Lab 03 ‐ Active Directory - Sleeeee/t301-admin-III GitHub Wiki
Authors : CARMO SILVEIRINHA Tiago - HERTMANS Mathéo - STAS Justin
Date : 10/11/2025
Click to open
In this third lab, we will begin to explore services related to Active Directory.Click to open
Before starting Lab 3, we need to set up storage space for large ISO files. In Lab 2, we configured storage using ZFS and LVM as part of setting up our Proxmox cluster. For Lab 3, we need to clear the storage space previously created on your hypervisors and remove any ZFS storage configurations on those disks in order to reclaim disk space. Next, we need to create a new directory-based storage area: first by creating a directory on the hypervisor itself, then by creating a storage directory at the data centre level in Proxmox, ensuring that the ‘ISO Image’ content is enabled. This configuration will provide a clean storage location for the Windows Server ISOs required in Lab 3.Click to open
Two virtual machines were created using Windows Server 2025 ISO. One virtual machine was configured as a domain controller, while the other served as a client workstation. Each virtual machine was placed in different subnets to ensure proper network segmentation. The virtual disks allocated to both machines have 50 GB each to optimise disk usage. The Virtio drivers were connected via ISO, as Windows Server does not natively recognise this hardware.-
For the storage:
D:\vioscsi\win11\amd64 -
For the network :
D:\NetKVM\w11\amd64
Click to open
The Domain Controller (Windows machine) is configured with the name WIN-CONTROLLER, the right time zone, and a static IP address in the server subnet.
Required roles were installed: Active Directory Domain Services (AD DS), DNS, DHCP, and File Sharing.
The server was promoted to a domain controller for a new domain in the group11.lab TLD.
After the mandatory reboot, the installation was validated using dcdiag and dcdiag /test:DNS in Command Prompt.
Click to open
Using the Active Directory Users and Computers (ADUC) utility, we created three organisational units (OUs) (computers11, groups, and users11).
A personal account was created inside the users11 organisational units.
A students group was created in the groups OU, and the new user was added to this group.
For the client workstation, we configured the AD server as its DNS server. Afterwards, we joined the client machine to the domain we had just created. Its computer account appeared in ADUC, and we moved it to the computers OU to keep things organized. Finally, we successfully logged into the client machine with the new user account, confirming that domain authentication worked as expected.
Click to open
A domain-wide Network Time Protocol (NTP) configuration has been applied via Group Policy objects to ensure consistent time synchronisation across all computers in the domain. The NTP client settings specify a designated NTP server (10.11.0.50).
A password complexity policy has been configured and applied to all users in the domain. This policy requires passwords to have a minimum length (8 characters), enforces password history (24 previous passwords stored), applies complexity requirements (including letters, numbers, and symbols), and sets a maximum validity period for passwords. These measures help improve domain security by reducing the risk of weak or easily guessed passwords.
Remote Desktop (RDP) access was permitted for all members of the "students" group using group policies. The relevant policy was enabled, allowing users in GROUP11\students to connect via Remote Desktop Services to domain computers. This configuration is managed from the Group Policy Management Editor, where group membership and access rights are clearly defined.
