Lab 02 ‐ AD DS and DNS - rune-seregina/sys-255-fa24 GitHub Wiki

Objective
In this lab, I set up an Active Directory and a DNS for my 10.0.5.0/24 network. Using a local administrator account, I used the Server Manager application to configure my changes. After adding the Active Directory Domain Services (ADDS) feature, I was able to create a domain administrator account for my environment as well as a user account. Then, I manually created a DNS record for my firewall using DNS manager. I made sure this was set up both in Forward DNS Lookup and Reverse DNS Lookup. After adding my workstation to my domain, I was able to log in using my created user account and test my DNS configurations.

Vocab:

  • ADDS: Active Directory Domain Services, platform for managing users, computers, and other admin management
  • DOMAIN admin: have credentials in the Active Directory, have power over everything in an AD domain
  • LOCAL admin: have credentials stored locally in Windows OS, have power over everything in a single OS
  • domain controller: server in charge of managing a Windows domain, such as network and identity security (authentication & verification)
  • forest: an encapsulation of domains that do not share certain commonalities
  • forward lookup zone: maps domain names to ip addresses
  • reverse lookup zone: maps ip addresses to domain names
  • a record: ipv4 address record- links domain names to ipv4 addresses
  • aaaa record: ipv6 address record- links domain names to ipv6 addresses
  • ptr record: DNS pointer record, provides a domain name associated wuth an ip address

Resources used:

IP Assignments:

  • WAN IP (synonymous with fw interface 1/em0): 10.0.17.112/24
  • LAN IP (synonymous with fw interface 2/em1): 10.0.5.2/24
  • wkd-01 IP: 10.0.5.100/24
  • wks-01 default gateway: 10.0.5.2/24
  • wks-01 dns: 10.0.5.5/24
  • ad-01 ip: 10.0.5.5/24
  • ad-01 default gateway/dns:

Server Manager/Adding ADDS

  • manage> add roles and features > active directory domain services > restart destination server
  • ADDS Configuration wizard > Add a new forest . rune.local

Important: DOMAIN admins with credentials in the Active Directory have power over everything in an AD domain. LOCAL admins with credentials stored locally in Windows OS have power over everything in a single OS.

Server Manager/Adding a DNS Record

  • Server Manager > Tools > DNS
  • find name.local under Admin server > Forward Lookup zones
    • New host (A or AAAA) > add in name (eg. fw01-rune) and IP address > Create associated PTR record
  • Reverse Lookup Zone > New Zone > 10.0.5.x

Update PTR Records

  • back in rune.local, folder under Forward Lookup Zones uncheck and apply "Create associated PTR record", then re-check it and apply (for all DNS records)
  • Refresh the created Reverse Lookup zone using this icon image

WKS-01 Setup

  • change DNS to ad01s address: 10.0.5.5 and run some tests
    • ping fw01-rune (N)
    • nslookup 10.0.5.2 (should show ad01-rune.rune.local and its address along with fw01-rune.rune.local and its address)
    • ping fw01-rune.rune.local (Y)
    • ping rune.local (Y)
  • in the same place that the WS name is changed, change the WS domain to "rune" in order to be prompted for an admin pw to add the computer to the domain and ta-da!

Troubleshooting

  • no troubleshooting here :-)

Reflection
I was able to go through this lab without much confusion as I made sure to double-check my work every step of the way. The architecture of the environment is still quite new to me and I don't yet have a firm grasp on it yet (eg. local vs domain admins, local accounts, etc). Overall it was useful for me to learn the basics of Active Directory and Server Manager to be able to use these tools again in the future.

⚠️ **GitHub.com Fallback** ⚠️