SYS‐265 Initial Setup Lab - aljimenez28/champlain GitHub Wiki
Student: Alejandra Jimenez
Course: SYS 265
Instructor: Joe Eastman
This page documents my Initial Setup Lab build, verification steps, deliverables, and weekly journal reflection. It also includes topical sections on areas that were new or caused minor issues during setup.
Overview and Goals
This lab was the first build of the semester and established the base environment for all future SYS 265 labs. The goal was to create a routed WAN and LAN using pfSense, deploy a Windows client, stand up a Server Core domain controller, and configure a Windows Server management host. Once the foundation was in place, DNS forward and reverse records were configured, domain users were created, systems were joined to the domain, and routing and name resolution were verified.
Reflection Summary
This week’s tasks were not too bad. I quite enjoyed having a more simple lab. It makes sense since this is the first lab of the semester. It was definitely on the simpler side because we covered this setup topic in SYS 255, but I am glad because it means I am more comfortable with these topics going into the rest of the course.
Lab Architecture and Network Plan
Networks
| Network | Purpose | Network Address | Subnet Mask | Gateway |
|---|---|---|---|---|
| WAN | Public facing network for pfSense | 10.0.17.0 | 255.255.255.0 | 10.0.17.2 |
| LAN | Private network for Windows and AD | 10.0.5.0 | 255.255.255.0 | 10.0.5.2 |
Hosts and Addressing
| Host | Role | IP Address | Gateway | DNS |
|---|---|---|---|---|
| FW01 | pfSense router firewall | WAN 10.0.17.107LAN 10.0.5.2 | 10.0.17.2 / 10.0.5.2 | 8.8.8.8 |
| AD01 | Server Core DC and DNS | 10.0.5.5 | 10.0.5.2 | Initially 10.0.5.2, then itself |
| MGMT01 | Server 2022 GUI management | 10.0.5.10 | 10.0.5.2 | 10.0.5.5 |
| WKS01 | Windows client | 10.0.5.100 | 10.0.5.2 | 10.0.5.5 |
Domain Information
- Domain: alejandra.local
- Reverse lookup zone: 5.0.10.in-addr.arpa
Build Steps
Configure pfSense FW01
- Assigned WAN IP 10.0.17.107 with gateway 10.0.17.2
- Set LAN IP to 10.0.5.2 slash 24
- Disabled RFC1918 blocking on WAN
- Set DNS to 8.8.8.8
- Verified connectivity with ping tests to google.com
Configure WKS01
- Static IP 10.0.5.100
- Gateway 10.0.5.2
- DNS initially pfSense, later changed to 10.0.5.5
- Verified connectivity and name resolution
Note: Ping to 8.8.8.8 worked but google.com failed until DNS was flushed.
- ipconfig /flushdns
Configure AD01 Server Core
Network settings via sconfig:
- IP: 10.0.5.5
- Subnet: 255.255.255.0
- Gateway: 10.0.5.2
- DNS: 10.0.5.2
Install Active Directory and Create Forest
Install-WindowsFeature AD-Domain-Services -IncludeManagementTools
Install-ADDSForest -DomainName alejandra.local
Configure MGMT01
- Static IP 10.0.5.10
- Gateway 10.0.5.2
- DNS 10.0.5.5
- Updates set to manual via sconfig
- Joined to domain and logged in with domain account
- Installed AD DS, DNS, and management tools
- Added AD01 to Server Manager managed servers
DNS Configuration
- Connected DNS Manager on MGMT01 to AD01
- Created reverse lookup zone using network ID 10.0.5
- Added A and PTR records for FW01, AD01, and MGMT01
Domain Users
Created two domain users:
- alejandra.jimenez-lo
- alejandra.jimenez-ad
Added alejandra.jimenez-ad to Domain Admins.
Join WKS01 to Domain
Key requirement was DNS set to AD01.
DNS Server: 10.0.5.5
When the GUI join silently failed, I rebooted
Deliverables
Deliverable 1: Enumerate Computers
Deliverable 2: Enumerate Domain Users
Deliverable 3: DNS Server and A Records
Deliverable 4: Route Verification
Expected Path
- 10.0.5.2 (The LAN)
- 10.0.17.2 (The WAN)
- upstream gateway
Deliverable 5 Enumerate PTR Records
Course Journal Entry
Initial Entry
This week I built the baseline SYS 265 environment. The goal was to create a reliable routed network and deploy a functional Active Directory environment. I appreciated starting with a simpler lab because it reinforced fundamentals before moving into more complex topics later in the semester.
What Went Well
- Familiarity from SYS 255 made setup smooth
- DNS configuration reinforced how critical name resolution is for AD
- Reverse lookup zones helped solidify understanding of PTR records
Challenges and Fixes
- DNS resolution issue fixed by flushing DNS
- Permission errors fixed by logging in with proper domain context
- DNS Manager connection clarified by connecting to AD01
- Domain join GUI bug resolved using netdom
Topics to Learn More About
- DNS dynamic updates and AD integration
- Windows domain join failures and logging
- Reverse DNS importance in enterprise environments
Research Notes
- AD relies on DNS SRV records for domain controller discovery
- Reverse lookup zones help with auditing and troubleshooting
- Local admin and domain admin contexts are different and matter