- Microsoft Azure (Virtual Machines/Compute)
- Remote Desktop
- Active Directory Domain Services
- PowerShell
- Windows Server 2022
- Windows 10 (21H2)
First, using Azure, create a Resource Group. Now, create 2 Virtual Machines(VMs). One will be the Domain Controller and the other will be the Client. To create the Domain Controller, give the VM a name as well as assign it to the Resource Group created before.
Now for the image use Windows Server 2022. It is recommended for the size to use 2 vcpus.
Give the admin log in credentials that can be remembered or just write them down in notepad. Now, click "Next" until reaching the "Networking" tab. Take note of the "Virtual Network" created. This will be important when creating the Client VM. Check the box under Licensing then "Review and create" the VM.
Now, create the Client VM. Same thing as the first one except the image should be using Windows 10.
Click, Next until reaching the Networking tab. Make sure the Virtual Network is the same as the Domain Controller. Now Review and create.
Now it's time to set the Domain Controller's NIC Private IP to static. Go to the Domain Controller and click on the "Networking" tab. Next, click on the "Network Interface."
Now, go the "IP configurations" tab and click on the IP configuration.
Now, change the Allocation from "Dynamic" to "Static." Then click Save.
Now, using the user and password created before, login to the Client with it's IP address in Remote Desktop Connection.
Now, using Command Prompt, ping the Domain Controller with it's Private IP Address. Type in "ping (Your DC Private IP) -t" to perpetually ping. For now it will time out.
ping 10.0.0.4 -t
Next its time to enable ICMPv4. First, login to the Domain Controller VM then open "Windows Defender Firewall with Advanced Security"
Click on "Inbound Rules" and Sort by "Protocol". Look for the rules with "Core Networking Diagnostics - ICMP Echo Request(ICMPv4-In)" There will be two of them (Both on the bottom of the image below)
Right-click and Enable both rules. Now go back to the Client VM and check on the command prompt. It should now be properly pinging the Domain Controller.
Now time to Install Active Directory. Go to the Domain Controller. In "Server Manager" click on "Add roles and features."
Click "Next" until reaching the "Server Roles" section. Now, check the box next to "Active Directory Domain Services" then "Add Features."
Click Next until reaching the "Confirmation" tab then click "Install." It may take a while to install. Once it says "Configuration required. Installation succeeded on (Your DC name here). Click "Close"
Towards the top-right corner of the Server Manager window, there will be a flag and a yellow triangle with a "!" symbol. Click on that then "Promote the server to a domain controller"
A window will pop up for a Configuration Wizard. Check the bubble next to "Add a new forest" then give it a domain (Example in image below) Click next.
Give it a DSRM password (Required but wont be used in this tutorial) Click next.
Next, the NETBIOS domain will be made. This may take a moment. Once it is made, Click next until reaching the "Prerequisites Check" tab. This process will take a moment. Now click "Install"
After Installing the VM will reboot. Once it is rebooted, Log back into the Domain Controller with the domain name and the username. Example below.
Once logged in, using Server Manager click on tools in the top-right corner. Next click on "Active Directory Users and Computers."
In the Domain container, create a new "Organizational Unit"
Name the OU "_ADMINS", then click OK. In the "_ADMINS" tab, create a new "User"
Name this anything. Just remember the user and password. Uncheck the box that is next to "User must change password at next logon." This wont be necessary. Click next then click Finish.
Now add this user to the "Domain Admins" security group. Right-click on the user create, then click "Properties." Click on the "Members of" tab, then click "Add."
Type "domain" in the box under "Enter the object names to select:" then click "Check Names"
Choose the "Domain Admins" option then click OK
Now, click "Apply." The user has successfully been added to the Domain Admins security group. Click OK. Now logout of the Domain controller and re-log as the user just created.
First, on Azure go to the Client VM. Next, go to the Networking tab and click on the Network Interface.
Next, go to the "DNS Servers tab and create a custom DNS Server. Add a custom server using the Domain Controller's Private IP address. Example Below.
Now click "Save" Next go back to the Client and click "Restart in the "Overview" tab
Once the Client is restarted, login to the client with Remote Desktop as the admin account created.
Once logged in go to Settings>System>About and click on "Rename this PC(advanced)"
Now Click on "Change..."
Now check the bubble next to "Domain" then type in the domain name (Your own domain name). There should be window that pops up for a login. Use the admin previously created to login. Example below:
Success. The VM will now restart after a short period.
Now, log into the Domain Controller. Go back to Server Manager>Tools>Active Directory Users and Computers. Under the Domain container, go to the "Computers" tab. It should show that the client has been added to the list.
Now, log into the Client as the admin user created and go to System Settings>Remote Desktop. Click on "Select users that can remotely access this PC" Next click Add.
In the box at the bottom, type in "Domain Users" and Check Names. Next click OK.
In the Domain Controller, open "Windows PowerShell ISE." Make sure to open it as Administrator. Click "New File" in the top left corner.
Next, copy and paste the script from this link into the text editor.
https://github.com/joshmadakor1/AD_PS/blob/master/Generate-Names-Create-Users.ps1
Choose "1_CREATE_USERS.ps1".
Run "Set-ExecutionPolicy Unrestricted" in the command line.
Set-ExecutionPolicy Unrestricted
Change directory to script.
cd C:\Users\tsmith\Desktop\1_CREATE_USERS.psy
Now, click the Run button to run the script. This will start creating domain users with usernames and passwords (The Password for these users will be "Password1") Example below:
Go to Server Manager>Tools>Active Directory Users and Computers. Under the "_EMPLOYEES" tab, look at all of the users created from the script.
These names are all randomly generated. Choose one and log into the Client VM with the username it is assigned. (Remember the password is "Password1)
Congrats! You completed this tutorial.
Active Directory is crucial for organizations to effectively control their network traffic and prevent unauthorized access to internal networks or leakage of information to external parties. Understanding and learning about Active Directory is a fundamental principle for all IT professionals, regardless of their specific roles. Hope you found this blog both informative and valuable.