Configure a domain controller

Infrastructure 

For this example we will have three virtual machines, the host (physical) machine, and a Router/NAT device.

 

Overview

I will be going through how to configure DC1 using PowerShell as a domain controller, a DNS server, a DHCP server, and a print server.

Previously I have created three files ConfigureDC1.ps1, CreateUsers.ps1 and NewUsers.csv. Which can be found here. Be sure to reference the comments within the scripts for deeper understanding of each script and to change to desired domain name.

I will also link how to set-up your NAT network for both VMware and Virtual Box.

 

Configuration of DC1

While it isn't necessary, to make things more convenient in the future I'd recommend adding PowerShell ISE to the taskbar of DC1. To do so, click the Windows button (on DC1), click the Windows PowerShell dropdown, right-click Windows PowerShell (not Windows PowerShell (x86), unless you are on a 32-bit machine), select More, and then select Pin to Taskbar. Repeat for Windows PowerShell ISE.

1. Create a folder on your desktop and copy provided files into it

2. Open Powershell on DC1 and enter the command below to create a Setup folder on DC1.

mkdir c:\Setup

 3. Open File Explorer on DC1. Copy the files from your host computer to the Setup folder on DC1

 4.  On the DC1 virtual machine, right-click ConfigureDC1.ps1 and select Edit to open it in the PowerShell ISE on DC1. The commands below may be executed from ConfigureDC1.ps1 by selecting the appropriate command(s) in the ISE’s Script Window and either clicking the Run Selection button on the toolbar (highlighted below) or pressing F8.

                                                                 

!!Be careful not to click the Run Script button (immediately to the left of the highlighted Run Selection button in the diagram above). You do not want to run the entire script in one go.!

         5. In the lower pane of the PowerShell ISE, enter the hostname command. Notice the Windows machine name is not DC1.    

 

 

 

 

 

 

 

 

 

 

            6. Select the commands below, on lines 23 and 24 in ConfigureDC1.ps1, and press F8 to rename the computer. This requires a reboot. After the reboot, try the hostname command again.

             Rename-Computer -NewName DC1

             Restart-Computer    

      7.     Enter the ipconfig /all command to see the machine’s IP address. This was obtained from VMware’s built-in DHCP server. Notice the output states DHCP Enabled, Now set the IP address and time zone manually by selecting lines 30 thru 35 and pressing F8 or the Run selection button (note the use of the back tick character to continue a single PowerShell command on the next line). After doing this, try the ipconfig /all command again. 

 

#Set IP Address

    New-NetIPAddress -IPAddress 192.168.12.3 `

    -PrefixLength 24 `

    -DefaultGateway 192.168.12.2 `

    -InterfaceAlias Ethernet0

 

#Set TimeZone

    Tzutil.exe /s "Pacific Standard Time"

 

 

        8. Install Active Directory and DNS (When prompted for a Safemode Password, make one up).This will take 2 or 3 minutes to run and will end with the machine rebooting. The reboot is very slow (3 or 4 minutes perhaps) as the new machine settings are applied.
 

#Install ADDS Role and Mgt Tools

    Install-WindowsFeature AD-Domain-Services -IncludeManagementTools

 

#Import ADDSDeployment Module

    Import-Module ADDSDeployment

 

#Install a new AD Forest

    Install-ADDSForest `

    -CreateDnsDelegation:$false `

    -DatabasePath "C:\Windows\NTDS" `

    -DomainMode " WinThreshold " `

 

    -DomainName "changeme!.pri" `            #Changes needed

    -DomainNetbiosName "changeme!" `         #Changes needed

    -ForestMode " WinThreshold " `

    -InstallDns:$true `

    -LogPath "C:\Windows\NTDS" `

    -NoRebootOnCompletion:$false `

    -SysvolPath "C:\Windows\SYSVOL" `

    -Force:$true

 

#Set DNS Forwarder

    Set-DnsServerForwarder -IPAddress 8.8.8.8 -ComputerName DC1 

 

           9. Login to DC1. Notice that you are logging in as the Domain Administrator (changeme!\Administrator), not as the machine administrator. Because DC1 is now a domain controller, its local accounts no longer exist.
 
    Continue, step by step, with the rest of the ConfigureDC1.ps1 script, from line 59 to the end, observing the effect of each set of PowerShell commands as you go:

Install DHCP

Add Server to Active Directory

Create a DHCP Scope

Create the \\dc1\Setup share

Add Printers

Add Organizational Units to Active Directory

Add Users to Active Directory <- Line 139. Do not skip or you will have no domain users!

You will be prompted to enter a password that will apply to all the new domain accounts. You will need to remember this password for later labs. I used P@ssw0rd (as usual – I can remember it!).
 
 

 

at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

VLAN Configuration

  Addressing Table Device Interface IP Address Subnet Mask VLAN PC1 NIC 172.17.10.21 255.255.255.0 10 PC2 NIC 172.17.20.22 255.255.255.0 20 ...

  • Dav TryHackMe
      Dav  boot2root machine for FIT and bsides guatemala CTF   Link to room           Overview DAV is another easy room that will show you the ...
  • Anonforce
      Anonforce boot2root machine for FIT and bsides guatemala CTF       Link to room         Overview      Anonforce is on the easier side of t...