I figured this would be a good first post. Most enterprise environments are predominantly Windows based. While many businesses are choosing to go with a cloud platform such as Azure and AWS, there are plenty that are still using on premise Windows servers with Active Directory. A great way to learn the ins and outs of Group Policy, Active Directory, Windows DNS, DHCP, etc. is to setup a Windows Domain Controller.
Step 1.
First we will need something to install Windows Server on. This can be an old unused computer or preferably a virtual machine so you can play and break things. I am going to be using my “Hyper-V Server,” which is just an old Lenovo ThinkStation with a lot of ram and disk space. I have Windows 10 Pro installed, and Hyper-V enabled to spin up VM’s.
Step 2.
Download a trial ISO of Windows Server 2022 from Microsoft which can be found HERE.
Step 3.
Next we will create a VM on Hyper-V. For the sake of post length I will likely cover that in a later post. For this particular machine I am going to create it with 12gb of Ram, up the virtual cores to 4, and provide about 80gb of hard drive space to start. This is likely overkill, but I want my lab experience to run smooth since this DC will be acting as the domain controller, DHCP server, DNS server, and whatever else I decide to throw at it later. I will name the completed Hyper-V machine “NEWB-DC1.”
Step 4.
Select the Windows Server trial ISO that you downloaded earlier from Microsoft and make sure it is inserted in the virtual machines “DVD Drive.” Now connect to the virtual machine and start it up to begin installing Windows Server 2022. Follow the installation Wizard. I am going to select the Desktop Version of Windows Server.
It’s a fairly simple installation going forward. You will need to enter a password for the default Administrator account, and then welcome to your desktop version of Windows Server.
Step 5.
The first thing I like to do is configure a static IP address and get the server connected to the internet. A quick note about networking- prior to setting up this machine I had already created a VLAN on my router which is a Unifi Dream Machine Pro. I set my VLAN tag as 50 and created firewall rules to prevent that VLAN from communicating with the rest of my network. I want to keep my lab environment and my home environment separate. I set my VLAN gateway IP to 10.0.50.254 rather than the standard 10.0.50.1. This is because my Domain Controller will be my default gateway where other devices will look to authenticate from and receive IP addresses via DHCP.
With that being said, on the domain controller navigate to “Advanced Network Settings” and click “change adapter settings.” Select “Internet Protocol Version 4” and right click>properties. Here you will configure the static IP address. I set mine as 10.0.50.1 with the default gateway of 10.0.50.254. For the DNS server I will use Google’s DNS server of 8.8.8.8. Once the static IP is set and routed to the correct default gateway, your server will have internet connectivity.
Step 6.
Now that we are connected to the internet and have a static IP address, it is time to do some basic housekeeping within Server Manager, specifically within the local server section. First I am going to change the computer name to NEWB-DC1. I then enabled Remote Desktop, and set my time zone.
Step 7.
Now on to the fun part. We are going to upgrade this server to be a domain controller. From Server Manager near the top right select Manage>Add Roles and Features. This will open a wizard. Select Role-based or feature-based installation when presented with the option.
Check “Active Directory Domain Services” when presented with the option and hit next. This will also install Group Policy Management. Once we have finished installing Active Directory Domain Services you should notice a notification in Server Manager near the Manage option that we clicked earlier. Click “Promote this server to a domain controller.”
This will open another Wizard to setup domain information. Select create a new forest and then add the domain root name. I will be using itnewb.net.
On the next screen leave everything as default and add a directory recovery password. Click next on the remainder of the wizard leaving things at default. There will be warnings at the end that we will address later, click install. Once the domain controller installation is completed the server will need to be restarted.