Active Directory - Lab Setup

Setting up DC

Preqrequisite :

Windows server 2019 : https://www.microsoft.com/en-in/evalcenter/evaluate-windows-server-2019


Setting up DNS :

DNS is an important prerequisite of Active Directory. Without it, Active Directory will not function, or should we say, you can’t install or promote a server to a domain controller. Active Directory heavily relies on DNS.

  • So first we will open up our network adapter settings in control panel

https://raw.githubusercontent.com/CsEnox/csenox.github.io/master/img/Creation%20cdacc01bf81e49d4915e934d11de640a/Untitled.png

  • Next will go to its properties and setup IPv4 with our DNS server address :

https://raw.githubusercontent.com/CsEnox/csenox.github.io/master/img/Creation%20cdacc01bf81e49d4915e934d11de640a/Untitled%201.png

https://raw.githubusercontent.com/CsEnox/csenox.github.io/master/img/Creation%20cdacc01bf81e49d4915e934d11de640a/Untitled%202.png

https://raw.githubusercontent.com/CsEnox/csenox.github.io/master/img/Creation%20cdacc01bf81e49d4915e934d11de640a/Untitled%203.png

Thats all we have to do to setup DNS on our Windows Server 2019.


Changing Machine Name

  • Settings → System → About → Rename this PC

https://raw.githubusercontent.com/CsEnox/csenox.github.io/master/img/Creation%20cdacc01bf81e49d4915e934d11de640a/Untitled%204.png

  • We named it vDC-01 :
v - Virtual
DC - Domain Controller
01 - First Domain Controller

Installing Active Directory

  • First we will go to Manage → Add Roles and Features

https://raw.githubusercontent.com/CsEnox/csenox.github.io/master/img/Creation%20cdacc01bf81e49d4915e934d11de640a/Untitled%205.png

  • Now just follow the screenshots :

https://raw.githubusercontent.com/CsEnox/csenox.github.io/master/img/Creation%20cdacc01bf81e49d4915e934d11de640a/Untitled%206.png

https://raw.githubusercontent.com/CsEnox/csenox.github.io/master/img/Creation%20cdacc01bf81e49d4915e934d11de640a/Untitled%207.png

https://raw.githubusercontent.com/CsEnox/csenox.github.io/master/img/Creation%20cdacc01bf81e49d4915e934d11de640a/Untitled%208.png

https://raw.githubusercontent.com/CsEnox/csenox.github.io/master/img/Creation%20cdacc01bf81e49d4915e934d11de640a/Untitled%209.png


Promoting Server to Domain Controller

⇒ So when we startup Server Manager we see the following Alert saying that we need to configure some thing for AD Domain Services to promote it to a DC.

https://raw.githubusercontent.com/CsEnox/csenox.github.io/master/img/Creation%20cdacc01bf81e49d4915e934d11de640a/Untitled%2010.png

  • So first we will have to create a new forest with whatever root domain name you like.

https://raw.githubusercontent.com/CsEnox/csenox.github.io/master/img/Creation%20cdacc01bf81e49d4915e934d11de640a/Untitled%2011.png

  • Next we just set DSRM Password

https://raw.githubusercontent.com/CsEnox/csenox.github.io/master/img/Creation%20cdacc01bf81e49d4915e934d11de640a/Untitled%2012.png

  • We dont need to create DNS delegation.

https://raw.githubusercontent.com/CsEnox/csenox.github.io/master/img/Creation%20cdacc01bf81e49d4915e934d11de640a/Untitled%2013.png

  • Next we have the option to set our NETBIOS Name

https://raw.githubusercontent.com/CsEnox/csenox.github.io/master/img/Creation%20cdacc01bf81e49d4915e934d11de640a/Untitled%2014.png

  • Finally we finish and install

https://raw.githubusercontent.com/CsEnox/csenox.github.io/master/img/Creation%20cdacc01bf81e49d4915e934d11de640a/Untitled%2015.png


So now our Domain Controller is ready to be used. When it reboots we get the following login :

https://raw.githubusercontent.com/CsEnox/csenox.github.io/master/img/Creation%20cdacc01bf81e49d4915e934d11de640a/Untitled%2016.png


