https://github.com/drewmarsh/on-premises-active-directory-configuration
Active Directory Domain-controller/Client configuration with a bulk user creation script for simulating employees
https://github.com/drewmarsh/on-premises-active-directory-configuration
active-directory azure domain-controller system-administration
Last synced: about 2 months ago
JSON representation
Active Directory Domain-controller/Client configuration with a bulk user creation script for simulating employees
- Host: GitHub
- URL: https://github.com/drewmarsh/on-premises-active-directory-configuration
- Owner: drewmarsh
- Created: 2025-01-18T18:40:11.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2025-01-19T19:11:16.000Z (over 1 year ago)
- Last Synced: 2025-01-27T20:22:18.251Z (over 1 year ago)
- Topics: active-directory, azure, domain-controller, system-administration
- Homepage:
- Size: 2.67 MB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# ๐ง Technologies Used
- Active Directory Domain Services
- Microsoft Azure (Cloud computing)
- Microsoft Remote Desktop
- PowerShell
- Windows Server 2022
- Windows 10 Pro, version 22H2
# โ๏ธ Deployment & Configuration
### ๐ฅ๏ธ Create both Azure Virtual Machines [(example guide)](https://github.com/drewmarsh/azure-creating-VM)
- **Client-1** running Windows 10 Pro, version 22H2 - x64 Gen2
- **DC-1** running Windows Server 2022 Datacenter Azure Edition - x64 Gen2
> [!NOTE]
> Put both of these Azure Virtual Machines into a Resource Group called `DC-1_group`
### ๐ Configure static IP address on Domain Controller 1 (DC-1)
1. Open the DC-1 virtual machine
2. Navigate to `Networking` > `Network settings` > The name of the network interface (ex. `dc-1410`) > `IP configurations`
3. Select `ipconfig1`
4. Change `Dynamic` to `Static`
5. Click `Save`
### ๐ RDP into DC-1 and enable ICMP rules
After the domain controller fully initializes, minimize the Server Manager window for now.
1. Use windows search to open 'Windows Defender Firewall'
2. Select `๐ก๏ธ Advanced settings`
3. Navigate to the 'Inbound Rules' tab
4. Find the two rules labeled 'Core Networking Diagnostics - ICMP Echo Request (ICMPv4-In)'
5. Right-click and select `Enable` on both rules
### ๐ฅ Install Active Directory on DC-1
1. Open Server Manager
2. Click `Manage` > `Add Roles and Features`
3. Click `Next` 3 times to get to the Server Roles tab
4. Enable โ๏ธ ```Active Directory Domain Services```
5. Click `Add Features`
6. Click `Next` 3 more times until reaching the `Install` button
7. When installation finishes, click `Close`
In the top-right of the Server Manager window:
1. Click the flag icon with a warning notification
2. Select 'Promote this server to a domain controller'
In the Active Directory Domain Services Configuration Wizard:
1. On 'Deployment Configuration' tab:
- Tick โ๏ธ ```Add a new forest```
- Enter "mydomain.com" in **Root domain name:**
2. On 'Domain Controller Options' tab:
- Set secure password in both fields
3. On 'DNS Options' tab:
- Ensure โป๏ธ ```Create DNS delegation``` is unchecked
4. Click `Next` until reaching 'Prerequisites Check' tab
5. Click `Install`
> [!NOTE]
> Your connection to DC-1 will be lost and you'll need to RDP back using "mydomain\" before your username
When the credentials are accepted, it will take a moment to load back to the desktop while the system waits for the Group Policy Client
### ๐ Add Organizational Units for Employees & Admins
1. In Server Manager, navigate to `Tools` > `Active Directory Users and Computers`
2. Create Organizational Units:
- Right-click `mydomain.com` > `New` > `Organizational Unit`
- Create "_EMPLOYEES"
- Repeat process to create "_ADMINS"
### ๐ฉโ๐ป Add a new admin named Jane Doe
1. Right-click `_ADMINS` > `New` > `User`
2. Enter information:
- **First name:** `Jane`
- **Last name:** `Doe`
- **User logon name:** `Jane_admin`
3. Set password:
- Enter secure password
- Uncheck โป๏ธ ```User must change password at next logon```
- Check โ๏ธ ```Password never expires```
4. Add to Domain Admins:
- Right-click ๐ค Jane Doe > `Properties`
- Navigate to 'Member of' tab
- Click `Add...`
- Enter "domain admins"
- Click `Check Names` > `OK`
- Click `Apply` > `OK`
5. Log out and log back in as Jane_admin
### ๐ Add DC-1's private IP as Client-1's DNS server
1. On Client-1, navigate to:
- `Networking` > `Network settings` > Network interface name > `DNS servers`
2. Change from `Inherit from virtual network` to `Custom`
3. Enter DC-1's private IP address in the **Add DNS server** text field
4. Click `Save`
5. Restart Client-1
### ๐ค Join Client-1 to the domain
1. RDP into Client-1
2. Test connection:
- Open Command Prompt
- Ping DC-1's IP (e.g., `ping 10.0.0.4`)
- Verify response
3. Join domain:
- Navigate to `System` > `About` > `Rename this PC (advanced)` > `Change...`
- Enter "mydomain.com" in **Domain:** field
- Enter credentials: "mydomain.com\Jane_admin"
- Restart Client-1
4. Verify on DC-1:
- Open `Active Directory Users and Computers`
- Check `mydomain.com` > `Computers`
- Verify Client-1 is listed
### ๐ Set-up Remote Desktop for Non-administrative Users on Client-1
1. On Client-1 (as Jane_admin):
- Open `Settings`
- Navigate to `System` > `Remote Desktop`
- Click `Select users that can remotely access this PC`
- Click `Add...`
- Enter "domain users"
- Click `Check Names` > `OK`
### ๐ฅ Bulk create Active Directory with script and test
1. On DC-1 (as Jane_admin):
- Open PowerShell ISE
- Click `File` > `New`
- In the **Untitled1.ps1** text box, write your own or paste [this bulk user creation script](https://github.com/drewmarsh/active-directory-bulk-user-creation)
- Click green Run Script button
- Click red Stop Operation when desired users created
2. Verify users:
- Check `Active Directory Users and Computers`
- Look in `_EMPLOYEES` folder
### ๐งช Testing a Random Newly Created User
1. Attempt to RDP into Client-1 using one of the newly created Active Directory user credentials
- If [the provided script](https://github.com/drewmarsh/active-directory-bulk-user-creation) script was used, the password for every account should be "Password1"
