Milestone 2 ‐ AD - Jacob-Mayotte/SYS480 GitHub Wiki
ESXI address: 192.168.7.34 Use RCD for xubuntu Jacob!
Goal of the Assignment: 💡Milestone 1 should be completed, we are going to augment our architecture further by deploying Windows Domain Controller. and vCenter. Additionally, we will begin managing our Hypervisor from xubuntu-wan.
- Please take a snapshot of xubunutu mgmt at this point
Upload the ISO:
- Navigate to the x drive and add the server eval & vmcenter isos to the iso DB.
Config of Windows Server:
- Pulled ISO from the X:Drive and popped it into the data store
- Select start and select the CD-rom to start fropm since our ISO is there
- Go through install wizard, select:
Windows Server 2019 Standard (Desktop Experience)
- Select:
Custom Windows Install (Advanced)
- Select drive 0 and select install. Windows will now install on tbhe machine on drive 0.
- Once the machine starts you will be prompted for a admin password = DO NOT SET A PASSWORD!!!! sysprep may open, DO NOT CLOSE IT!!!!! Instead press: CTRL + SHIFT + F3
- This will enter audit mode. Once we are in this mode change open up windows powershell via admin and enter:
sconfig
- Date & Time --> US EAST
- Set Win Update
- Search for Windows updates and install them! Do this twice!
- Now since the updates are installed we can install VMware tools:
- Go to ESXI and right click the box like so:
(Right clicked on the box and went to console then added VMRC)
- Restart the box and navigate to file manager
- Go to the D: drive and select
setup64
and lkewt it run. Choose typical as download type and let it install!
- Once the install is finished the wizard will ask if you want to restart the machine say:
yes
! - Now you have VMware configured
- Ran a wget to retrieve the script provided in the lab:
wget https://tinyurl.com/480sysprep -OutFile windows-prep.ps1
-
notepad .\windows-prep.ps1
// opens up the file so we can (un)comment out the following lines: -
Commented:
- Uncommented:
Now save that file! As the lab states: You’ll have to unblock the file and change execution policy to be able to run!
So we must do this with the following:
Unblock-File .\windows-prep.ps1
Set-ExecutionPolicy RemoteSigned
- Now run it with:
.\windows-prep.ps1
// set password when prompted!
- Note! Sysprep is going to come back and say: Hey! Another copy of me if already running, that's fine, just reboot the machine!
- Once the machine is fully restarted we can go back to our script and copy the following line: `` and run it in admin powershell:
- The machine si going to shut itself off, when its completely off return to ESXI and go to the dc1 VMs settings to remove the ISO file from CD slot & set the network adapter to:
480-WAN
, save it:
- Now go back into the VM to take a snapshot / Just name the snapshot Base since we will be using this later in the semester:
Network the machine:
As stated in the lab:
Using your new baseline (make sure you have that Base snapshot), start it up and
Add the Administrative user password // This will prompt at the start of the VM
Change the segment to 480-WAN give it an ip of 10.0.17.4/24 and a hostname of dc1, you will want DNS and Gateway pointing to vyos: 10.0.17.2 initially
Do remember to rename the computer before installing the forest if you didn't set it already. // just enter settings and rename the PC to `dc1-jacob`
Network Configuration:
- Once these steps are finished reboot the VM! We can proceed to:
Complete configuration using powershell/ssh from xubuntu-wan as deployer
Document all commands in your tech journal!
