install wizard, select: Windows Server 2019 Standard (Desktop Experience)
Select: Custom Windows Install (Advanced)
Select drive 0 and select install. Windows will now install on tbhe machine on drive 0.

Once the machine starts you will be prompted for a admin password = DO NOT SET A PASSWORD!!!! sysprep may open, DO NOT CLOSE IT!!!!! Instead press: CTRL + SHIFT + F3
This will enter audit mode. Once we are in this mode change open up windows powershell via admin and enter: sconfig

Date & Time --> US EAST
Set Win Update
Search for Windows updates and install them! Do this twice!

Now since the updates are installed we can install VMware tools:

Go to ESXI and right click the box like so:

(Right clicked on the box and went to console then added VMRC)

Restart the box and navigate to file manager
Go to the D: drive and select setup64 and lkewt it run. Choose typical as download type and let it install!

Once the install is finished the wizard will ask if you want to restart the machine say: yes!
Now you have VMware configured

Ran a wget to retrieve the script provided in the lab:

wget https://tinyurl.com/480sysprep -OutFile windows-prep.ps1

notepad .\windows-prep.ps1 // opens up the file so we can (un)comment out the following lines:
Commented:

Uncommented:

Now save that file! As the lab states: You’ll have to unblock the file and change execution policy to be able to run! So we must do this with the following:

Unblock-File .\windows-prep.ps1
Set-ExecutionPolicy RemoteSigned

Now run it with: .\windows-prep.ps1 // set password when prompted!

Note! Sysprep is going to come back and say: Hey! Another copy of me if already running, that's fine, just reboot the machine!
Once the machine is fully restarted we can go back to our script and copy the following line: `` and run it in admin powershell:

The machine si going to shut itself off, when its completely off return to ESXI and go to the dc1 VMs settings to remove the ISO file from CD slot & set the network adapter to: 480-WAN, save it:

Now go back into the VM to take a snapshot / Just name the snapshot Base since we will be using this later in the semester:

Network the machine:

As stated in the lab:

Using your new baseline (make sure you have that Base snapshot), start it up and
Add the Administrative user password // This will prompt at the start of the VM
Change the segment to 480-WAN give it an ip of 10.0.17.4/24 and a hostname of dc1, you will want DNS and Gateway pointing to vyos: 10.0.17.2 initially
Do remember to rename the computer before installing the forest if you didn't set it already. // just enter settings and rename the PC to `dc1-jacob`

Network Configuration:

Once these steps are finished reboot the VM! We can proceed to:

Complete configuration using powershell/ssh from xubuntu-wan as deployer
Document all commands in your tech journal!
install adds (yourname.local)
install dns
create A and PTR entries for 
vcenter.yourname.local at 10.0.17.3
480-fw as 10.0.17.2
xubuntu-wan at 10.0.17.100
dc1 (just PTR needs to be added) at 10.0.17.4

ssh [email protected]

Okay now on ubuntu mgmt I created the following script using this source & source & scourse

Script Name: script1-milestone2AD.ps1

Script:

# Install Active Directory Domain Services (ADDS)
Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools
Install-ADDSForest -DomainName "jacob.local"
# NOTE: It will reboot automatically after this part

# Create and add admin user to Domain Admins group
New-ADUser -Name "jacob-adm" -AccountPassword (Read-Host -Prompt 'Enter a Password for the admin user' -AsSecureString) -Passwordneverexpires $true -Enabled $true
Add-ADGroupMember -Identity "Domain Admins" -Members "jacob-adm"

