This project was to demonstrate my knowledge by setting up my own virtual network with Active Directory to simulate what an actual business or organization might do with their own internal network. Active Directory is widely used and allows for an easier effort when it comes to administering all of the users within an organization. I’ll be installing Windows Server 2019 on a virtual machine, configuring Active Directory, creating an internal network and enabling internet access for the clients, setting up multiple users, and showing it all come together by logging in with one of the user accounts to a client set up on a virtual machine.
The first step was to create the Windows Server virtual machine with VirtualBox. I gave it enough RAM and processors to run effectively and made sure to give it two network adapters, one for connecting to the internet and one for the internal network.
Next, I started the virtual machine and loaded the ISO file for Windows Server 2019 and went through the installation process.
Once it finished installing and booted up it was time to set up the networks. I navigated to Network Connections to determine which network adapter would be used for the external network and for the internal network.
It was easy to determine the internal network adapter based on the given IP address that started with 169.x.x.x and I renamed them both to more easily differentiate them later.
Still in the Network options, I changed the properties for the IPv4 setting for the internal network to use a static IP address. This Domain Controller is going to serve as the default gateway so that IP address is not set. It will also use itself as the DNS server, so I entered the loopback address.
With the network adapter set I then renamed the server to DC (Domain Controller) and then restarted it.
The next step will be to install the Active Directory domain services, and to get this started I went to the ‘Add roles and features’ option in the Server Manager.
With the correct server selected I chose ‘Active Directory Domain Services’ in the Server Roles section and continued through to the final section to complete the installation.
Back in the main Server Manager dashboard I did the ‘Post-deployment Configuration’ which is found in the notifications section. This is where the domain is actually created.
I chose the ‘Add a new forest’ option and gave it a new ‘Root domain name’ and went through the remaining options with the default settings and selected install and let it finish and reboot the server.
After it finished restarting, I created a dedicated domain admin account instead of using the built-in administrator account. I did this by going to the ‘Active Directory Users and Computers’ from the Start menu. Under the newly created domain I opened a new Organizational Unit.
In the Organizational Unit I created a new User.
After I created the User I went to the Properties setting for it and under the ‘Member of’ tab I added ‘Domain Admins’ to it. This gave me my very own domain admin account.
Next I signed out and logged back in with my domain admin account.
Then it was time to install a Remote Access Server to allow any clients on the virtual internal network to still be able to access the internet. Back in the Server Manager I went to the ‘Add roles and features’ section again. In the ‘Server Roles’ section I selected ‘Remote Access’ this time and installed the ‘Routing’ option.
Back in the Server Manager dashboard under Tools I chose ‘Routing and Remote Access’. From here I went to the ‘Configure and Enable Routing and Remote Access’ for the domain controller. I installed ‘Network address translation’ (NAT) which will allow all the clients on the network to reach the internet sharing one public IP address.
I chose the correct network adapter and finished the installation.
In the Server Manager dashboard I went back to the ‘Add roles and features’ section and chose ‘DHCP Server’ this time for the Server Role and installed it. Now back at the dashboard I chose ‘DHCP’ from the Tools dropdown menu to set it up.
Under the domain I created a ‘New Scope’ for the IPv4 section and set up the range of IP’s to be used and the Subnet mask. For this exercise I did not exclude any IP’s in the range and left the lease duration as default since this is just my own custom network.
Then I configured the DHCP options which allowed me to set up the Router (Default Gateway). This is what enables the clients to access the internet. I entered the domain controller’s IP address for this. I also used the domain controller for the DNS server and then activated the scope. Then I refreshed the domain controller and I could see that the scope has been added and is functioning properly.
In order to not just have one user account and to avoid having to create accounts manually I found a PowerShell script online that automates this process. Using PowerShell ISE I loaded the script and used a text file with hundreds of random names that will be used to create the accounts.
A quick explanation of the script is that it creates a new Organizational Unit for USERS and adds the hundreds of names from the random name file. It sets all the passwords the same for convenience in this case. It uses a loop to extract each name from the name file and sets up a new user account for each one of them.
After running the script I checked the ‘Active Directory Users and Computers’ and I saw that the ‘_USERS’ Organizational Unit was created and now has all the new accounts contained within it.
With all the user accounts created I wanted to create a new virtual machine to have a client that could connect to the network using one of the new accounts.
I used VirtualBox again to create a new virtual machine that I could install a fresh copy of Windows 10 on. For the network adapter I chose ‘Internal Network’ this time and then completed the installation of Windows 10.
In the new virtual machine I wanted to check that the internet was working so I opened the command prompt to check it out. With the ‘ipconfig’ command I can see that it does have an IP address assigned to it within the range that was set up, and it also has the correct Default Gateway. Then I used the ‘ping’ command to confirm that it would reach the internet. This let me know that all the network infrastructure I set up is working properly.
In the client computer I wanted to change its name using the ‘Rename this PC (advanced)’ option. I changed the name to ‘Client1’ and also changed the Domain to that of the domain controller and then restarted the computer.
Back on the Server I opened DHCP and can see that there is a new lease for the ‘Client1’ computer.
The final step is to login to the network with the client computer. I was then able to use one of the newly created user accounts to login with the ‘Client1’ computer. This will allow any user to login onto the network with any client computer.
