Lab2 ‐ AD setup - ryanm292002/SEC480 GitHub Wiki

SYSPREP WINDOWS Server

  1. Upload windows server ISO to datastore

  2. Create/register new VM named "dc1", put it on VM network initially

  3. Start with the Windows server 2019 setup image

  4. On create password for default user, ctrl + shift + f3 to enter sysprep image

  5. in sconfig, change time zone to est, change update to manual, check for updates manually// install if any available image

Reboot and update till there are no more applicable updates

  1. Install VMware tools (guest os > install vmwaretools)

  2. Run script (comment out last 2 lines, unblock file and change execution policy to remote signed) https://raw.githubusercontent.com/gmcyber/RangeControl/main/src/scripts/base-vms/windows/windows-prep.ps1 This installs SSH, creates a deployer user among other items

  3. After restarting run this single line from the script in powershell to complete sysprep C:\Windows\System32\Sysprep\sysprep.exe /oobe /generalize /unattend:C:\unattend.xml

  4. Shut down the VM, Change the hard drive option to ISO to hard drive (remove drive)

  5. TAKE SNAPSHOT , Move DC1 back to 480-wan network

Configure AD (from xUbuntu-wan management box)

SSH then use PowerShell to install AD, point to correct default gateway. Install/configure forest, dhcp, dns. Make a local admin for dc1

  1. Login to DC1 just to change admin password and give an IP address // give hostname, rest manage from SSH/PowerShell via xubuntu box

  2. SSH to DC1 deployer account from xubuntu-wan, start to run PowerShell commands image

FOR NEXT COUPLE STEPS I USED THIS LINK (works for 2019 even tho the article is 2016): https://www.readandexecute.com/how-to/server-2016/active-directory/installing-active-directory-with-powershell-windows-server-2016/

  1. Install ADDS Install-WindowsFeature AD-Domain-Services -IncludeManagementTools image

  2. Install forest, name it (also installed DNS here) Install-ADDSForest -DomainName YOURDOMAINHERE -InstallDNS image

  3. After server reboot, Test functionality of ADDS/domain Get-AdDomain

Create DNS Records (powershell) (https://learn.microsoft.com/en-us/powershell/module/dnsserver/add-dnsserverresourcerecorda?view=windowsserver2022-ps)

  1. Create A record, auto create ptr record with Add-DnsServerResourceRecordA -Name "host23" -ZoneName "contoso.com" -AllowUpdateAny -IPv4Address "172.18.99.23" -CreatePtr image

Enable Powershell

image Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-name "fDenyTSConnections" -Value 0 Enable-NetFirewallRule -DisplayGroup "Remote Desktop"

Install DHCP

  1. Install-WindowsFeature DHCP -IncludeManagementTools

  2. Create dhcp security group and restart image

  3. Create Scope image Add-DHCPServerv4Scope -Name “Employee Scope” -StartRange 192.168.64.10 -EndRange 192.168.64.30 -SubnetMask 255.255.255.0 -State Active

  4. Authorize dhcp server to operate in domain Set-DHCPServerv4OptionValue -ScopeID 192.168.64.0 -DnsDomain corp.momco.com -DnsServer 192.168.64.2 -Router 192.168.64.1 image

  5. Confirm Scope has been made: image

Tests done:

Show adds, show dns commands/ installation on dc1

nslookup ryan.local, xubuntu-wan, dc1, 480-fw

login to named domain admin user through ssh using @dc1 (dns)

Get -DnsServerResourceRecord -ZoneName ryan.local --RRType A | Format-table Get -DnsServerResourceRecord -ZoneName 17.0.10.in-addr-arpa --RRType ptr | Format-table

Get-DhcpServerv4Scope

Login to dc1 from ubuntu box using remmina

Struggles

DNS wasnt working on xubuntu, had to go into /etc/resolv.conf and change nameserver to 10.0.17.4 (domain contorller)