Windows Server 2019

Overall Objectives:

  1. Set up a virtual environment to mimic a corporate network

  2. Deploy and configure various essential services (AD DS, DHCP, DNS, RAS / NAT, File Server, Internal Web Server, etc.)

  3. Write some basic PowerShell scripts to accomplish AD objectives like folder redirection and logon scripts

To Be Accomplished:

  1. File Server

  2. Internal Web Server

  3. Folder redirection + Logon scripts for AD users

  4. ...

Current Diagram:

Initial Setup Procedure (Server OS + Client OS + Domain / AD DS + RAS / NAT + DHCP):

  1. Download VirtualBox, Windows 10 64-bit ISO, and Windows 2019 Server 64-bit ISO -- install VirtualBox

  2. Set up Windows Server 2019 DC VM (2GB RAM + 2 CPU cores) with NAT NIC and an internal NIC

  3. Run VM, install Windows Server 2019 via ISO, use Administrator password "Password1," then install Guest Additions

  4. Configure Windows Server 2019 internal NIC's IPv4 settings according to the diagram

  5. In Server Manager, "Add roles and features," then install Active Directory Domain Services ("AD DS")

  6. In Server Manager, begin post-deployment configuration for AD DS, configure a new forest with the domain "mydomain.com" and Domain Services Restore Mode ("DSRM") password "Password1," use default options for the rest of the wizard, install, and restart the server

  7. Log in as Administrator, run Active Directory Users and Computers, create new Organization Unit "_ADMINS" under domain "mydomain.com," create personal account "a-dlonsdale" and set as Domain Admin in Properties > Member of >Add

  8. Login in as "a-dlonsdale," in Server Manager, "Add roles and features," then install "Remote Access" role with "Routing" and "DirectAccess and VPN (RAS)" role services for RAS / NAT functionality

  9. In Server Manager, go to Tools > Routing and Remote Access > right -click "DC (local)" > Configure and Enable Routing and Remote Access, then configure NAT on the public interface

  10. In Server Manager, "Add roles and features," then install DHCP Server

  11. In Sever Manager, go to Tools > DHCP, right-click on dc.mydomain.com's IPv4 and click "New Scope," name scope "172.16.0.100-200," set up IP range of 172.16.0.100 to 172.16.0.200 with a length of 24 and subnet mask of 255.255.255.0, set lease duration to 8 hours, "Yes" to configure DHCP options, add 172.16.0.1 as default gateway, use 172.16.0.1 as DNS IP, no WINS server, and finally activate the scope and right-click dc.mydomain.com to authorize the DHCP server

  12. In Server Manager, click "Configure this local server," click "On" for "IE Enhanced Security Configuration" and turn it off for users and admins

  13. Open IE and download PowerShell script to add users, extract folder on desktop, open "names" txt file and add own name (Daniel Lonsdale) to the top of the list, run PowerShell ISE as admin, open "_CREATE_USERS.ps1," run "Set-ExecutionPolicy Unrestricted" in console, cd in console to script folder with name list, run script

  14. Return to VirtualBox, create new "CLIENT1" 64-bit Windows 10 VM (2GB RAM + 2CPU cores) with internal NIC

  15. Run client VM and install Windows 10 Pro without a product key

  16. In Windows client, test internet connectivity and configuration in cmd, then, right-click start button > system > rename this PC (advanced), > Change > name computer "CLIENT1" and join domain "mydomain.com," login to domain with "dlonsdale" account created by PS script


Further Experimenting:


PowerShell Scripts:

+ Generate 1000 sample users from "names.txt" file with the password "Password1"

# ----- Edit these Variables for your own Use Case ----- #

$PASSWORD_FOR_USERS = "Password1"

$USER_FIRST_LAST_LIST = Get-Content .\names.txt

# ------------------------------------------------------ #


$password = ConvertTo-SecureString $PASSWORD_FOR_USERS -AsPlainText -Force

New-ADOrganizationalUnit -Name _USERS -ProtectedFromAccidentalDeletion $false


foreach ($n in $USER_FIRST_LAST_LIST) {

$first = $n.Split(" ")[0].ToLower()

$last = $n.Split(" ")[1].ToLower()

$username = "$($first.Substring(0,1))$($last)".ToLower()

Write-Host "Creating user: $($username)" -BackgroundColor Black -ForegroundColor Cyan

New-AdUser -AccountPassword $password `

-GivenName $first `

-Surname $last `

-DisplayName $username `

-Name $username `

-EmployeeID $username `

-PasswordNeverExpires $true `

-Path "ou=_USERS,$(([ADSI]`"").distinguishedName)" `

-Enabled $true

}