Milestone 2.1 - Active Directory

Virtual Machine Creation

Before installing Active Directory on the network, we need to create a Domain Controller which the Active Directory and the devices within it can be managed and controlled from. Create a new virtual machine named 480-DC and have the Guest OS be Windows Server 2019, as shown below.

Configure the virtual machine to have the following resources shown in the screenshot below. Since this device will be housing multiple functionalities such as DNS, DHCP, and logging, the virtual machine needs more storage and computing power than normal.

Like always, Under "Hard Disk 1", ensure that the disk is provisioned thin, as this allows for flexibility with the amount of storage used by the virtual machine, leading to better allocation and potential future expansion.

Under "CD/DVD Drive 1", ensure that the Media path is for the Windows Server ISO filepath so that the virtual machine will boot with Windows Server.

Once you are done with the configuration and creating the virtual machine, it should appear under the "Virtual Machines" tab, as shown below.

Windows Server 2019 Installation

After turning on the virtual machine, hold DEL to open BIOS, as the boot window is extremely short on Windows Server. A Windows Setup window similar to the one below should appear, and this will begin the Installer process.

Select Standard Desktop Experience as you cannot enter Audit mode on Server Core.

Agree to the license terms and select the custom install for Windows.

Select the VM's 90 GB drive for the location to install Windows on.

On this page press CTRL+SHIFT+F3 to enter Audit Mode and create a password for the Administrator account on the device. Make sure you write this password down and do not forget it

Ignore the sysprep prompt, go to powershell and run sconfig Do the following configurations

• Press 5 and change it to manual update download
• Press 9 and change timezone to eastern
• Press 6 and install all updates

Download all updates, this may take multiple installs and reboots. Continue this process until it says that there are no more updates to install.

Install VmWare Tools on the virtual machine by navigating to the VM's page on ESXI. Select the settings button, and go to Console then Install VMWare Tools as shown in the screenshot below.

It will mount a drive on the device, and run the setup64.exe file on the drive. Once the installer is finished, restart the device.

Sysprep Script

Run the following commands from the script (Do not run them at the same time!)

• Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0 - Adds the SSH service to the devce
• Start-Service sshd - Starts the SSH service
• Set-Service -Name sshd -StartupType 'Automatic' -Configures the SSH service to start on boot automatically
• Set-ItemProperty "HKLM:\Software\Microsoft\Powershell\1\ShellIds" -Name ConsolePrompting -Value $true - Forces Powershell to ask for credentials in console rather than a GUI (Used to allow for automation)
• New-ItemProperty -Path HKLM:\SOFTWARE\OpenSSH -Name DefaultShell -Value "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -PropertyType String -Force - Changes the default shell for SSH to be powershell instead of cmd
• $pw = Read-Host -AsSecureString - Stores the password you want for deployer as a secured string variable
• New-LocalUser -Name deployer -Password $pw -AccountNeverExpires -PasswordNeverExpires:$true - Creates the deployer user using the secured string password from before
• Add-LocalGroupMember -Group Administrators -Member deployer - Adds the deployer user to the local administrator group
• wget https://raw.githubusercontent.com/gmcyber/RangeControl/main/src/scripts/base-vms/windows/unattend.xml -Outfile C:\Unattend.xml - Downloads the CyberRange's unattend file, which contains configurations and options for an installation process

REBOOT DEVICE BEFORE THE FOLLOWING COMMAND

• C:\Windows\System32\Sysprep\sysprep.exe /oobe /generalize /unattend:C:\unattend.xml - Uses sysprep command to format the device using the CyberRange unattend file to automate the setup process

Upon running the sysprep command, a progress window should appear, as shown below.

• powercfg -setactive 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c - Sets power to high performance (Not Neccessary)

Snapshot

After device shuts down, remove the ISO from the device. Check the network adapter for a MAC address, if it has one remove the network adapter and add a new one. Finally, change the CDROM to the host device, and create a snapshot.

Configuring AD through SSH

In order to SSH, we must first configure the network adapter and settings on domain controller so it can be SSH'd to. Set the DNS server to the gateway for now, as later we will be installing DNS on the domain controller.

