Milestone 2

Creating AD Controller

Create VM:

Power on machine and follow install

(Once you hit the page asking for password hit ctrl+shift+f3)

VM Provisioning

Open Admin Powershell

1. sconfig

2. `5` “Windows Update Settings”

   • `M` “Manual”

1. `9` “Date and Time”

   • Change time zone for EST

1. `6` “Download and Install Updates”

   • `A` “All Updates”

Will Prompt with restart

1. Install VMware Tools (This will make D: VMware tools installer)

I did typical install

Sysprep

1. Get Sysprep file

1. Uncomment top 4 lines and comment bottom 2

1. Run file and set execution policy

1. Put in deployer password

2. Then restart DC1

END OF SYSPREP

Change adapter to 480-WAN

Install ADDS:

Set Admin passwd

Configure network

Rename Computer (Do this before forest install)

SSH from xubuntu to dc1

Get-WindowsFeature - Will show all windows features are installed and can be installed

Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools

To view see available module commands you can run

Get-Command -Module ADDSDeployment

New Domain Admin User:

$pw = Read-Host -Prompt 'Enter a Password for this user' -AsSecureString

New-ADUser -Name paul-adm.gleason -AccountPassword $pw -Passwordneverexpires $true -Enabled $true

Add-ADGroupMember -Identity "Domain Admins" -Members paul-adm.gleason

Install Forest:

Install-ADDSForest -DomainName “paul.local”

Forest Made

DNS Role:

Get-WindowsFeature | where {($_.name -like “DNS”)}

Install-WindowsFeature DNS -IncludeManagementTools

Reverse Zone Creation:

Add-DnsServerPrimaryZone -NetworkId “10.0.17.0/24” -ReplicationScope “Domain”

Create A type with PTR:

Add-DnsServerResourceRecordA -Name "480-fw" -ZoneName "paul.local" -AllowUpdateAny -IPv4Address "10.0.17.2" -TimeToLive 01:00:00 -CreatePTR

Create PTR alone:

Add-DnsServerResourceRecordPtr -Name "4" -ZoneName "17.0.10.in-addr.arpa" -AllowUpdateAny -TimeToLive 01:00:00 -AgeRecord -PtrDomainName "dc1-paul.paul.local"

Highlighted ones are correct the middle 2 were mistakes

DNS Forwarder:

Was already set to the firewall.

Test DNS:

Test-DnsServer -IPAddress 10.0.17.4 -ZoneName “paul.local”

Install DHCP:

Install-WindowsFeature DHCP -IncludeManagementTools

Netsh dhcp add securitygroups

Restart-service dhcpserver

Add-DHCPServerv4Scope -Name “Main” -StartRange 10.0.17.101 -EndRange 10.0.17.150 -SubnetMask 255.255.255.0 -State Active

Set-DhcpServerv4Scope -ScopeId 10.0.17.0 -LeaseDuration 1.00:00:00

Set-DHCPServerv4OptionValue -ScopeID 10.0.17.0 -DnsDomain paul.local -DnsServer 10.0.17.4 -Router 10.0.17.2

Had to do this part as admin:

Add-DhcpServerInDC -DnsName paul.local -IpAddress 10.0.17.4

Get-DhcpServerInDC

Restart-service dhcpserver

Remote Desktop Setup:

On xubuntu:

sudo apt install remmina

On DC1-paul:

Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -name "fDenyTSConnections" -value 0

Enable-NetFirewallRule -DisplayGroup "Remote Desktop"

Proof:

https://drive.google.com/file/d/19xPNRBQgF9WTB9XcnoHtP2k9Fs-RSDoP/view?usp=sharing

Notes:

Audit mode: ctrl+shift+f3 (Hit at set password screen)

Reference From Devin: https://malwaremily.medium.com/install-ad-ds-dns-and-dhcp-using-powershell-on-windows-server-2016-ac331e5988a7

ADDS Installer: https://www.dell.com/support/kbdoc/en-us/000121955/installing-active-directory-domain-services-and-promoting-the-server-to-a-domain-controller

Remote Desktop: https://pureinfotech.com/enable-remote-desktop-powershell-windows-10/

DHCP installer: https://learn.microsoft.com/en-us/windows-server/networking/technologies/dhcp/dhcp-deploy-wps