Adding Users

⇒ We will go to our windows start menu and go into Windows Administrative Tools and open up Active Directory Users and Computers

https://raw.githubusercontent.com/CsEnox/csenox.github.io/master/img/Creation%20cdacc01bf81e49d4915e934d11de640a/Untitled%2017.png

https://raw.githubusercontent.com/CsEnox/csenox.github.io/master/img/Creation%20cdacc01bf81e49d4915e934d11de640a/Untitled%2018.png

  • First we will be creating OU ( Organizational Unit ) for Groups and Users under IN ( India - Country ) OU.

https://raw.githubusercontent.com/CsEnox/csenox.github.io/master/img/Creation%20cdacc01bf81e49d4915e934d11de640a/Untitled%2019.png

  • Next we moved the groups from Users to the OU we created for Groups :

https://raw.githubusercontent.com/CsEnox/csenox.github.io/master/img/Creation%20cdacc01bf81e49d4915e934d11de640a/Untitled%2020.png

  • Next we will be creating a user in Users OU

https://raw.githubusercontent.com/CsEnox/csenox.github.io/master/img/Creation%20cdacc01bf81e49d4915e934d11de640a/Untitled%2021.png

https://raw.githubusercontent.com/CsEnox/csenox.github.io/master/img/Creation%20cdacc01bf81e49d4915e934d11de640a/Untitled%2022.png

  • We set samname as rkumar which is the username the person will use to login.

  • Next we set password : P@ssw0rd

https://raw.githubusercontent.com/CsEnox/csenox.github.io/master/img/Creation%20cdacc01bf81e49d4915e934d11de640a/Untitled%2023.png

https://raw.githubusercontent.com/CsEnox/csenox.github.io/master/img/Creation%20cdacc01bf81e49d4915e934d11de640a/Untitled%2024.png


Setting up Client

Prerequisites

Windows 10 Enterprise : https://www.microsoft.com/en-in/evalcenter/evaluate-windows-10-enterprise


Connecting our client to DC01

  • First lets open up network adapter properties and change the ipv4 settings to use DC01 dns address : 192.168.51.133

https://raw.githubusercontent.com/CsEnox/csenox.github.io/master/img/Creation%20cdacc01bf81e49d4915e934d11de640a/Untitled%2025.png

https://raw.githubusercontent.com/CsEnox/csenox.github.io/master/img/Creation%20cdacc01bf81e49d4915e934d11de640a/Untitled%2026.png

https://raw.githubusercontent.com/CsEnox/csenox.github.io/master/img/Creation%20cdacc01bf81e49d4915e934d11de640a/Untitled%2027.png

  • Next we will connect to the domain lexi.local :
    • First we open up System Properties

    https://raw.githubusercontent.com/CsEnox/csenox.github.io/master/img/Creation%20cdacc01bf81e49d4915e934d11de640a/Untitled%2028.png

    • Next we will set the Domain to lexi.local

    https://raw.githubusercontent.com/CsEnox/csenox.github.io/master/img/Creation%20cdacc01bf81e49d4915e934d11de640a/Untitled%2029.png

    https://raw.githubusercontent.com/CsEnox/csenox.github.io/master/img/Creation%20cdacc01bf81e49d4915e934d11de640a/Untitled%2030.png

    https://raw.githubusercontent.com/CsEnox/csenox.github.io/master/img/Creation%20cdacc01bf81e49d4915e934d11de640a/Untitled%2031.png

  • Next we just restart our client and we can login as user rkumar ( raj kumar ) on this machine

https://raw.githubusercontent.com/CsEnox/csenox.github.io/master/img/Creation%20cdacc01bf81e49d4915e934d11de640a/Untitled%2032.png

⇒ Going back to our DC01 and opening up Active Directory Users and Computers settings and we see that our CLIENT01 machine was sucessfully connected to domain.

https://raw.githubusercontent.com/CsEnox/csenox.github.io/master/img/Creation%20cdacc01bf81e49d4915e934d11de640a/Untitled%2033.png


⇒ The lab is now ready and you can practise any attacks you want.