Milestone 2: AD - squatchulator/Tech-Journal GitHub Wiki

Milestone 2: AD

Sysprepping Windows

  • Log into your xUbuntu-wan box
  • If you need to download any ISO's for this class, you can navigate to 192.168.3.120:8000 and grab them from there.
  • Create a new VM with this ISO called dc1. Use the following configurations:

image

image

image

image

  • Once completed, hit Finish and power dc1 up. Select boot normally, and let it boot from the USB/DVD. This may take a while since it's Windows. Click through the installer, and when you choose the OS you want to install select the Standard Evaluation Desktop Experience. Do a custom install, hit next, and let it install.
  • DON'T MAKE A NEW PASSWORD WHEN PROMPTED. Instead, we hit CTRL+SHIFT+F3 to enter audit mode.
  • Once booted enter a new PowerShell admin window. Go to sconfig. Change the update settings to manual from DownloadOnly, set the Date&Time to UTC-05:00 Eastern, download and install updates (this part will take a looong time). Install all the ones it prompts for.
  • After updating is complete, go into the hypervisor and rightclick dc1 -> Guest OS -> Install VMWare Tools. Go back into the VM, go to File Explorer, and find the DVD drive for VMWare Tools. Run the file called setup64. Let it run and restart when prompted.
  • Grab the sysprep script with wget https://tinyurl.com/480sysprep -OutFile windows-prep.ps1. Open it with notepad and make a few changes. First, uncomment the first Write-Host line and all the commented lines below it, and comment out the last 2 lines.
  • Unblock this file with Unblock-File .\windows-prep.ps1 and set the execution policy with Set-ExecutionPolicy RemoteSigned. Run it with .\windows-prep.ps1. Create a strong password when prompted to do so, and it will prompt that something else is already running - that's fine, reboot the box.
  • Reopen the script in notepad. Copy the 3rd line from the bottom. Open up Powershell as admin and paste this line in there, run it, and it should power the VM off.
  • Once off, go into the VM's settings and remove the Device ISO file, and switch the network to 480-WAN. Take a snapshot as well and name it "Base".

Installing AD, DC, and DNS

  • Now that we are all done sysprepping and SSH is installed on our dc1, we can go into our linux box and SSH into the Windows one. You are first going to need to set the admin password and configure the network. Set this box to 10.0.17.4 as the address with a gateway of 10.0.17.2. Also rename the computer to "dc1-miles" before doing another reboot.
  • Now we should be able to ssh into our deployer account. Run the following:
Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools
Install-ADDSForest -DomainName "miles.local"
# NOTE: It will reboot automatically after this part
New-ADUser -Name miles-adm.cummings -AccountPassword (Read-Host -Prompt 'Enter a Password for this user' -AsSecureString) -Passwordneverexpires $true -Enabled $true
Add-ADGroupMember -Identity "Domain Admins" -Members miles-adm.cummings
Install-WindowsFeature DNS
Add-DnsServerPrimaryZone -NetworkID "10.0.17.0/24" -ZoneFile "10.0.17.4.in-addr.arpa.dns"
Add-DnsServerResourceRecordA -Name "vcenter" -ZoneName "miles.local" -IPv4Address "10.0.17.3"
Add-DnsServerResourceRecordA -Name "480-fw" -ZoneName "miles.local" -IPv4Address "10.0.17.2"
Add-DnsServerResourceRecordA -Name "xubuntu-wan" -ZoneName "miles.local" -IPv4Address "10.0.17.100" 
Add-DnsServerResourceRecordPtr -Name "100" -ZoneName "17.0.10.in-addr.arpa" -PtrDomainName "xubuntu-wan.miles.local"
Add-DnsServerResourceRecordPtr -Name "4" -ZoneName "17.0.10.in-addr.arpa" -PtrDomainName "dc1-miles.miles.local"
Add-DnsServerResourceRecordPtr -Name "3" -ZoneName "17.0.10.in-addr.arpa" -PtrDomainName "vcenter.miles.local"
Add-DnsServerResourceRecordPtr -Name "2" -ZoneName "17.0.10.in-addr.arpa" -PtrDomainName "480-fw.miles.local"

Remote Desktop

  • It would be wise to get Remote Desktop enabled now while we are in Powershell. Run these commands:
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -Name "fDenyTSConnections" -Value 0
Enable-NetFirewallRule -DisplayGroup "Remote Desktop"
# Then, on xubuntu, install remmina to access DC1 via Remote Desktop.

DHCP Setup

  • Now that we have the ADDS Forest working, Remote Desktop enabled, domain controller configured, and DNS set up, we need to install and configure DHCP using this official guide.
Install-WindowsFeature DHCP -IncludeManagementTools
netsh dhcp add securitygroups
Restart-Service dhcpserver
  • Now that it's installed we need to set up the scope.
Add-DhcpServerv4Scope -name "miles.local" -StartRange 10.0.17.110 -EndRange 10.0.17.150 -SubnetMask 255.255.255.0 -State Active
Set-DhcpServerv4Scope -ScopeId 10.0.17.0 -LeaseDuration 1.00:00:00
Set-DhcpServerv4OptionValue -ScopeID 10.0.17.0 -DnsDomain miles.local -DnsServer 10.0.17.4 -Router 10.0.17.2
# We also have to set the server in the domain controller (as administrator)
Add-DhcpServerInDC -DnsName miles.local -IpAddress 10.0.17.4
  • Restart the server after this part.