Introduction
Welcome to my latest article! In this piece, I’ll walk you through the foundational steps for setting up an Active Directory domain controller. This article is part of a new series where I’ll construct an Active Directory environment and explore various penetration testing methods. The goal is to enhance our defense mechanisms by understanding potential vulnerabilities. Throughout this series, we’ll dive into the installation and configuration processes necessary to create such a lab environment. The focus will be on the Active Directory aspects of TCM Security’s Practical Ethical Hacking course. I highly recommend this course for anyone interested in delving into Active Directory hacking. It also covers topics such as information gathering, enumeration, vulnerability scanning, web application exploits, Linux hacking, and more. For further learning, here’s the link to the course:
https://academy.tcm-sec.com/p/practical-ethical-hacking-the-complete-course
Additionally, you can access an older version of the course’s Active Directory segment for free on YouTube:
Before diving into the setup process for the virtual machine that will run Windows Server 2022, let’s first understand what Active Directory (AD) is and its key components. Active Directory is organized into two main categories: physical and logical components.
Physical Component of Active Directory
- Domain Controllers (DCs)
- Authentication and Authorization
- DCs are responsible for authenticating users and computers in a domain. They verify the credentials of users and computers, determining whether they are who they claim to be.
- They also authorize users and computers, determining what resources they can access and what operations they can perform within the network.
- Active Directory Data Store
- This is where all domain information, such as details on users, groups, computers, and organizational units (OUs), is stored. The data store is encapsulated in the NTDS.DIT file, a database that resides on each domain controller.
- Kerberos Authentication Protocol
- DCs use the Kerberos authentication protocol to provide a secure method for authenticating user and service logons. Kerberos is a key component of the security within an Active Directory environment.
- The Kerberos protocol uses tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner.
- A Kerberos Ticket Granting Ticket (TGT) is issued by a DC when a user successfully logs on. The TGT is then used to request service tickets for specific resources within the domain.
- Group Policy
- Through Group Policy Objects (GPOs), DCs administer centralized policies for computers and users within the domain. This mechanism allows for streamlined management of security settings and configurations across the network.
- Authentication and Authorization
Logical Components of Active Directory
- Domains
- A domain is a logical group of network objects (such as users, computers, and devices) that share the same Active Directory database. Domains provide an administrative boundary for managing configurations and security for those objects.
- Trees
- A hierarchy of domains in Active Directory. A tree is a collection of one or more domains and domain trees in a contiguous namespace, linked in a transitive trust hierarchy.
- Forest
- The top of the Active Directory structure. A forest is a collection of one or more domain trees that do not share a contiguous namespace but are linked through a trust relationship. A forest represents the security boundary within which users, computers, groups, and other objects are accessible.
- Trusts
- Trusts are a key part of the Active Directory architecture, allowing users in one domain to access resources in another domain. Trusts can be one-way or two-way and can extend across or within forests.
- Organizational Units (OUs)
- Containers within a domain that can hold users, groups, computers, and other organizational units. OUs can represent the hierarchical, logical structures within a company, such as departments, and are used to facilitate administration, including applying Group Policies and delegating administrative authority.
- Schema
- The schema is the AD component that defines all the types of objects and attributes that can be stored in the directory. It also determines the rules for creating and manipulating these objects. The schema is critical for ensuring data consistency across the directory.
Understanding these components is essential for setting up and managing an Active Directory environment effectively. Each plays a specific role in ensuring the security, scalability, and manageability of network resources and services.
Configure the Virtual Machine
To create our Active Directory lab environment, we’ll be using virtual machines. My choice of software for this task is VMware Workstation Pro. For more details on this software, visit:
https://www.vmware.com/products/workstation-pro.html
Before diving in, ensure your system is capable of handling this setup. A minimum of 16 GB of RAM is advisable, with 32 GB recommended for the best performance. Your processor should be relatively up-to-date, and you’ll need up to 150 GB of storage available for this project. While it’s possible to run this setup in a cloud environment, this guide will focus on a local setup.
Let’s begin!
