Build a Directory Service Server

With Active Directory

Table of Contents
Table of Contents .......................................................................................................... 2
Prerequisites ................................................................................................................ 3
Network Topology ......................................................................................................... 3
Active Directory Overview .............................................................................................. 3
What is Active Directory? ........................................................................................... 3
Why is Active Directory Used? .................................................................................... 4
Active Directory Core Concepts .................................................................................. 4
Security Implications ................................................................................................. 5
Setup Windows Server 2025 .......................................................................................... 6
Step 1 ....................................................................................................................... 6
Step 2 ..................................................................................................................... 10
Disable Default Logoff ............................................................................................. 13
Disable CTRL + ALT + DEL ......................................................................................... 13
Assign Static IP Address .............................................................................................. 14
Step 1 ..................................................................................................................... 14
Promote Active Directory to a Domain Controller .......................................................... 17
Step 1 ..................................................................................................................... 17
Setup DNS For Internet Access .................................................................................... 28
Setup DHCP ............................................................................................................... 32
Add User Accounts in Active Directory .......................................................................... 38
Prerequisites
1. Virtualbox installed.
2. Virtual Machine with Windows 11 Server 2025 ISO has been configured and
provisioned (the ISO should be attached to the new VM).

Network Topology

Working Here

Active Directory Overview

What is Active Directory?
Active Directory (AD) is a directory service developed by Microsoft that manages and
organizes resources in a network. It acts as a centralized database to authenticate and
authorize users and devices, making it the backbone of most Windows-based enterprise
environments.

Key components:
 • Authentication: Verifies user identity using credentials like username and
password.

• Authorization: Grants or denies access to network resources based on

permissions.

• Management: Centralizes control over users, computers, and other resources.

Why is Active Directory Used?

Active Directory is widely used in enterprise environments to streamline and secure
network management. It serves multiple purposes:

1. Centralized Resource Management

AD enables administrators to manage users, devices, and permissions from a single
location, reducing complexity.

2. Scalability
It can handle environments ranging from small businesses to multinational
corporations with millions of objects.

3. Authentication and Authorization

AD provides a robust framework for verifying users and granting access to resources
using security protocols like Kerberos and LDAP.

4. Group Policy Management

Administrators can enforce security settings, deploy software, and manage updates
across the network using Group Policy Objects (GPOs).

5. Integration with Other Services

Active Directory integrates seamlessly with services like Microsoft Exchange, Azure
AD, and other enterprise applications.

Active Directory Core Concepts

Active Directory Core Concepts

1. Domains

o A domain is a logical grouping of objects (users, devices, etc.) that share the
same database and security policies.

o Example: corp.local could be a domain for an organization.

corp.project-x-dc.com will be the domain used in this project.

2. Domain Controllers (DCs)

 o Servers that host the Active Directory database and perform authentication,
authorization, and replication.

3. Organizational Units (OUs)

o Containers within a domain used to organize objects logically.

o Example: Separate OUs for HR, IT, and Finance.

4. Objects

o Every entity in AD, such as users, computers, printers, and groups, is an

object.

5. Groups

o Security Groups: Used for managing permissions to resources.

o Distribution Groups: Used for email distribution.

6. Forest and Trees

o A forest is the highest-level container, encompassing multiple domains that

share a common schema.

o A tree is a hierarchy of domains within a forest.

7. Global Catalog (GC)

o A distributed data repository that provides information about all objects in

the forest for faster lookups.

8. Trust Relationships

o Trusts enable users in one domain to access resources in another domain.

Security Implications
Active Directory is often a prime target for attackers due to its central role in managing
network resources. Misconfigurations or vulnerabilities can lead to significant security
risks.

1. Common Security Threats

o Credential Theft: Techniques like Pass-the-Hash or Kerberoasting can allow

attackers to escalate privileges.
 o Privilege Escalation: Exploiting misconfigured permissions to gain higher
access levels.

o Lateral Movement: Once inside, attackers can move through the network
using AD to identify valuable targets.

Many organizations are transitioning to hybrid environments using Microsoft Entra ID

(formerly Azure Active Directory), which combines on-premises and cloud-based identity
management. We will be using on-premises infrastructure so we can fully control the
setup, configuration, and isolation of the lab. (In addition to keep this free and avoid cloud
costs!)

Setup Windows Server 2025

Step 1
Select “Next”  “Install Windows 11”  Check the box  “Next”.
Select “Desktop Experience”.

Accept Microsoft’s End User License Agreement (EULA)  “Next”.

