Home Lab Network Topology
Home Lab Network Topology
Home Lab Network Topology
w/ Active Directory
Requirements:
Oracle VirtualBox: https://www.virtualbox.org/wiki/Downloads
Server 2019 ISO: https://www.microsoft.com/en-us/evalcenter/download-windows-server-2019
Windows 10 ISO: https://www.microsoft.com/en-us/software-download/windows10
Objective:
This home lab will create an Active Directory environment simulating an organization with over
1,000 users. This setup allows you to:
Enabling bidirectional drag and drop between your host machine and a virtual machine (VM) can be
convenient, but it also poses several security risks:
1. Malware Transmission:
○ Files transferred between the host and VM can carry malware, potentially infecting both
systems.
2. Data Leakage:
○ Sensitive data from the host could be unintentionally moved to the VM, compromising security.
3. Isolation Breach:
○ This feature can break the isolation between the host and VM, exposing both to risks.
4. Unauthorized Access:
○ A compromised VM could be used to exfiltrate data from the host machine.
Mitigation Strategies:
By taking these precautions, you can maintain a secure and effective home lab environment.
Processor/ CPU update
Using NAT so the domain controller can communicate/ connect to the internet through ISP
Adapter 1 will enable the VM to communicate with the router using NAT. The internal adapter will connect to th
internal network, allowing the Domain Controller to communicate with other internal VMs.
This is from the link provided when downloading the Server 2019
*
This may take a while, it is normal
It will restart by itself
To minimize the burden of memorizing multiple passwords, all passwords will be standardized as "Password1."
Only do this on labs, never on an production or personal environment
Run the installation by selecting "Next," "Continue," and "Install" as prompted until you complete the process.
Select the option to restart, sometimes a reboot as necessary. This allows you to resize and manage everything
more efficiently.
Here we are working with the network interface of the domain controller. Identify the internal
NIC and the. external NIC and rename them.
In Oracle VirtualBox, the NAT (Network Address Translation) network type typically uses a
default gateway IP address of `10.0.2.2`. This IP address is used as the default gateway for VMs
connected via NAT to communicate with the host machine and other networks.
When you configure a VM in Oracle VirtualBox to use NAT for its network connection, the
internal DHCP server provided by VirtualBox will automatically assign an IP address to the VM. The
NAT networking mode in VirtualBox provides a way for VMs to communicate with external networks
using the host machine's network connection. The IP addresses assigned to VMs using NAT are
managed by VirtualBox's internal DHCP server.
The INTERNAL network adapter has an Autoconfiguration IPv4 Address of 169.254.147.72, which indicates
that it did not receive an IP address from a DHCP server. Instead, it has assigned itself an Automatic Private IP
Addressing (APIPA) address. APIPA addresses are in the range of 169.254.x.x and are used when a device
cannot obtain an IP address from a DHCP server.
Now we will be creating the IP address for the internal network based on the topology.
Establishing the dns server for internal NIC
Now installing active directory domains services, to create a domain
When you install the Active Directory Domain Services (AD DS) role on Windows Server 2019 using Server
Manager, the DNS server role is installed automatically if it's not already present. This is essential because DNS is
a critical component for AD DS functionality.
“Password1”
Now we will be creating a dedicated admin account instead of using the built in administrator
The “User logon name” can be whatever, create name based on your preferred naming convention
ONLY for lab purposes, I will select a “password never expires”. We can come back later when dealing with
password policies
The account was created but it still needs to be turned into an admin account
You can see it resolves to domain admin
In Active Directory, there are several built-in administrative groups that are recognized by default across domains.
These groups have predefined administrative privileges and are crucial for managing various aspects of the Active
Directory environment.
“Domain Admins” - Members of this group have full administrative control over the domain. They can perform all
administrative tasks within the domain, including managing domain controllers, creating and managing users and
groups, modifying group policies, etc.
Now you are good to go. You can now sign out and sign back in
Now installing Network Address Translation for the internal network
Now we will configure Network Address Translation for the internal network
If you are not able to select the top radio button, cancel out and try again
Now we will create the DHCP. This will allow client computers to get an IP address and connect to the
internet even though they will be in a private/ internal network. Installing DHCP on the server
You can see DNS is installed, because it was installed when installing AD DS. DNS is an essential part of AD DS
DHCP installation is complete, now he will configure it
Creating a scope for the DHCP lease
Establishing the default gateway for the internal NIC
Now we will allow the server to browse the internet, this is NOT recommend on a production environment
I am turning it off so I can access the list of names to add to the domain, I will turn it back on later experiments
Now we will use powershell to run the script to create users for the active directory
Allowing the PowerShell script to create the users
PS C:\WINDOWS\system32> # Define the default password for the users
$PASSWORD_FOR_USERS = "Password1"
# Read the list of user names (first and last names) from the file 'names.txt'
$USER_FIRST_LAST_LIST = Get-Content .\names.txt
Creating CLIENT1
4095 MB
The domain controller functions as the default gateway for the client computer. It forwards packets to the Oracle IP
address, which then passes them to the ISP's default gateway. From there, the packets traverse various hops and
routers until they reach the Google server.
This part also adds the computer to the domain. Computer becomes a member of “mydomain.com”
On the DC server you can verify that the Client 1 computer has been assigned an IP address by the DHCP server.
Here you can verify the lease and expiration date.
In the active directory users and computers, you can verify that the CLIENT1 has indeed been added to the
domain computers and it is now a member of the domain. Now you can use the CLIENT1 computer tp sign in
using one of the accounts created by the PowerShell script from earlier
This setup now simulates a corporate environment. A newly onboarded employee can be granted credentials and
can use a computer connected to the domain such as CLIENT1. They can access any computer within the same
domain they are a member of.
You can follow the same process to add CLIENT2. Once both clients are added, you can experiment with various
configurations and settings to gain a deeper understanding of how Active Directory domain servers operate. This
hands-on experience will help to learn more about user management, group policies, and other essential aspects
of Active Directory administration.