The initial step involves downloading the ISO file for installation on your virtual machine. You can obtain a free evaluation copy of Windows Server 2022 from the following link:
https://info.microsoft.com/ww-landing-windows-server-2022.html
Once the download is complete, proceed to open VMware Workstation Pro. Upon starting VMware Workstation Pro, a screen will appear; select the option to create a new virtual machine.
A “New Virtual Machine Wizard” window will then appear, guiding you through the setup process.
Proceed with the standard configuration option.
Then, locate the ISO file you previously downloaded and select it in the installer disc image file selector.
In the following step, choose the appropriate Windows version for installation, which in this case is Windows Server 2022 Standard. At this stage, it’s not necessary to input a product key or configure a password.
When prompted about not entering a Windows product key, simply choose “yes” to continue.
Next, assign a name to your virtual machine and select a location on your system where it will utilize disk space.
Allocate a recommended disk size of 60 GB for the server.
At this point, it’s time to proceed with customizing the hardware settings for the virtual machine.
For the initial setup, it’s advisable to allocate at least 4 GB of RAM to the virtual machine for optimal performance.
After configuring the settings, click “finish.” The virtual machine will then automatically power up.
If you encounter an issue with an invalid product key error, shut down the virtual machine and access the settings for that particular system. To resolve the error, you will need to remove the floppy disk device from the virtual machine’s configuration.
Next, we’ll proceed with the installation of Windows Server 2022.
Install Windows Server 2022
Once the virtual machine successfully boots up, you will be greeted with the initial setup screen.
Choose the settings that best fit your needs.
Then, click on “Install Now” to proceed. A menu will appear for you to select the server operating system you wish to install. For this lab, select “Windows Server 2022 Standard Evaluation (Desktop Experience).”
If the terms are acceptable to you, proceed by accepting the Microsoft Software License Terms.
Next, opt for a custom installation of the operating system.
On this page, click “New” located in the middle right side of the screen, then select “Apply.”
Select the 59.9 GB drive, then click “Next.”
The system will then proceed to install Windows Server 2022 on the virtual machine’s hard drive.
The installation process will take a bit of time, so feel free to step away for 5-10 minutes. When you return, it should be complete, including any necessary automatic reboots.
Once the system is back up, you’ll be prompted to set a password for the account. You can choose any password that meets your preferences.
Following the password setup, you will be directed to the login screen. You can now log in to your newly installed system!
Configure Windows Server 2022
To activate essential features like full screen mode, you’ll need to install VMware Tools. This can be accomplished by navigating to the top information bar, selecting “VM,” and then choosing “Install VMware Tools.”
A notification will appear on the right side of the virtual machine’s screen upon selecting “Install VMware Tools.” Click on this notification to proceed.
From that point, locate and run the setup64.exe
file to initiate the installation process for VMware Tools. Follow the on-screen instructions to complete the installation.
Choose the option for a complete installation during the VMware Tools setup process to ensure all features and drivers are installed on your virtual machine.
Select “Install” to begin the installation process of VMware Tools.
After the installation of VMware Tools is complete, you’ll need to restart the system to fully utilize all the new features introduced. However, before proceeding with the restart, there’s one additional adjustment we’ll cover in the next section of this blog post.
Install the Domain Controller
To begin setting up the virtual domain controller for our lab environment, the first step is to rename the server. You have the freedom to choose any name that suits your preference; however, I suggest selecting a name that feels significant or grandiose. For my part, I’m adopting a naming scheme inspired by ecosystems. As such, I’ll name my domain controller “Everest-DC“.
To navigate to the appropriate section for changing your server’s name, simply type “name” in the Windows search bar. This action will yield a top result labeled “View your PC name” — select this option to proceed.
Accessing the about page for your Windows server from this point, you’ll find the option to “Rename this PC.” Look for this choice, which should be highlighted within a green rectangle, and select it to proceed with renaming your server.
As previously mentioned, you have the liberty to name your server whatever you prefer. For the purpose of this guide, my domain controller will be named “Everest-DC.”
After renaming your server, you’ll be given the choice to restart your server either later or immediately. Choose the option to “restart now” to apply the changes promptly.
When initiating the restart, a pop-up will appear asking for the reason behind the shutdown. Select the option related to the reconfiguration of the operating system to proceed with the restart.