# Install DNS windows featurwe 
Install-WindowsFeature DNS

# Configure DNS
Add-DnsServerPrimaryZone -NetworkID "10.0.17.0/24" -ZoneFile "10.0.17.4.in-addr.arpa.dns"

# Create A and PTR records
Add-DnsServerResourceRecordA -Name "vcenter" -ZoneName "jacob.local" -IPv4Address "10.0.17.3"
Add-DnsServerResourceRecordA -Name "480-fw" -ZoneName "jacob.local" -IPv4Address "10.0.17.2"
Add-DnsServerResourceRecordA -Name "xubuntu-wan" -ZoneName "jacob.local" -IPv4Address "10.0.17.100"
Add-DnsServerResourceRecordPtr -Name "100" -ZoneName "17.0.10.in-addr.arpa" -PtrDomainName "xubuntu-wan.jacob.local"
Add-DnsServerResourceRecordPtr -Name "4" -ZoneName "17.0.10.in-addr.arpa" -PtrDomainName "dc1-jacob.jacob.local"
Add-DnsServerResourceRecordPtr -Name "3" -ZoneName "17.0.10.in-addr.arpa" -PtrDomainName "vcenter.jacob.local"
Add-DnsServerResourceRecordPtr -Name "2" -ZoneName "17.0.10.in-addr.arpa" -PtrDomainName "480-fw.jacob.local"

# Display completion message
Write-Host "DNS configuration completed successfully."

I used scp to get the file over from xubuntu to the windows server: scp /home/jacob/Downloads/script1-milestone2AD.ps1 [email protected]:/C:/Users/deployer/Desktop Source

Now I ran the file: `.\script1-milestone2AD` // was promoted for safe mode admin password, then asked if this was okay pressed yes, went through the install! You may encounter some errors, I did with the admin user add. To double check what worked and what did not I used the Server manager GUI, and DNS tool. I then just added a new admin user then added it the domain named admin group. My pointers did show up!

Now we can move onto enabling remote desktop via powershell source// to do this I leveraged Remmina, a tool introduced to me last semester in eth:

First, run the following in dc1 in ps:

Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -name "fDenyTSConnections" -value 0
Enable-NetFirewallRule -DisplayGroup "Remote Desktop"

Then on xubuuntu management I ran: sudo snap install remmina // when you initially open remmina form the GUI you will receive an error, just copy the commands provided and run them. Remmina now functions!

Connection:

Install DHCP!: Used the following resources: Source & Source

Install-WindowsFeature DHCP -IncludeManagementTools
netsh dhcp add securitygroups
Restart-Service dhcpserver // will say warning but should pass through!
Add-DhcpServerv4Scope -Name "jacob.local" -StartRange 10.0.17.101 -EndRange 10.0.17.150 -SubnetMask 255.255.255.0 -State Active // adds dhcp server scope
Set-DhcpServerv4Scope -ScopeId 10.0.17.0 -LeaseDuration 1.00:00:00 // sets dhcp lease
Set-DhcpServerv4OptionValue -ScopeID 10.0.17.0 -DnsDomain "jacob.local" -DnsServer 10.0.17.4 -Router 10.0.17.2 // Sets option vals
Add-DhcpServerInDC -DnsName "jacob.local" -IpAddress 10.0.17.4 // sets DC
Now just go to xubuntu mgmt and make sure the adapter is 480-wan. PLEASE NOTE! I COULD NOT RESOLVE nslookup 480-fw.jacob.local at first!!! Slammed my head for awhile. Delete the network config entirely. Disconnect it once or twice, the xubuntu network adapter has a tendency to get, 'sticky'
Also had a small shcp issue: dhclient -r fixed this

To see if your mgmt box is domain joined: https://serverfault.com/questions/701184/find-if-linux-machine-is-domain-joined

Testing: FROM xubuntu:

ip a
nslookup jacob.local
ping -c 1 480-fw
nslookup 10.0.17.3
nslookup dc1-jacob Now SSH into the domain admin: ssh jacob-adm@dc1(10.0.17.4) whoami
Get-DnsServerResourceRecord -ZoneName jacob.local -RRType A | Format-Table
Get-DnsServerResourceRecord -ZoneName 17.0.10.in.arpa -RRType PTR | Format-Table
Get-DhcpServerv4Scope Now RDP into your dc1 w domain named admin via remmina