Milestone #2: AD Setup - zacharylongo/Tech-Journals GitHub Wiki

AD-Setup Summary:

video

💡In this milestone we are going to begin using an Active Directory login to vcenter. We will also install powershell and powercli on xubuntu-wan and hand extract the base VMs from dc1, xubuntu and vyos

Initial Steps

As per usual, I first established direct remote connection so that I can both copy and paste. My go-to for this is Chrome Remote Desktop. The following commands are a simple way to install both Google Chrome (which is a prerequisite) and Chrome Remote Desktop.

  • It's possible to install both manually through your default browser, however this is far faster.
wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb
sudo apt install --assume-yes ./google-chrome-stable_current_amd64.deb
wget https://dl.google.com/linux/direct/chrome-remote-desktop_current_amd64.deb
sudo apt install --assume-yes ./chrome-remote-desktop_current_amd64.deb
  • From here, I'd google "Chrome Remote Desktop" and click the official link. Once on the website I clicked the button to use my current system on CRD. (Blue button)

  • You should now be able to access your box remotely with the ability to copy/paste.

  • Make sure to close your IKVM/ESXI session on the desired box or CRD will not work properly.

Sysprep "prep"

First, under your host ---> Actions: Enable SSH

  • says "disable" because I've already enabled it.

Before trying to install your new VM (Windows server), you first need to get the ISO onto your machine. This is as simple as opening the Datastore browser in ESXI, selecting your "ISOS" folder (created last lab) and pressing "Upload".

Using the newly uploaded ISO, create a new Virtual Machine by right clicking on the lefthand tool bar in ESXI.

My config for the new box:

  • Additionally, make sure to apply the new ISO to the CD/ROM drive so that the box boots off it.

  • You should know this already, THIN PROVISION YOUR BOX under "storage" tab.

Slam that power on Button:

  • Booting up the box you'll be met with an installation screen. Boot Normally.

Select the following to install:

  • Accept terms / defaults. Then select custom install and pick the drive you'd like windows to be installed onto. (I only have one so this didn't matter)

Sysprep

  • After install, boot into the box as normal (Setting a password) and say "Yes" to network discovery.

  • Next, we need to change date/time, ip addresses (Static, DNS, DHCP Etc). This can be done using sconfig. (Open an administrator powershell session and type "sconfig"

  • In the sconfig menu, use the options to set the proper date/time and disable automatic updates. After this, continually update the box until no more updates are available.

  • Next install VMware Tools under "Guest OS" tab after right clicking target VM. (It's greyed out because I've already installed it)
  • The downloader should be available in the "disk drive" section of file explorer on the new box. Open the installer and let it run.

Now is the time to actually install the script provided by the course instructor:

https://raw.githubusercontent.com/gmcyber/RangeControl/main/src/scripts/base-vms/windows/windows-prep.ps1 

(Use wget or another method to install)

Also make the following edits:

After this is complete, we need to make the script executable:

Unblock-File .\windows-prep.ps1
Set-ExecutionPolicy RemoteSigned
  • You can now run the script. After it has ran, restart the machine.

If the restart is successful, shutoff the machine and unmount the ISO.

  • Create a snapshot as we've done prior.

Putting the "AD" in "AD setup". (Actually configuring the domain)

In the settings for your newly created DC box, change its adapter to the WAN as opposed to the VM network

  • Also remember to return to the "sconfig" menu (type "sconfig" in powershell) and set appropriate addresses for the box and DNS. Also make sure to name your box.

After proper config and sucessfull SSH from my CRD enabled box, I could then copy and paste the following to set up my domain.


Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools
Install-ADDSForest -DomainName “zach.local”
account after creation)
$password = Read-Host "Please enter a password for the zach-adm.longo user" -AsSecureString
New-ADUser -Name zach-adm.longo -AccountPassword $password -Passwordneverexpires $true -Enabled $true
Add-ADGroupMember -Identity "Domain Admins" -Members zach-adm.longo
Add-ADGroupMember -Identity "Enterprise Admins" -Members zach-adm.longo

Install-WindowsFeature DNS -IncludeManagementTools
Add-DnsServerPrimaryZone -NetworkID 10.0.17.0/24 -ZoneFile “17.0.10.in-addr.arpa.dns”
Add-DnsServerResourceRecordA -CreatePtr -Name "vcenter" -ZoneName "zach.local" -AllowUpdateAny -IPv4Address "10.0.17.3"
Add-DnsServerResourceRecordA -CreatePtr -Name "480-fw" -ZoneName "zach.local" -AllowUpdateAny -IPv4Address "10.0.17.2"
Add-DnsServerResourceRecordA -CreatePtr -Name "xubuntu-wan" -ZoneName "zacb.local" -AllowUpdateAny -IPv4Address "10.0.17.100"
Add-DnsServerResourceRecordPtr -Name "4" -ZoneName “17.0.10.in-addr.arpa” -AllowUpdateAny -AgeRecord -PtrDomainName "dc1.zach.local."

Install-WindowsFeature DHCP -IncludeManagementTools
netsh dhcp add securitygroups
Restart-Service dhcpserver
Add-DHCPServerv4Scope -Name “zach-scope” -StartRange 10.0.17.101 -EndRange 10.0.17.150 -SubnetMask 255.255.255.0 -State Active

Set-DHCPServerv4Scope -ScopeID 10.0.17.0 -Name “zach-scope” -State Active -LeaseDuration 1.00:00:00
Set-DHCPServerv4OptionValue -ScopeID 10.0.17.0 -DnsDomain dc1.zach.local -DnsServer 10.0.17.4 -Router 10.0.17.2 # Rev edit: believe that -DnsDomain should be "zach.local" instead of "dc1.zach.local"!
# Following must be run as the new adm user
Add-DhcpServerInDC -DnsName "dc1.zach.local" -IpAddress 10.0.17.4
Restart-service dhcpserver
  • Finally, move to the "advanced network settings" on your Xubuntu Box. From here set your new DNS address and domain!