Lab 02 - michael-D-S/SYS-255 GitHub Wiki

Michael Sargent SYS-255-02, 9/7/2024

Lab02 ,Tech Journal

Overview: Within this Lab the VM ad02 was formatted to be the Server for the workstations VM, including a DNS and ADDS. Also there where both admin and unprevailed user profiles made for all machines that where created in the Active directory to be access from any machine on the domain.

Logins For Future Labs:

Admin Password: @dmin$3cur3

DSRM Password: D0m@1nC0ntr0l

unprivileged user: U$3r10g1n

New Info:

Server Manager: Go to for all server setting/configuration

Important Info: Domain Admins have power over everything within an AD domain, whereas Local Admins have power over everything within a singular installed OS and not within AD.

Lab Notes:

  • Cable ad01 to the LAN

  • Use default settings with the following exceptions

  • Product Key -> Do this later

  • Administrator Password

  • Open Server Manager

  • Open ethernet adapter:

    • IP: 10.0.5.5
    • Netmask: /24
    • Gateway: 10.0.5.2
    • DNS: 10.0.5.2

  • Time set to UTC

  • Rename Computer to ad01-michael

  • Reboot

  • Using CMD check that hostname has been set and that you can ping outside the network

  • Open Server Manager. From the Manage menu, Select Add Roles and Features

  • The following screenshots will show only those screens where non-default configuration is required.

    • Select Active Directory Domain Services->Add Features. Pick Active Directory Domain
    • Services: check Active Directory Domain Services

  • Choose the restart destination server option, and select yes on the confirmation dialog.

  • Select the link to Promote this server to a domain controller. Make absolutely sure you have set the hostname before moving forward with promoting this system.
  • We are going to create a new forest. Name this forest michael.local
  • Enter a DSRM password.
  • Find and invoke DNS Manager from the Server Manager/DNS/AD01 context menu
  • Find and expand the forward lookup zone for your new domain
  • You should have an entry for ad01.yourname. This allows you to ping ad01 by hostname and/or domain name. We are going to add an entry for fw01
  • From the DNS Manager, select New Host (A or AAAA name):
    • Host: fw01-michael
    • FQDN: fw01-michael.michael.local.
    • IP: 10.0.5.2
    • update PTR record
  • There will be an error that you need to make a reverse lookup zone
  • Add a reverse primary lookup for all IP addresses in the 10.0.5.0/24 Network by selecting the New Zone options from the right-click context menu as shown below. Use the defaults, and add a Network ID for 10.0.5.
  • The reverse dns entry for fw01 and ad01 should now be in the 5.0.10 reverse lookup zone.
  • You may need to refresh the view
  • find the Active Directory Users and Computers option. Under the Domain's user folder, add a new User.
    • First name: Michael
    • Last: Sargent
    • Full: Michael Sargent (adm)
    • User Logon: michael.sargent-adm @michael.local
    • User Logon pre windows 2000: MICHAEL/ michael.sargent-adm
  • Uncheck user must change password at next login
  • Add this user to the Domain Admins Group
  • Create a non-privileged account (Skip the addition to Domain Admins) for user michael.sargent
  • In wks01
  • Set wks01's DNS to 10.0.5.5 (ad01's address), since our DNS has those 2 new A and PTR records created earlier
  • Open System Properties-Computer Name/Domain Changes
    • Computer name: wks01-michael
    • Domain: michael
  • Enter admin username and password
    • michael.sargent-adm
    • Password
  • Restart wks01