Following the restart, we’ll move on to configuring the Server Manager to add the domain controller feature. In the top right corner of the Server Manager, you will find the “Manage” option. Click on this, and then select “Add Roles and Features” from the dropdown menu to begin the installation process.
Once you’ve selected “Add Roles and Features,” you’ll be guided through a series of menu options. I’ll walk you through this process step by step. On the first page that appears, simply click “Next” to proceed.
On the Installation Type page, maintain the default selection of “Role-based or feature-based installation” and proceed by clicking “Next.”
On the Server Selection page, the name of the server you previously assigned should be automatically selected. Confirm this is correct, and then click “Next” to continue.
On the Server Roles screen, locate and add the “Active Directory Domain Services” role. After selecting this option, click “Next” to move forward with the setup process.
On the Features page, there’s no need to add any additional features at this time. Simply click “Next” to proceed with the installation.
Continue by clicking “Next” on the Active Directory Domain Services (AD DS) page as well. This will take you further into the installation process.
At this point, proceed to install the domain services feature by clicking “Install.” The installation process may take some time, so please allow it to complete. Once finished, you can click “Close” to finalize the installation.
Configure the Domain Controller
Now, on the top right side of the screen, you’ll notice a flag icon with a caution triangle. Click on this icon, and you’ll see an option indicating that you need to promote this server to a domain controller. Go ahead and click on that option to proceed with the promotion process.
In this step, you’ll be creating a new forest and setting up a root domain name. While you can name this domain anything you prefer, to maintain consistency with the ecosystem theme, I’ll name mine “ECO.local”. It’s crucial to end your domain name with “.local” for naming conventions within a private network. Once you’ve entered your chosen domain name, click “Next” to continue.
On the following screen, you’ll be prompted to set a Directory Services Restore Mode (DSRM) password for the domain controller. This password is used when you need to restore the domain controller in a failure scenario. You can choose any password that meets your security criteria. After setting the password, click “Next” to proceed with the setup.
Continue by clicking “Next” through the DNS options screen without making any changes.
On the Additional Options page, please allow some time for the information to load. Once the loading is complete, the name of your domain controller should automatically populate. After verifying that the correct name is displayed, proceed by clicking “Next.”
Upon reaching the Paths page, you can simply proceed by clicking “Next” without making any changes to the default paths.
Continue by clicking “Next” through the review section to proceed towards the final steps of the configuration.
Now, you can initiate the installation of all required files. Once the installation process is complete, the system will automatically reboot to apply the changes and finalize the setup of your domain controller.
When you reach the login screen and observe “domain\Administrator” as the username, it signifies a successful setup. This indicates that you are now logged into the domain as the administrator, confirming that everything has been configured correctly.
With the domain controller now set up and configured, we’ve completed the foundational steps for our lab environment. In the next installment of this series, we will focus on setting up and configuring end-user Windows 11 machines to join the domain. Following that, our lab will be nearly ready for conducting tests and facilitating learning. Stay tuned for more insights as we continue building our practical lab environment.
Conclusion
In wrapping up, we’ve made considerable progress in laying down the foundation of our Active Directory lab environment. From starting with the basics of setting up a domain controller to configuring a virtual machine and installing Windows Server 2022, we’ve taken the crucial first steps necessary for establishing a network where authentication and authorization processes are managed efficiently. This groundwork is essential for diving into the world of Practical Ethical Hacking, providing a solid base for further exploration and learning.
Looking ahead, our next venture will involve setting up and configuring Windows 11 machines to integrate them into the domain. The forthcoming blog post will cover the intricacies of incorporating these end-user systems into our Active Directory setup, focusing on ensuring they adhere to the domain’s management and security protocols. This advancement is key to broadening the scope of our lab, offering a closer representation of an operational network environment for conducting diverse penetration testing scenarios.
Keep an eye out for the next installment in this series, where we’ll walk you through integrating Windows 11 systems into the domain. This step will not only expand our lab’s capabilities but will also deepen our insight into the realms of network security and ethical hacking. As we progress, I invite you to join us on this educational journey, exploring new territories in building and fortifying our Active Directory lab environment. The adventure is far from over, and there’s a wealth of knowledge waiting to be uncovered as we advance in our exploration.