Lab02 ‐ AD DS and DNS - Liam-DiFalco/Sys255-FA24 GitHub Wiki

Lab Steps

1. Configuring Windows Server 2019

Network Adapter Configuration: The first step involves configuring the network settings on the AD server:

IP Address: 10.0.5.5
Subnet Mask: 255.255.255.0
Default Gateway: 10.0.5.2 (ensure fw01 is running)
DNS: 10.0.5.2

Once configured, you need to make sure the system is discoverable on the local network and set the appropriate time zone. After renaming the computer to ad01-liam, you have to reboot the server.

Verification: After rebooting, use PowerShell to confirm the hostname and check network connectivity. This ensures that the server can resolve external domain names and connect to the internet.

2. Installing AD DS Role

Roles: Active Directory Domain Services (AD DS) is the backbone of centralized domain management. Open Server Manager, navigate to "Add Roles and Features," and install the AD DS role.

Ensure you select the option to restart the server automatically after installation. The installation might take time, anddd maybeee it is a good opportunity to update documentation ;)

Server Promotion: Once AD DS is installed, promote the server to be the primary domain controller for the domain liam.local. This step creates a new forest for the domain. Make sure to configure a Directory Services Restore Mode (DSRM) password for recovery purposes in case of a system failure.

Note: You may encounter a DNS error due to the use of a .local top-level domain. Since this is an internal netwrok, this can be ignored.

After another reboot, the server now acts as the domain controller, and you will be logging in with domain credentials (liam.local\Administrator).

3. Configuring DNS

Local DNS Configuration: After AD DS is promoted, the DNS server will be configured to point to the local loopback address (127.0.0.1). DNS queries that cannot be resolved locally are forwarded to fw01, which relays them to external DNS servers.

Creating DNS Records: To enhance internal name resolution, a DNS record for fw01 is created. This is done by adding a host (A) record in the forward lookup zone for fw01.liam.local, associating it with IP 10.0.5.2. A pointer (PTR) record is also created for reverse DNS lookup.

Reverse DNS Setup: A reverse lookup zone for the 10.0.5.0/24 network is added. This allows reverse DNS queries, where IP addresses can be resolved back to hostnames. Add a PTR record for both fw01 and ad01, ensuring the reverse lookup functionality is operational.

4. Creating Domain Users

Administrator Account: It is best practice to create individual domain administrator accounts rather than relying on the shared Administrator account. Create a new user (first.difalco-adm), assign them to the "Domain Admins" group, and disable the option for a password reset upon first login.

Non-Privileged User: A non-privileged domain user account (liam.difalco) is also created. This account will be used for day-to-day operations without administrative privileges.

5. Joining WKS01 to the Domain

DNS Setup: Before joining the windows box to the domain, set its DNS server to 10.0.5.5 (ad01’s IP). This ensures proper domain name resolution during the domain joining process.

Verification: After configuring the DNS, test the domain's DNS resolution by pinging the domain and its resources. You should be able to perform reverse lookups and ping domain names for both fw01 and ad01.

Joining the Domain: Rename the workstation to wks01-liam and proceed to join the liam.local domain using the domain administrator account created earlier. After the machine reboots, log in using the non-privileged domain account (liam.local).