A Homelab is an environment in your home used to practice and improve your skills in a specific field. This home lab has components and tools similar to large-scale infrastructures. It’s a safe environment to work with these components and learn how they work.
This post will briefly walk through how I set up my Active Directory home lab Environment using VMWare; I will also touch on some Microsoft 365 basics.
I’ll be using VMware Workstation 15.5 Pro as my hypervisor for this lab. VirtualBox is also a viable alternative Hypervisor. You can check out and download the VMware hypervisor here.
This portion of the lab aims to set up an Active Directory domain, with a Windows 2019 Server as the Domain Controller and a Windows 10 machine that will join the created Domain as a client.
Content
- What is Active Directory
- Configuring Windows Server as a Domain Controller
- Configuring Windows 10 Desktop & Joining the PC to the Active Directory Domain
- Creating and Managing Group Policy Objects
- Creating and Managing User Accounts in Microsoft 365
- Conclusion
As I stated above, I will briefly highlight the steps I took to build this lab. If you would like a more detailed or well-guided format to set up the lab, you can check out the Cyber Mentor’s youtube guide for an Active Directory Hacking Lab.
We will first cover a few concepts.
What is Active Directory (AD)?
We will start with what a domain is. Domains are a combination of all your objects on the same network, i.e., users, systems, networks, and servers. It holds information about the objects it contains. Every Domain is associated with a Domain Controller. A Domain Controller is a server computer that handles security authentication requests within a computer domain. It is a network server responsible for allowing host access to domain resources, i.e., it acts as a gatekeeper authenticating users and authorizes their access to a resource, and enforces security policies for a domain. It does this using AD.
Active Directory is a database used to manage users and computers on the network. It is a feature of Windows Server, and it stores critical information about your environments like users, computers, and other devices on the network. It assists system administrators in securely managing this information and organizing the organization’s resources.
Configuring Windows Server as a Domain Controller
In this section, you will download and set up the Windows server; create a local domain, and configure the Windows Server to be a Domain Controller.
I’ll be using The Cyber Mentor’s youtube guide for an Active Directory Hacking Lab (check it out for a more comprehensive guide). You can use this link to download the Windows 2019 Server Evaluation Copy.
Details for Windows Server Installation
- Install in VMware with defaults
- Do not worry about a product key; simply click Next
- At the end of the installation, set the Network Adapter to NAT
- Make sure to UNCHECK Power on this virtual machine after creation
- After the VM has been installed, click Edit virtual machine settings and remove the Floppy drive.
- Power on the Virtual Machine and immediately click any key.
- Click Next.
- Click Install Now.
- Select the Windows Server 2019 standard Evaluation (Desktop Experience)
- Accept the License Terms.
- Click Next.
- Select the Custom Install.
- Click New.
- Click Apply.
- Click OK.
- Click Next.
- When that is complete, create a password (let this be a simple password that you can remember).
After the installation, you should end up with this screen
Next, we rename the server. To do this
- Navigate to Settings in the search bar
- Search for Settings in the search bar
- Search for pc name in the settings search
- Select Rename PC and rename the PC to a name of your choice
- Select Restart Now
In my case, I had the name changed to SERVER-PC
Install AD DS and Create a Domain
Next, we will install Active Directory.
After the reboot
- Open the Server Manager Dashboard
- Click Manage (among the tabs in the upper right corner)
- Add Roles and Features
- Keep clicking Next till you get to the Server Roles menu.
- Select Active Directory Domain Services. Select Add Features
- Click on Next till you get to the Confirmation menu, then click Install
- After the Install, Click Close
To create the Domain and configure the server as the domain controller
- On the home screen (Dashboard) of Server Manager
- Click on the flag with the yellow caution triangle
- Select Promote this server to a domain controller
- Select Add a new forest
- Specify a domain name
- Click Next
- Set a Password
- Click Next till you get to the Prerequisites Check Menu
- Click Install
- Wait for the Reboot
- Manually restart the server for all the settings to take effect.
Your screen should look sth like this when you log in, showing that the Domain is up and running. I created a domain called HOMELAB.local.
Creating Users
Here it gets a little exciting, to add users to the Domain use these steps:
- Go to the Server Manager
- Select Tools
- Select Active Directory Users and Computers
- Select your Domain Name > Users, Right Click & Select New > User
Enter a First, Last & User logon name for the user (Disregard the “WIN10” and just set a preferred logon name).
So here I made two users, John Doe and Jane Forster
Managing User Accounts
We can do a couple of things here; we can unlock the account, reset the user’s password or disable the user’s account
I had also added John Doe to the Domain Admins group, which means John Doe has admin privileges.
We will note down the IP address of our server; this will be important when joining our Windows 10 machine to the Domain. You do this by selecting Command Prompt on the search bar and executing the command ipconfig.
Configuring Windows 10 Desktop & Joining the PC to the AD Domain
Here, we will download, set up the Windows 10 host machine, and join it to the domain. This portion of the lab is pretty easy to set up. You can download the Windows 10 ISO file here. Both the configuration and installation are similar to that of the Windows Server.
Important Details for Windows Server Installation
- Install in VMware with defaults
- Do not worry about a product key; simply click Next
- At the end of the installation, set the Network Adapter to NAT
- Make sure to UNCHECK Power on this virtual machine after creation.
- After the VM has been installed, click Edit virtual machine settings and remove the Floppy drive.
