SYS‐255 Lab 2 ADDS - aljimenez28/champlain GitHub Wiki

In this lab, I set up a Windows Server 2019 machine (ad01) as a Domain Controller (DC) for the domain alejandra.local. The lab required configuring static IPs, promoting the server to a DC, configuring DNS forward and reverse lookup zones, creating domain users, and joining a client machine (wks01) to the domain. Deliverables included screenshots of user accounts, computer accounts, and DNS resolution tests.

🔹 Environment Setup

  • fw01 (pfSense)

    • WAN: 10.0.17.110/24
    • LAN: 10.0.5.2/24

  • ad01 (Windows Server 2019)

    • IP: 10.0.5.5
    • Gateway: 10.0.5.2
    • DNS: initially 10.0.5.2, later switched to itself (127.0.0.1)

  • wks01 (Windows 10 Enterprise LTSC)

    • Final name: wks01-alejandra
    • DNS: 10.0.5.5 (ad01)

🔹 Problems Encountered and Fixes

1. Static IPs not working

  • Problem: At first, setting the IPs in IPv4 properties on ad01 didn’t work, and there was no connectivity.
  • Fix: Verified connectivity from pfSense. Confirmed ad01 was on the correct LAN interface (vtNet1). Used pfSense’s console ping tool to check 10.0.5.5. Once confirmed, ad01 could communicate properly with fw01.

2. AD DS Promotion Error

  • Problem: During the “Promote this server to a domain controller” step, I got the error: “An Active Directory domain controller for the domain alejandra.local could not be contacted.”
  • Cause: I accidentally chose “Add a domain controller to an existing domain” instead of *“Add a new forest.”
  • Fix: Restarted the wizard, selected Add a new forest, and used alejandra.local. Promotion worked after that.

3. PTR Record Warning

  • Problem: When creating the A record for fw01, I got a warning: “The associated pointer (PTR) record cannot be created, probably because the referenced reverse lookup zone cannot be found.”
  • Fix: Created a Reverse Lookup Zone (10.0.5.0/24) in DNS Manager. Then manually added PTR records for both fw01 (10.0.5.2) and ad01 (10.0.5.5). Verified with nslookup.

4. Forward Lookup for fw01 Not Resolving

  • Problem: nslookup fw01.alejandra.local failed at first.
  • Fix: Realized my DNS suffix setting was correct, so I recreated the fw01 A record in Forward Lookup Zones → alejandra.local. After flushing DNS (ipconfig /flushdns), nslookup fw01 resolved properly.

5. User Account Creation Conflict

  • Problem: When trying to create a regular user with my exact name, ADUC reported that a user already existed with the same name.

  • Fix: Created two distinct accounts in the Users container:

    • firstname.lastname-adm (added to Domain Admins)
    • firstname.lastname (adjusted name slightly to avoid conflict, left as regular Domain User)

6. Joining WKS01 to the Domain

  • Steps Taken:

    • Changed DNS to point at ad01 (10.0.5.5).
    • Renamed the machine to wks01-alejandra.
    • Joined it to the domain alejandra.local using the firstname.lastname-adm account.

  • Verification: After reboot, logged in with my regular domain user account.

🔹 Final Verification

On WKS01, I ran the required commands to confirm DNS resolution, domain login, and hostname:

nslookup 10.0.5.2
nslookup fw01-alejandra
nslookup alejandra.local
whoami
hostname

Results:

  • 10.0.5.2 → fw01-alejandra.local
  • fw01-alejandra → 10.0.5.2
  • alejandra.local → 10.0.5.5
  • whoami → alejandra\firstname.lastname
  • hostname → wks01-alejandra

This confirmed that:

  • DNS forward + reverse lookups are working
  • Users were created correctly
  • WKS01 successfully joined the domain