{"id":24735225,"url":"https://github.com/drewmarsh/on-premises-active-directory-configuration","last_synced_at":"2026-05-09T14:48:07.345Z","repository":{"id":273254866,"uuid":"918745189","full_name":"drewmarsh/on-premises-active-directory-configuration","owner":"drewmarsh","description":"Active Directory Domain-controller/Client configuration with a bulk user creation script for simulating employees","archived":false,"fork":false,"pushed_at":"2025-01-19T19:11:16.000Z","size":2799,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-01-27T20:22:18.251Z","etag":null,"topics":["active-directory","azure","domain-controller","system-administration"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/drewmarsh.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-01-18T18:40:11.000Z","updated_at":"2025-01-19T19:11:17.000Z","dependencies_parsed_at":"2025-01-19T20:19:17.530Z","dependency_job_id":"454e80d1-62b6-44c1-9d7d-f91329443596","html_url":"https://github.com/drewmarsh/on-premises-active-directory-configuration","commit_stats":null,"previous_names":["drewmarsh/on-premises-active-directory-configuration"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/drewmarsh%2Fon-premises-active-directory-configuration","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/drewmarsh%2Fon-premises-active-directory-configuration/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/drewmarsh%2Fon-premises-active-directory-configuration/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/drewmarsh%2Fon-premises-active-directory-configuration/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/drewmarsh","download_url":"https://codeload.github.com/drewmarsh/on-premises-active-directory-configuration/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":244990069,"owners_count":20543614,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["active-directory","azure","domain-controller","system-administration"],"created_at":"2025-01-27T20:22:19.966Z","updated_at":"2026-05-09T14:48:02.320Z","avatar_url":"https://github.com/drewmarsh.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n \u003ca href=\"https://github.com/drewmarsh/on-premises-active-directory-configuration\"\u003e\n \u003cimg src=\"/images/active-directory.png\" alt=\"AD Logo\"\u003e\n \u003c/a\u003e\n\n \u003ca href=\"https://github.com/drewmarsh/on-premises-active-directory-configuration\"\u003e\n \u003cimg src=\"/images/network-diagram.png\" alt=\"Network Diagram\"\u003e\n \u003c/a\u003e\n\u003c/p\u003e\n\n# ๐Ÿง  Technologies Used\n- Active Directory Domain Services\n- Microsoft Azure (Cloud computing)\n- Microsoft Remote Desktop\n- PowerShell\n- Windows Server 2022\n- Windows 10 Pro, version 22H2\n\n# โš™๏ธ Deployment \u0026 Configuration\n\n### ๐Ÿ–ฅ๏ธ Create both Azure Virtual Machines [(example guide)](https://github.com/drewmarsh/azure-creating-VM)\n- **Client-1** running Windows 10 Pro, version 22H2 - x64 Gen2\n- **DC-1** running Windows Server 2022 Datacenter Azure Edition - x64 Gen2\n\n\u003e [!NOTE]\n\u003e Put both of these Azure Virtual Machines into a Resource Group called `DC-1_group`\n\n### ๐Ÿ›œ Configure static IP address on Domain Controller 1 (DC-1)\n1. Open the DC-1 virtual machine\n2. Navigate to `Networking` \u003e `Network settings` \u003e The name of the network interface (ex. `dc-1410`) \u003e `IP configurations`\n3. Select `ipconfig1`\n4. Change `Dynamic` to `Static`\n5. Click `Save`\n\n\u003cimg src=\"/images/static-ip.png\" alt=\"Static IP\"\u003e\n\n### ๐Ÿ“‹ RDP into DC-1 and enable ICMP rules\n\nAfter the domain controller fully initializes, minimize the Server Manager window for now.