Select “Disk 0 Unallocated Space”  “Create Partition”. Use the default “Size in MB”
setting  “Apply. Wait for three partitions to show up.
Select Disk 0 Partition 3 (with the largest free space). Select “Install”. Wait for Windows Server
2025 to fully install. The VM should restart.
Step 2
Set a password for the default Administrator account. Password is (@Deeboodah1!)

� Refer to the “Project Overview” guide for more information on default usernames and
passwords.
The login screen will appear.

Navigate to the top of VirtualBox, go to “Input”  “Keyboard”  “Insert Ctrl-Alt-Del” to

open the login prompt.
Choose “Required only” for sending diagnostic data to Microsoft.

After signing in, you should see “Server Manager” Window. You can exit out of the dialog
box to try Azure Arc.
Disable Default Logoff
The default time for signing out of Windows Server 2025 is 5 minutes. Let’s change this.

Lookup “Settings” in the Search bar  “System”  “Power”  Select the toggle under
“Screen timeout”  Select “Never”.

Disable CTRL + ALT + DEL

If you do not want to use the “Input”  “Keyboard”  “Insert CTRL + ALT + DEL” each time,
you can disable this setting.

Look up “Local Security Policy”.

Navigate to the following folder tree  Look for “Interactive logon…”  Toggle from
Disabled to Enabled  “Apply”  “OK”.
Assign Static IP Address
� Before You Start: Make sure Windows Server 2025 (project-x-dc) is running.

Step 1
Navigate to the Control Panel (Shortcut: Windows+X).

Select “Network and Sharing Center”.

Select “Change adapter settings”.

A window will pop-up with a computer icon named “Ethernet”. Right-click this icon 
“Properties”.
Another box will open (yay for all the boxes we must click through �). Select “Internet
Protocol Version 4 (TCP/IPv4)  “Properties”.

Set this device to a static IP address. Select “OK” after finishing.

• IP address: 10.0.0.05
• Subnet mask: 255.255.255.0
• Default gateway: 10.0.0.1

� Refer to the “Project Overview” guide for more information on hostname addressing.
Promote Active Directory to a Domain Controller
Step 1
Go back to “Server Manager”  “Add roles and features”.
Select “Next” for the next 3 boxes.
Select “Active Directory Domain Services)”, “DHCP Server”, “DNS Server”, File and Storage
Services” and “Web Server (IIS)”.
Leave the defaults, select “Next”.

Select “Next” until you get to the Confirmation tab. Select “Install”.
You can close the dialogue box while the features are installed.
You will see a message in the notifications section of “Server Manager” when all of the
features have been installed.

A message notification will appear for configuring Active Directory, Select “More”.

Select “Promote this server to a domain”.

Select “Add a new forest”. Then enter a root domain name, corp.project-x-dc.com.
Leave the default options, for the Directory Services Restore Mode (DSRM) password, use
the Administrator password (@Deeboodah1!). Select Next.
Leave the “Create DNS delegation” box blank  “Next”.
Leave the NetBIOS CORP, proceed with all other defaults until getting to the check screen.
A few checks will be run through. Allow the wizard to finish, then select “Install”. Let the
server restart.

You can now login under the CORP\Administrator domain.

To verify this Server is apart of the domain, open a new PowerShell session, type in:

Get-ADDomainController
Setup DNS For Internet Access
Step 1

Go to “Server Manager”  DNS  Select the Server  Right-click  “DNS Manager”.

DNS Manager will appear  Right-click the domain  “Properties”.

Select the “Forwarders” tab  “Edit”.
Add in “8.8.8.8”  Select “OK”. This will allow us to still use the Internet from Windows
Server 2025.
Open a PowerShell session. Enter:

ping google.com

nslookup corp.project-x-dc.com
Setup DHCP
Step 1

Navigate to “DHCP”  “DHCP Manager”.

Navigate to “IPv4”  “New Scope”.

Add project-x-scope.
Enter the following addresses for leasing. Select “Next”. And

Start IP address: 10.0.0.100

End IP address: 10.0.0.200

Subnet mask: 255.255.255.0

Run through all the defaults (don’t worry about excluding IP addresses or lease expiration).

Add 10.0.0.1 for the Router IP.

Keep default.
Run through all the other dialogue box defaults, until finished.
Add User Accounts in Active Directory
Step 1

Navigate to “Server Manager”  “Tools”  “Active Directory Users and Computers”.

Navigate to “Users”  “New”  “User”.

Add in the user information.

� Refer to the “Project Overview” guide for more information on default usernames and
passwords.
Select “User cannot change password”  “Next”. Run through all default configuration settings.

You will see the new users created. Succes!

� Take Snapshot!