Active Directory Setup

In this setup, we will configure two Domain Controllers and joining one client into the domain. But first you need to download the ISOs from Microsoft Evaluation Center:

• Windows Server 2022
• Windows 11 Enterprise

Domain Controller 1

1. Create a new VM and Boot
   
   For some reason the default VirtIO network model wasn't recognized by Windows, so I switched it to VMware vmxnet3:
   
2. Select your language
3. Install Windows Server 2022 Standard Evaluation (Desktop Experience)
   
4. Select Custom installation
   
5. Set the Administrator password
6. Rename the server
7. In the Server Manager click Add roles and features
8. Make sure Role-based or feature-based installation is selected
9. Select our server in the Server Selection
10. Select Active Directory Domain Services from the list:
    
11. Finish the Installation
12. Promote the Server to a Domain Controller:
    
13. Add a new forest:
    
14. Set a Directory Services Restore Mode (DSRM) password
15. Leave DNS delegation blank
16. Finish the Installation
17. After the reboot, select Active Directory Users and Computers
    
18. Create a new user:
    
    
19. Under settings, go to Network & Internet and select Change adapter options:
    
20. Set the preferred DNS to the IP of the first Domain Controller:
    

Windows Client

1. Create a new VM and follow the installation wizard
2. Under Network and Internetand Ethernet in the settings DNS server assignment and enter the IP of the Domain Controller (make sure this IP is static)
   
   
3. To join the Client into the Domain, navigate to Access work or school
   
4. Click Connect
5. Select Join this device to a local Active Directory domain and enter target.local
   
6. Now we should be able to log into the previously created account:
   
7. Add the new user as a Standard User
8. After a reboot you should now be able to sign in to the newly created user

^[1]

Domain Controller 2

1. Perform the steps from the previous Domain Controller up until step 12 Promote the Server to a Domain Controller
2. Under settings, go to Network & Internet and select Change adapter options:
   
3. Set the preferred DNS to the IP of the first DNS:
   
4. Now that we've ensured connectivity, we can proceed by promoting the server to a Domain Controller, but this time we select Add a domain controller to an existing domain and make sure it uses the Administrator user specified in TARGET.local\ not the local one:
   
5. Enter the DSRM password
6. Specify the Domain Controller 1 as the one we want to replicate from:
   
7. Finish the Installation
8. Now go back to Domain Controller 1 and change it's preferred DNS to the static IP of the second Domain Controller:
   

^[2]

Resources to Elaborate on This Simple Setup

• Orange-Cyberdefense/GOAD: game of active directory
  • Mayfly's GOAD on Proxmox Blog Series
• Best Practices for Securing Active Directory

Relevant Note(s):