Active Directory Network

Install Needed Software

Install Oracle Virtual Box.

Install Windows Server iso for each server VM.

Install Windows 11 Pro/Enterprise iso for each client VM.

This lab has 3 servers and 2 clients:

Host Network Settings

Set network setting in each VM to internal network and name "intranet".

DC-NAT server will also include a bridged adapter to provide WAN access to the internal network.

virtual box network setting
bridged connection
The wifi network adapter can sometimes cause issues. Uninstall and reinstall the Virtual Box NDIS6 Bridged Networking Driver to troubleshoot.
VM Settings
Rename local host name.
rename pc
Run ncpa.cpl to access Network Connections under Control Panel.
ncpa.cpl
Set private static IP addresses. DC-NAT will have loopback address since it is the DNS server.
set private IP address
Domain Controller Setup
In Server Manager, under the Manage tab, select add Roles and Features Wizard. Select default options through setup, and install Active Directory Domain Services.
add roles and features wizard

When the installation completes, select the flag icon and select "promote this server to domain controller".

Add a new forest (domain) with whatever root domain name address needed (ex. homelab.com). Complete default setup options.

setup root domain name

Once setup restarts the VM, the new username should be domain name/administrator. Log back in.

To setup a custom domain adminstrator account, in server manager select Tools->Active Directory Users and Computers, or run dsa.msc.

Right click on the domainname->New->Organization Unit.

Create a new OU for admins.

new ou

Creat a new User account to use as your personal admin account.

Right click on the new account and select Properties->Member Of->Add.

Add domain admins;enterprise admins;schema admins; to give various privileged access to this admin account.

setup admin account
DHCP Setup

Log in to the DHCP server under the custom admin account. Change the local pc name and add the VM to the domain.

Using Roles and Features Wizard, install DHCP server.

setup dhcp

Complete DHCP server installation by clicking on the flag icon and authorizing the server with the admin account you logged in with.

In Server Manager, select Tools->DHCP->right click IPv4->New Scope. For this server scope will be IPv4 address 10.0.0.200-10.0.0.250.

Select default options for the rest of scope setup and include the DC server IPv4 address as the default gateway.

setup scope

Startup Client1 VM and confirm that the DHCP server automatically assigned a IPv4 address to the client.

Change the first client VM name and add to domain just like the servers.

Change the remaining VM local names and add them to the domain.

add domain
Create new organization units for client and server VMs seperately. Move the VMs from Computers to their respective OUs.
File Server Setup

Go to the C: drive in the File server and create a new folder called "user files".

Right click on the folder, select Properties->Sharing->Advanced Sharing->check Share this Folder->add a $ to the end of the share name.

The $ symbol hides the folder by default.

Set custom share permission controls as needed. For the home lab, full control was given for ease of access, and NTFS permissions edited later.

Add Domain Users to share permissions after editing permission controls.

share folder
Test the share folder was created properly by logging into a client VM->File Explorer->type path \\File\user files$.
Create Home Folders

On the DC (NAT) server, go to Active Directory Users and Computers, make a new OU named for general users (_PERSONS).

Create a new user in the _PERSONS OU (person1).

Right click the new user, select Properties->Profile->Set profile path to \\File\user files$\%username%.

%username% will automatically fill in the username if the profile is copied for new users.

Create a home folder by selecting a drive (S:) and set the path to \\File\user files$\%username%.

home folder
Confirm the new home folder was created by logging into the user on a client VM, create a test document, then check the file server to see the updated folder.
Setup WAN/remote access from NAT Server

On the DC (NAT) server, use Add Roles and Features Wizard to add Remote Access. Select Routing under Role Services and continue default setup.

Go to Routing and Remote Access->right click Configure and Enable Routing Access->NAT->Select the network adapter that connect to WAN (Internet).

setup nat

Login to a client VM to confirm it has internet access now through the internal switch.

Under DC (NAT) server, go to the Systems menu in Control panel->remote settings->Allow

Select users that will have remote access (for the home lab I allowed all domain users).

remote access
Test remote access by logging into a client VM->run Remote Desktop Connection->enter DC-NAT->login with a domain user.
Create a Startup Script

Create a startup script by opening notepad (as admin) and save in path \\DC-NAT\NETLOGON.->All File types->startup.vbs.

Type Wscript.Echo "Hello world." to use as a test script.

startup script
To add the script to a particular user, right click their profile in AD->Properties->Profile->Enter the file name in the startup script textbox.
Modify a Group Policy

In Server Manager, select Tools->Group Policy Management->right click the domain->Create a GPO in this Domain, and link it here.

Name the new GPO as _ALLOW_REMOTE_DESKTOP->right click the new GPO->Edit...

Select Computer Configuration->Policies-Administrative Templates-Windows Components->Remote Desktop Services->Remote Desktop Session Host->Connections->Allow users to connect remotely by using Remote Desktop Services->Enable.

setup gpo

To test the new GPO, go to command prompt on the VM used and type gpupdate to force the new policy onto the VM.

The command gpresult /r can be used to list Resultant Set of Policy (RSOP) to see if the new GPO applied.