\n\n1. Use windows search to open 'Windows Defender Firewall'\n2. Select `๐Ÿ›ก๏ธ Advanced settings`\n3. Navigate to the 'Inbound Rules' tab\n4. Find the two rules labeled 'Core Networking Diagnostics - ICMP Echo Request (ICMPv4-In)'\n5. Right-click and select `Enable` on both rules\n\n\u003cimg src=\"/images/inbound-rules.png\" alt=\"Inbound Rules\"\u003e\n\n### ๐Ÿ“ฅ Install Active Directory on DC-1\n1. Open Server Manager\n2. Click `Manage` \u003e `Add Roles and Features`\n3. Click `Next` 3 times to get to the Server Roles tab\n4. Enable โ˜‘๏ธ ```Active Directory Domain Services```\n5. Click `Add Features`\n6. Click `Next` 3 more times until reaching the `Install` button\n7. When installation finishes, click `Close`\n\n\u003cimg src=\"/images/tick-ad-domain-services.png\" alt=\"Tick AD Domain Services\"\u003e\n\n\u003cimg src=\"/images/install-ad.png\" alt=\"Install AD\"\u003e\n\nIn the top-right of the Server Manager window:\n1. Click the flag icon with a warning notification\n2. Select 'Promote this server to a domain controller'\n\n\u003cimg src=\"/images/promote-server.png\" alt=\"Promote Server to a DC\"\u003e\n\nIn the Active Directory Domain Services Configuration Wizard:\n1. On 'Deployment Configuration' tab:\n - Tick โ˜‘๏ธ ```Add a new forest```\n - Enter \"mydomain.com\" in **Root domain name:**\n\n\u003cimg src=\"/images/deployment-config.png\" alt=\"Deployment Config\"\u003e\n\n2. On 'Domain Controller Options' tab:\n - Set secure password in both fields\n\n\u003cimg src=\"/images/set-password.png\" alt=\"Set Password\"\u003e\n\n3. On 'DNS Options' tab:\n - Ensure โ—ป๏ธ ```Create DNS delegation``` is unchecked\n\n4. Click `Next` until reaching 'Prerequisites Check' tab\n5. Click `Install`\n\n\u003cimg src=\"/images/click-install.png\" alt=\"Click Install\"\u003e\n\n\u003cimg src=\"/images/installing.png\" alt=\"Installing\"\u003e\n\n\u003e [!NOTE]\n\u003e Your connection to DC-1 will be lost and you'll need to RDP back using \"mydomain\\\" before your username\n\n\u003cimg src=\"/images/computer-is-restarting.png\" alt=\"Computer Is Restarting\"\u003e\n\n\u003cimg src=\"/images/new-credentials.png\" alt=\"New Credentials\"\u003e\n\nWhen the credentials are accepted, it will take a moment to load back to the desktop while the system waits for the Group Policy Client\n\n\u003cimg src=\"/images/wait-for-group-policy.png\" alt=\"Wait for Group Policy\"\u003e\n\n### ๐Ÿ“ Add Organizational Units for Employees \u0026 Admins\n\n1. In Server Manager, navigate to `Tools` \u003e `Active Directory Users and Computers`\n\n\u003cimg src=\"/images/users-and-computers.png\" alt=\"Users and Computers\"\u003e\n\n2. Create Organizational Units:\n - Right-click `mydomain.com` \u003e `New` \u003e `Organizational Unit`\n - Create \"_EMPLOYEES\"\n - Repeat process to create \"_ADMINS\"\n\n\u003cimg src=\"/images/employees.png\" alt=\"_EMPLOYEES\"\u003e\n\n\u003cimg src=\"/images/admins.png\" alt=\"_ADMINS\"\u003e\n\n### ๐Ÿ‘ฉโ€๐Ÿ’ป Add a new admin named Jane Doe\n\n1. Right-click `_ADMINS` \u003e `New` \u003e `User`\n2. Enter information:\n - **First name:** `Jane`\n - **Last name:** `Doe`\n - **User logon name:** `Jane_admin`\n\n\u003cimg src=\"/images/new-user.png\" alt=\"New User\"\u003e\n\n3. Set password:\n - Enter secure password\n - Uncheck โ—ป๏ธ ```User must change password at next logon```\n - Check โ˜‘๏ธ ```Password never expires```\n\n\u003cimg src=\"/images/jane-doe-password.png\" alt=\"Jane Doe Password\"\u003e\n\n4. Add to Domain Admins:\n - Right-click ๐Ÿ‘ค Jane Doe \u003e `Properties`\n - Navigate to 'Member of' tab\n - Click `Add...