install adds (yourname.local)
install dns
create A and PTR entries for
vcenter.yourname.local at 10.0.17.3
480-fw as 10.0.17.2
xubuntu-wan at 10.0.17.100
dc1 (just PTR needs to be added) at 10.0.17.4
Okay now on ubuntu mgmt I created the following script using this source & source & scourse
Script Name: script1-milestone2AD.ps1
Script:
# Install Active Directory Domain Services (ADDS)
Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools
Install-ADDSForest -DomainName "jacob.local"
# NOTE: It will reboot automatically after this part
# Create and add admin user to Domain Admins group
New-ADUser -Name "jacob-adm" -AccountPassword (Read-Host -Prompt 'Enter a Password for the admin user' -AsSecureString) -Passwordneverexpires $true -Enabled $true
Add-ADGroupMember -Identity "Domain Admins" -Members "jacob-adm"
# Install DNS windows featurwe
Install-WindowsFeature DNS
# Configure DNS
Add-DnsServerPrimaryZone -NetworkID "10.0.17.0/24" -ZoneFile "10.0.17.4.in-addr.arpa.dns"
# Create A and PTR records
Add-DnsServerResourceRecordA -Name "vcenter" -ZoneName "jacob.local" -IPv4Address "10.0.17.3"
Add-DnsServerResourceRecordA -Name "480-fw" -ZoneName "jacob.local" -IPv4Address "10.0.17.2"
Add-DnsServerResourceRecordA -Name "xubuntu-wan" -ZoneName "jacob.local" -IPv4Address "10.0.17.100"
Add-DnsServerResourceRecordPtr -Name "100" -ZoneName "17.0.10.in-addr.arpa" -PtrDomainName "xubuntu-wan.jacob.local"
Add-DnsServerResourceRecordPtr -Name "4" -ZoneName "17.0.10.in-addr.arpa" -PtrDomainName "dc1-jacob.jacob.local"
Add-DnsServerResourceRecordPtr -Name "3" -ZoneName "17.0.10.in-addr.arpa" -PtrDomainName "vcenter.jacob.local"
Add-DnsServerResourceRecordPtr -Name "2" -ZoneName "17.0.10.in-addr.arpa" -PtrDomainName "480-fw.jacob.local"
# Display completion message
Write-Host "DNS configuration completed successfully."
I used scp to get the file over from xubuntu to the windows server: scp /home/jacob/Downloads/script1-milestone2AD.ps1 [email protected]:/C:/Users/deployer/Desktop
Source
.\script1-milestone2AD
// was promoted for safe mode admin password, then asked if this was okay pressed yes, went through the install! You may encounter some errors, I did with the admin user add. To double check what worked and what did not I used the Server manager GUI, and DNS tool. I then just added a new admin user then added it the domain named admin group. My pointers did show up!
Now I ran the file: Now we can move onto enabling remote desktop via powershell source// to do this I leveraged Remmina, a tool introduced to me last semester in eth:
First, run the following in dc1 in ps:
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -name "fDenyTSConnections" -value 0
Enable-NetFirewallRule -DisplayGroup "Remote Desktop"
Then on xubuuntu management I ran: sudo snap install remmina
// when you initially open remmina form the GUI you will receive an error, just copy the commands provided and run them. Remmina now functions!
Connection:
Source & Source
Install DHCP!: Used the following resources:Install-WindowsFeature DHCP -IncludeManagementTools
netsh dhcp add securitygroups
Restart-Service dhcpserver
// will say warning but should pass through!Add-DhcpServerv4Scope -Name "jacob.local" -StartRange 10.0.17.101 -EndRange 10.0.17.150 -SubnetMask 255.255.255.0 -State Active
// adds dhcp server scopeSet-DhcpServerv4Scope -ScopeId 10.0.17.0 -LeaseDuration 1.00:00:00
// sets dhcp leaseSet-DhcpServerv4OptionValue -ScopeID 10.0.17.0 -DnsDomain "jacob.local" -DnsServer 10.0.17.4 -Router 10.0.17.2
// Sets option valsAdd-DhcpServerInDC -DnsName "jacob.local" -IpAddress 10.0.17.4
// sets DC- Now just go to xubuntu mgmt and make sure the adapter is 480-wan. PLEASE NOTE! I COULD NOT RESOLVE
nslookup 480-fw.jacob.local
at first!!! Slammed my head for awhile. Delete the network config entirely. Disconnect it once or twice, the xubuntu network adapter has a tendency to get, 'sticky' - Also had a small shcp issue:
dhclient -r
fixed this
To see if your mgmt box is domain joined: https://serverfault.com/questions/701184/find-if-linux-machine-is-domain-joined
Testing: FROM xubuntu:
ip a
nslookup jacob.local
ping -c 1 480-fw
nslookup 10.0.17.3
nslookup dc1-jacob
Now SSH into the domain admin:ssh jacob-adm@dc1(10.0.17.4)
whoami
Get-DnsServerResourceRecord -ZoneName jacob.local -RRType A | Format-Table
Get-DnsServerResourceRecord -ZoneName 17.0.10.in.arpa -RRType PTR | Format-Table
Get-DhcpServerv4Scope
Now RDP into your dc1 w domain named admin via remmina