How to Create Your Own Lab with Active Directory?

How to create your own lab with Active Directory?

Are you looking to create your own lab environment to experiment with Active Directory (AD) for learning or testing?

In this blog, I will walk you through the complete steps to set up an Active Directory environment using Oracle VM VirtualBox, as well as alternative options with free Azure or AWS accounts.

We’ll also cover how to install AD on a Windows Server trial version, configure DNS, add Active Directory Users and Computers, and manage DNS records. By the end, you’ll have a fully functional Active Directory lab.

Setting Up Your Virtual Environment

Option 1: Using Oracle VM VirtualBox

Step 1: Install Oracle VM VirtualBox

First, download and install Oracle VM VirtualBox, a free and open-source virtualization tool that allows you to create virtual machines (VMs).

Step 2: Download Windows Server ISO Trial

You’ll need a trial version of Windows Server. Head over to Microsoft’s Evaluation Center and download the ISO for Windows Server 2022 or any version you want to test with.

Step 3: Create VMs in Oracle VM VirtualBox

For this lab setup, we will create three VMs:

• One for the Active Directory Domain Services (ADDS) and DNS.
• One for a Member Server.
• One for a Windows 11 Client.

Follow the Steps to Install Oracle VM Virtual Box

Steps to Create a VM:

1. Open Oracle VM VirtualBox and click New.
2. Assign a name for your VM (e.g., “AD-Server”).
3. Select Windows 2022 (64-bit) as the version.
4. Allocate memory (minimum 2GB RAM) and create a virtual hard disk (minimum 25GB).
5. Select the Windows Server ISO file you downloaded and install the server OS.

Repeat these steps for creating the Member Server VM and Client Windows 11 VM.

Note: Make sure all VMs are on the Same Network and should be reachable to each other.

Option 2: Using Cloud Services (Azure or AWS)

1. If you prefer cloud-based alternatives, you can set up free accounts on Azure or AWS to create your VMs.

Step 4: Install Active Directory Domain Services (ADDS) and DNS

How to Install Active Directory

Once the VM for your domain controller (AD-Server) is ready:

1. Open Server Manager, go to Manage → Add Roles and Features.
2. Choose Role-based or Feature-based installation.
3. Select your server from the list.
4. Under Server Roles, check Active Directory Domain Services (AD DS) and DNS Server.
5. Click Next and install the required features.
6. After the installation is complete, promote the server to a domain controller by following the post-installation wizard.
7. 
8. Select Add a new forest and provide a root domain name (e.g., mydomain.local).
9. Configure DNS and choose a forest functional level. Complete the wizard to finish the setup.

Step 5: Install Active Directory Administrative Center

To manage Active Directory users and organizational units (OUs), you need the Active Directory Administrative Center:

1. In Server Manager, go to Manage → Add Roles and Features.
2. Under Features, select Active Directory Administrative Center and install it.

You can now access it by going to Start → Windows Administrative Tools → Active Directory Administrative Center

More details about the Active Directory Administrative Center

Step 6: Add a Member Server and Client VM to the Domain

Steps for Adding a VM to the Domain:

1. Open System Properties on both the Member Server and Client Windows 11 VM.
2. Under the Computer Name tab, click Change.
3. Select Domain, enter the domain you created (mydomain.local), and click OK.
4. You will be prompted to enter your domain administrator credentials.
5. Restart both machines after joining the domain.

Step 7: Creating Organizational Units and User Accounts

How to Add Active Directory Users and Computers

You can manage users, computers, and OUs via Active Directory Users and Computers. To do this:

1. Open Active Directory Users and Computers from the Tools menu in Server Manager.
2. Right-click on your domain, select New → Organizational Unit (OU).
3. Create two OUs: Servers and Desktops.
4. Move the Member Server into the Servers OU and the Client Windows 11 VM into the Desktops OU by right-clicking each computer, selecting Move, and choosing the respective OU.
5. To create a new user, right-click the OU where you want to create the user, select New → User, and follow the prompts.

Step 8: Create a Default Domain Policy with Basic Password Policies

1. Open Group Policy Management from the Tools menu.
2. Navigate to Default Domain Policy.
3. Right-click and select Edit.
4. Under Computer Configuration → Policies → Windows Settings → Security Settings → Account Policies, configure Password Policy.
5. Set basic password requirements like minimum password length, complexity requirements, and expiration time.

Step 9: DNS Management and Record Creation

In your AD environment, DNS is automatically integrated. However, you may want to manually add or manage DNS records. Here’s how:

1. Open DNS Manager from the Tools menu.
2. Expand your server and click on Forward Lookup Zones.
3. Right-click on your domain (e.g., mydomain.local) and select New Host (A or AAAA).
4. Enter the name and IP address of the machine for which you’re creating a DNS record.
5. Click Add Host to complete the process.

Step 10: Install IIS on the Member Server

To install IIS on the Member Server:

1. Open Server Manager, go to Manage → Add Roles and Features.
2. Select Web Server (IIS) from the list and install it.
3. After installation, open IIS Manager from Server Manager to configure the web server.

Step 11: Create Group Managed Service Accounts (gMSA) for IIS

Group Managed Service Accounts (gMSA) are useful for running services like IIS. To create a gMSA:

Also Read: Group Managed Service Accounts (gMSA): Benefits, Creation Steps, and Detailed Guide

• Open Active Directory Administrative Center.
• In the Windows PowerShell, run the following commands to create the gMSA:

New-ADServiceAccount -Name gmsaAccount -DNSHostName iis.mydomain.local -ServicePrincipalNames http://iis.mydomain.local -PrincipalsAllowedToRetrieveManagedPassword ServerOU

• Assign the gMSA to the IIS Application Pool:
  • Open IIS Manager, and click on Application Pools.
  • Right-click the Application Pool, go to Advanced Settings, and set the Identity to the gMSA.

Final Thoughts

Setting up a lab environment for Active Directory in Oracle VM VirtualBox is an excellent way to practice and understand AD features like Active Directory Administrative Center, Active Directory Users and Computers, DNS, and group policies. You can extend this setup to cloud services like Azure or AWS. Whether you’re studying for a certification or building a test environment for your business, this step-by-step guide will set you on the right path.

External Resources:

• Official Active Directory Documentation
• Oracle VM VirtualBox Guide

• About
• Latest Posts

Ravi Chopra

With 19 years of hands-on experience in the IT industry, I’m passionate about sharing the knowledge I’ve gained across a wide range of technologies. Specializing in Active Directory, Azure, VMware, Windows, and Linux, I am dedicated to empowering IT professionals and enthusiasts with practical insights and solutions.

Whether you’re looking for troubleshooting tips, deep dives into systems architecture, or the latest in cloud computing, I’m here to help you navigate the evolving tech landscape. Let’s connect, learn, and grow together!

📧 ravi.chopra1709@gmail.com

Latest posts by Ravi Chopra (see all)

• What is Active Directory? A Complete Guide for IT Professionals - 18 November 2024
• Enterprise Virtualization Platforms Comparison: A Technical Deep Dive - 29 October 2024
• Docker Swarm: The Complete Guide to Container Orchestration - 28 October 2024