`\n - Enter \"domain admins\"\n - Click `Check Names` \u003e `OK`\n - Click `Apply` \u003e `OK`\n\n\u003cimg src=\"/images/domain-admins.png\" alt=\"Domain Admins\"\u003e\n\n5. Log out and log back in as Jane_admin\n\n\u003cimg src=\"/images/jane-logon.png\" alt=\"Jane Logon\"\u003e\n\n\u003cimg src=\"/images/jane-welcome.png\" alt=\"Jane Welcome\"\u003e\n\n### ๐ŸŒ Add DC-1's private IP as Client-1's DNS server\n1. On Client-1, navigate to:\n - `Networking` \u003e `Network settings` \u003e Network interface name \u003e `DNS servers`\n2. Change from `Inherit from virtual network` to `Custom`\n3. Enter DC-1's private IP address in the **Add DNS server** text field\n4. Click `Save`\n5. Restart Client-1\n\n\u003cimg src=\"/images/add-dns.png\" alt=\"Add DNS\"\u003e\n\n### ๐Ÿค Join Client-1 to the domain\n\n1. RDP into Client-1\n2. Test connection:\n - Open Command Prompt\n - Ping DC-1's IP (e.g., `ping 10.0.0.4`)\n - Verify response\n\n\u003cimg src=\"/images/ping-DC.png\" alt=\"Ping DC\"\u003e\n\n3. Join domain:\n - Navigate to `System` \u003e `About` \u003e `Rename this PC (advanced)` \u003e `Change...`\n - Enter \"mydomain.com\" in **Domain:** field\n - Enter credentials: \"mydomain.com\\Jane_admin\"\n - Restart Client-1\n\n\u003cimg src=\"/images/change-pc-name.png\" alt=\"Change PC Name\"\u003e\n\n\u003cimg src=\"/images/join-domain-with-admin-credentials.png\" alt=\"Join Domain with Admin Credentials\"\u003e\n\n4. Verify on DC-1:\n - Open `Active Directory Users and Computers`\n - Check `mydomain.com` \u003e `Computers`\n - Verify Client-1 is listed\n\n\u003cimg src=\"/images/client1-computer.png\" alt=\"Client-1 Computer\"\u003e\n\n### ๐ŸŒ Set-up Remote Desktop for Non-administrative Users on Client-1\n\n1. On Client-1 (as Jane_admin):\n - Open `Settings`\n - Navigate to `System` \u003e `Remote Desktop`\n - Click `Select users that can remotely access this PC`\n - Click `Add...`\n - Enter \"domain users\"\n - Click `Check Names` \u003e `OK`\n\n\u003cimg src=\"/images/domain-users.png\" alt=\"Domain Users\"\u003e\n\n### ๐Ÿ‘ฅ Bulk create Active Directory with script and test\n\n1. On DC-1 (as Jane_admin):\n - Open PowerShell ISE\n - Click `File` \u003e `New`\n - In the **Untitled1.ps1** text box, write your own or paste [this bulk user creation script](https://github.com/drewmarsh/active-directory-bulk-user-creation)\n - Click green Run Script button\n - Click red Stop Operation when desired users created\n\n\u003cimg src=\"/images/bulk-create-ad-users.png\" alt=\"Bulk Create AD Users\"\u003e\n\n2. Verify users:\n - Check `Active Directory Users and Computers`\n - Look in `_EMPLOYEES` folder\n\n\u003cimg src=\"/images/added-users-confirmed.png\" alt=\"Added Users Confirmed\"\u003e\n\n### ๐Ÿงช Testing a Random Newly Created User\n\n1. Attempt to RDP into Client-1 using one of the newly created Active Directory user credentials\n - If [the provided script](https://github.com/drewmarsh/active-directory-bulk-user-creation) script was used, the password for every account should be \"Password1\"\n\n\u003cimg src=\"/images/test-new-user.png\" alt=\"Test New User\"\u003e\n\n\u003cimg src=\"/images/user-test-success.png\" alt=\"User Test Success\"\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdrewmarsh%2Fon-premises-active-directory-configuration","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdrewmarsh%2Fon-premises-active-directory-configuration","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdrewmarsh%2Fon-premises-active-directory-configuration/lists"}