Tech Journal for Lab 02 ‐ Active Directory Domain Services (AD DS) and DNS Setup - abubakeralokozay/SYS-255-01-System-Administration-and-network-services GitHub Wiki

Overview In this lab, I set up Active Directory Domain Services (AD DS) and DNS on a Windows Server 2019 virtual machine (VM) named ad01-yourname. The goal of this lab was to configure a Domain Controller for the domain yourname.local and set up a DNS infrastructure for name resolution. Additionally, I joined a client machine (wks01) to the domain and created domain users with specific roles and privileges.

Step-by-Step Process Step 1: Server Configuration (ad01) After setting up the VM and installing Windows Server 2019, I configured the network settings on ad01:

IP Address: 10.0.5.5 Netmask: 255.255.255.0 Gateway: 10.0.5.2 (The IP of the firewall and default gateway, fw01). DNS: I pointed the DNS server to 10.0.5.2 (fw01) initially but later changed it to 127.0.0.1 after promoting ad01 to a Domain Controller. Time Zone: UTC-5:00 (Eastern Time). Computer Name: ad01-yourname (the name of the server to match the domain). Step 2: Installing AD DS Role I used Server Manager to add the Active Directory Domain Services (AD DS) role to the server.

This step involved selecting the Active Directory Domain Services role and allowing the system to install necessary features. After installing the role, I was prompted to promote the server to a Domain Controller for a new forest (my domain yourname.local). Why? The installation of AD DS and promoting ad01 to a Domain Controller (DC) is essential because a Domain Controller is responsible for managing user accounts, authentication, and directory services within the domain. Step 3: Domain Controller Promotion Once the AD DS role was installed, I promoted ad01 to be the Domain Controller for the yourname.local domain. This process included:

Creating a new forest (yourname.local). Setting a Directory Services Restore Mode (DSRM) password for disaster recovery purposes. Why? Promoting ad01 to a Domain Controller allows it to manage authentication, group policies, and domain resources for all systems within the yourname.local domain. Step 4: DNS Configuration During the promotion process, I noticed that ad01 was configured to use 127.0.0.1 as the DNS server, which is the local loopback address. This allows ad01 to resolve domain names locally.

Additionally, I added DNS records for fw01 (Firewall) and ad01 to ensure they could resolve each other by hostname within the domain. Specifically, I: Created a forward lookup zone for yourname.local. Added an A record for fw01 with an IP of 10.0.5.2. Created a reverse lookup zone for the 10.0.5.0/24 network to handle reverse DNS queries. Added PTR records for fw01 and ad01 to allow reverse lookups by IP address. Why? DNS is a critical part of Active Directory. It ensures that clients can resolve domain controllers and other servers by hostname. Proper DNS configuration is vital for smooth domain communication. Step 5: Creating Domain Users After configuring DNS, I created domain users on ad01 through the Active Directory Users and Computers tool.

I created a Domain Administrator account first.lastname-adm, which was added to the Domain Admins group. I also created a non-privileged user account first.lastname without adding it to the Domain Admins group. Why? Creating distinct administrative and regular user accounts ensures the principle of least privilege. Users should only have the permissions necessary for their role to maintain security and accountability. Step 6: Preparing WKS01 to Join the Domain Before joining wks01 (the workstation) to the domain, I made the following changes:

Set the DNS on wks01 to 10.0.5.5 (the IP address of ad01). Why? In a domain environment, the client machine must be able to reach the DNS server configured on the domain controller. This ensures that wks01 can find domain resources like ad01 and fw01 by hostname. Step 7: Joining WKS01 to the Domain I renamed the workstation to wks01-yourname and joined it to the domain yourname.local using the Domain Administrator credentials created earlier.

After a restart, wks01 was successfully added to the domain. Why? Joining the client to the domain enables centralized management, group policy enforcement, and user authentication from the domain controller. Step 8: Verifying the Setup I performed several checks to ensure that everything was working as expected:

From PowerShell or Command Prompt on wks01, I ran the following commands: nslookup 10.0.5.2 – to perform a reverse DNS lookup for fw01. nslookup fw01-yourname – to query fw01 by its fully qualified domain name. nslookup yourname.local – to find the domain's DNS server. whoami – to confirm I was logged in as a domain user. hostname – to confirm the name of the workstation. Why? These checks ensure that the DNS configuration is correct, the domain join was successful, and that I am properly authenticated as a domain user. Conclusion This lab successfully configured a Domain Controller and DNS on ad01-yourname, set up domain user accounts, and joined a client machine (wks01) to the domain. The setup allows centralized management and authentication for domain users and machines. Additionally, DNS was properly configured for name resolution within the domain. By following these steps, I learned how to integrate DNS with Active Directory and set up a functional domain environment.