Also make sure to rename the device before configuring AD and creating a local forest because it can cause authentication and trust issues in the future.

Install AD Domain Services & Create Forest

Install Domain-Services and include the management tools

Run ``Install-ADDSForest -DomainName "domain.local" to create a New Forest, create a DSRM password (MAKE SURE TO REMEMBER THIS PASSWORD ASWELL), press enter or Y to start the install. After the installation the SSH connection should break due to the device rebooting, similar to below:

Install DNS

According to Microsoft's documentation, the DNS functionality is already installed if you used the Install-ADDSForest command.

Create a reverse lookup zone for the 10.0.17.0 network to allow for PTR records to be created. By using the Add-DnsServerPrimaryZone command, a reverse lookup zone can be created, which should be named "17.0.10.in-addr.arpa", as shown in the screenshot below.

Use the command Add-DnsServerResourceRecordA -Name "name" -ZoneName "yourname.local" -IPv4Address "X.X.X.X" -CreatePTR to make the majority of the records. The -CreatePTR option will automatically create the respective PTR record for each A record generated.

Using the Get-DnsServerResourceRecord command we can see the newly created A records under the "eamon.local" zone.

Using the Get-DnsServerResourceRecord command we can see the newly created PTR records under the "17.0.10.in-addr.arpa" reverse lookup zone.

Remote Desktop

• Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -name "fDenyTSConnections" -value 0 - Enables RDP
• Enable-NetFirewallRule -DisplayGroup "Remote Desktop" - Enables the default Firewall Ruleset to allow for RDP
• Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -Name “UserAuthentication” -Value 1 - Requires User Authentication/Login before they can use RDP

Admin User Creation

• New-ADUser -Name "Name" -GivenName "FirstName" -Surname "LastName" -SamAccount "Username" -UserPrincipalName "Username" -AccountPassword $pw - Enabled $true - Creates a new Active Directory User Account (requires doing the password storing method used in the sysprep step
• ``Add-ADGroupMember -Identity "Domain Admins" -Members "SamAccountName" - Adds the user to the Domain Administrator group

Using the Get-ADPrincipalGroupMembership command against our administrator account, it shows that the account is part of the Domain Admins group. This means that the account is successfully configured to be a domain administrator.

Install DHCP

Install the Windows Feature

Create Security Groups for DHCP and restart the service

• Add-DHCPServerv4Scope -Name "480-Internal Scope" -StartRange 10.0.17.101 -EndRange 10.0.17.150 -SubnetMask 255.255.255.0 -State Active - Creates a new DHCP scope for our 480-Internal network
• Set-DhcpServerv4Scope -ScopeID 10.0.17.0 -LeaseDuration 1.00:00:00 - Sets the lease duration to a day
• Set-DHCPServerv4OptionValue -ScopeID 10.0.17.0 -DnsDomain eamon.local -DnsServer 10.0.17.4 -Router 10.0.17.2 - Configures IPv4 options such as the DHCP scope, domain, dns and gateway addresses

By running the Get-DhcpServer4Scope command, we can see the configuration for the DHCP server, showing the correct network address, subnet mask, IP ranges, and lease duration. This means that we have successfully configured the DHCP server's leasing settings.

• Add-DhcpServerInDC -DnsName eamon.local -IpAddress 10.0.17.4 - Adds the domain controller as an authorized DHCP server for the active directory domain
• Get-DhcpServerInDC - Lists the authorized DHCP servers on the active directory domain

As shown in the screenshot below, the domain controller's IP address is listed as one of the authorized DHCP servers on eamon.local, meaning that the DHCP server has been successfully added to the domain.

Notes

• Sysprep - removes identifiers and prepares the system to be mass cloned/copied in the future

Sources

• https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/install-active-directory-domain-services--level-100-
• https://learn.microsoft.com/en-us/powershell/module/dnsserver/add-dnsserverresourcerecorda?view=windowsserver2025-ps
• https://learn.microsoft.com/en-us/powershell/module/activedirectory/new-aduser?view=windowsserver2025-ps
• https://malwaremily.medium.com/install-ad-ds-dns-and-dhcp-using-powershell-on-windows-server-2016-ac331e5988a7