- Use the same configuration steps as the Domain controller:
- Install
- Accept license terms
- Use Custom Install
- Select New > Apply > OK > Next
- Set the first user and the password (Remember from the DC configuration)
- Set the security answers
- Uncheck ALL the privacy settings, then select Accept
- Choose Not Now for Cortana
- Search pc name and change the PC Name according to the designated users, e.g., JOHNDOE-PC
- Restart the PC
Joining the PC to the Domain
To Join the PC to your local Domain, follow these steps:
- Navigate to Network Adapter settings
- Right-click on Ethernet0 and select Properties
- Select IPV4
- Use the IP address of your server (we took note of this earlier) as the Preferred DNS Server.
- Search domain and select Access work or school
- Select Connect > Join this device to the local Active Directory Domain
- Enter your domain name.local (HOMELAB.local for me)
- Enter the Username: Administrator and the password of your DC
- Select Skip
- Restart and sign in using the Administrator user account from the created Domain
As we can see, the computer JOHNDOE-PC successfully joined the HOMELAB.local Domain.
If we go back to the domain controller, check the domain, and navigate to the Computer Organizational Unit, we will see that the Windows 10 machine is now part of the Domain.
Creating and Managing Group Policy Objects
Group Policy is another important tool located in the DC. It is used to configure the settings for computers and users in a domain. Group Policy is primarily a security tool that allows a network administrator to manage and apply security settings to users and computers. It uses GPOs (group policy objects) to manage client settings, e.g., permission to access specific tools, configure desktop settings, etc.
To use group policy, follow these steps:
- Go to the Server Manager
- Select Tools
- Select Group Policy Management
To emulate an actual business a little bit, I created an organizational unit (Company) and sub-organizational units (IT Support and HR) for this task. We will create a GPO that will be applied to objects (computers and users) in the IT Support sub-organizational unit. By default, users are unable to change the screen saver options. We will enable this setting for users in the IT Support organizational unit
To create a group policy object:
- Select the Domain and right-click
- Select Create a GPO in this Domain, and Link it here
- You can name the GPO Test GPO as I did
- To set the configurations, right-click on the new GPO
- Select Edit
- Select User Configurations (this applies to users while the Computer configuration applies to pcs)
- Select Policies
- Select Administrative Templates
- Select Control Panel
- Select Personalization
- Select Enable Screen Saver
You will see something similar to the image above.
Then we will go back and attach this GPO to the IT Support sub-organizational unit
- Right-click on the IT Support sub-OU
- Select Link an Existing GPO
- Select the right GPO
We successfully created and linked a GPO to an OU
To delete a GPO:
- Navigate to Group Policy Objects
- Select the GPO you want to delete
- Right-click and select Delete
Note: We could just go straight to creating and linking the new GPO under the IT Support OU instead of creating it under the Domain. So you could go to the Domain and delete the link to the Test GPO, so that it only applies to the IT Support GPO.
Creating and Managing User Accounts in Microsoft 365
Microsoft 365 is a cloud-based suite of apps and services centered around business productivity. Microsoft 365 enables members to create, share and collaborate securely on any device. It includes some apps you’re probably already familiar with, like Microsoft Outlook, Word, PowerPoint, and Excel. Depending on the plan you get, subscriptions can include apps and services like Skype for Business, SharePoint, OneDrive, Teams, Yammer, Planner, and much more, along with robust productivity, collaboration, and security features.
Microsoft 365 is a monthly, per-user subscription. There are a variety of plans to choose from depending on your specific needs. Plans can be mixed and matched in your business, and you can change plans at any time.
The goal is to get familiar with the Microsoft 365 Admin Center; we will create and manage user accounts for our AD users.
There are home-based, education-based, business-based, and enterprise-based plans for users in MS 365. We can leverage the Microsoft 365 one-month free trial option for any of the plans. For this lab, I chose the Microsoft 365 business basic plan.
Here is the link to choose and sign-up for the plan. Just follow the steps to set up your account and sign in. Note, I used the domain Administrator account in Windows 10 for this part of the lab.
When you sign in, you should see something similar to this.
To navigate to the Admin Center page. Follow these steps:
- Select the App Launcher (at the top left corner to view the available apps)
Select Admin
This will take you to the Microsoft Admin Center Screen as shown above
To Create MS 365 Users, follow the steps:
To create and set up users in the admin center.
- Select the Navigation Menu
- Select Users
- Select Active Users
- Select Add a User (you will see your administrator user account under users)
- Follow the steps and Fill in the details of your user
- Select Assign user a product license and select the available license
- Select the default User role for your user
- Review the details and select finish
Here I have an account successfully created for my John Doe user. John Doe can use this account to sign in and use the available resources from any device.
You manage user accounts here. For example
You can reset the password for your user, edit the user’s information and licenses, and delete the user.
You can also manage the roles assigned to the user.
Restoring Deleted Files
Given the scenario, John Doe signs in and creates a word document for a task and later deletes the document. If he needs to retrieve it, John Doe (or a user with admin access) can go to his OneDrive app and head to the recycle bin to restore the deleted document. This is one option.
There’s an alternative that involves using SharePoint that can only be done with admin access (this option is helpful if for some reason, you can’t see the user’s recycle bin in their OneDrive):
- Navigate to the SharePoint admin center by selecting SharePoint in the navigation menu in Admin Center.
- Select More features.
- Select User Profiles.
- Select Manage User Profiles.
- Search for the user.
- Select User.
- Select the drop-down icon and select Manage Personal Site
- In Site Settings, select Recycle bin under Site Collection Administration
If it’s empty, you can go a step further by clicking the Second-Recycle Bin (users can delete docs from their recycle bin, you can find and restore the deleted doc here).
Conclusion
Active Directory and Microsoft 365 are tools used by businesses and enterprises to manage users, streamline tasks and processes, and boost productivity. IT professionals and admins need to be familiar with these tools to support their organizations effectively. I hope you found this post useful