Setting up an Active Directory (AD) Home Lab

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hey everyone jim here and in this video i'm going to show you how to set up an active directory home lab active directory is a common service used by most businesses and organizations around the world by setting up an active directory home lab it's a great way to learn more about the service and improve your it skills in this video in particular i'm going to be doing this within a virtual environment specifically within vmware workstation i'm going to be using the latest and greatest operating systems so server 2022 and windows 11. i do have other videos showing you how to get started with vmware workstation in windows 11 on my youtube channel so if you're not already sure how to do that feel free to check out those videos and i'll also post them in the section down below so in order to do this we need to be able to run two virtual machines at one time so you need to have a host computer which can do that now ideally i'd recommend having a host computer which has at least 32 gigabytes of memory eight cpu cores 100 gigabytes of free space available on a solid state drive and i know that seems like a lot and it is so if you don't have a computer that has those specifications it's okay you can try this with less and your experience is gonna vary you could probably do this with as little as 16 gigabytes of ram but it's going to be slow so we're going to be running two virtual machines one's going to be the server 2022 vm which is going to host our domain controller and that there's going to be a windows 11 desktop which is going to be joined to our domain i already have the installation media for both of those downloaded i grabbed them off of the azure portal if you don't have access to the azure portal uh you can find them online as well uh windows 11 and server 2022 those isos are available on the microsoft website so i got those guys downloaded and if you haven't worked with a virtualization before i do have a couple of videos posted on my youtube channel to get started with both vmware workstation which is what i'm using today and virtualbox um that you can take a look at and those also cover how to install and get windows 11 set up so let's start by making my windows server sorry windows server 2022 vm so it's like a new virtual machine typical is fine say i will install it later select microsoft windows and now for this i'm going to select server 2019 and that's because there isn't a and there isn't an option for server 2022 so as microsoft releases new versions uh vmware will update their software but it takes them some time so if you notice that the version of the operating system you're trying to install isn't in the list try selecting the most recent or the closest version that you can in my case this is server 2019. now i'd recommend naming your virtual machine the same name as you're expecting it to have within windows typically with a domain controller i keep the letters dc in the name so that way if i'm just looking at the computer name on a list as an example it's pretty obvious to me that the server's purpose is a is a domain controller so i'm going to call this uh infost dash adc so it's going to be a information studies active directory domain controller so we'll name it just like that we can leave the leave the maximum disk space set to 60. that is definitely fine and then we're going to customize it now ideally i'd say eight gigabytes would be kind of on the minimum side 16 would be even better but if you are under constraints if your if your computer at home only has like 16 gigabytes total and you have to split these up to be smaller you could give each virtual machine like six gigabytes and that would be fine or even eight gigabytes and that might be okay and play around with it see how far you can get another thing i like to change is processors i'd recommend getting the total processor cores up to four uh you can do that by selecting two and two or by selecting four and one it doesn't matter what combination you use but get getting this number to four is good if your computer has at least a quad core cpu if not better and then for the dvd now we selected we are going to install the operating system later so we want to make sure that we attach the iso image and i already have it downloaded and in this folder so i will find server 2022 and we are now all set so click finish this is going to make the vm and i'd recommend booting off booting into the firmware so you can just easily or more easily try to boot off of that cd so right click say power and say power on to firmware so from here we're going to want to select sata cd-rom and when i hit the enter key on my keyboard this is going to go very quick and it's going to say press any key to boot off cd dvd drive and when that occurs hit any key on your keyboard and so it'll boot off of it if you miss it it's going to say efi network not found essentially what that means is if it can't boot off the cd it's going to try booting off of a network because there's nothing currently installed on this machine and it's not going to work and it's just going to ask you to restart the machine so restart it again or power back into firmware if you need to i'm going to attempt not to miss it so i'm going to enter hit enter again and now you saw it said loading files and we see windows the windows installer starting to launch now as i'm doing this you'll notice that my cursor has gone away if you have issues getting out of this vmware terminal you can do control alt on your keyboard and that'll free it up as well that's known as breaking control from the console i'm actually going to close out this little yellow tooltip and we can install this now if you've installed windows before this installation process is going to be almost identical the installers for windows server and windows desktop are more or less the same so click next click install now you'll have to enter in a product key or click i don't have a product key you'll have to accept the terms so we'll go ahead and do that now if you want to license this you can if you're just going to be testing this kind of temporarily you don't have to put in a key in so i'm not going to do that and i will have to accept license agreement in a second and okay now at this point you want to make sure you select a desktop experience it doesn't matter if you select the standard version or data center version but if you don't select desktop experience you're not going to have a desktop it's going to be just the command line environment so definitely want desktop experience again for the purpose of this demo it doesn't matter whether you select data center or standard i'll just leave data center selected with the important piece which is desktop experience and then we'll finally accept those terms and then we'll say custom and we'll say next to install it onto our empty hard drive so this will take anywhere from like 10 to 15 minutes to install it's going to be dependent on the speed of your host computer my computer here at home is fairly fast so for me it'll be about 15 minutes but even though this is going to be going for 15 minutes it doesn't mean that we can't multitask so we can start the next step of this as this is running in the background and that's going to be to set up our windows 11 desktop which will be joined to the domain so let's go ahead and make yet another new virtual machine we'll say i will install the operating system later i will accept windows 10 and later again this is going to be windows 11 so this is the closest option so we're going to go with that one and i'm going to call this infost dash pc1 click next and the reason why i'm doing this is eventually you might want to have a second pc or a third pc just for testing purposes um the home lab can be really useful for testing active directory configurations or active directory add-ins or for doing like any like any cyber security exercises like if you wanted to try doing like an ntlm relay attack this would be a really good environment to do that in so in those cases you need even more machines up and running so you would have to you know increment it and have you know pc234 and so on 60 gigabytes for the maximum size of this is also fine and we want to make sure we click customize so just like before we also want to increase the memory and the cpu cores the big difference though with windows 11 is you need to have encryption and a tpm module installed so we can go ahead and we can add in the tpm module right now i'm so clicking add go into uh where did it go tpm stands for trusted platform module and i can install it right now obviously i have to encrypt it first which is okay so click close click finish make this bigger now i will go into edit the machine go in and turn on encryption and that is under go access control go into encrypt give it a password encrypt and now i can go into hardware and add in the tpm and again it stands for tpm trusted platform module and now i might think i'm done but one last thing i forgot to do which is attaching our iso file and that's for windows 11. and i can power into the firmware right click power on the firmware and just like before boot off the cd making sure to quickly hit the enter key a second time so the installation actually gets kicked off so this is going to be almost identical to the windows server installation as you're gonna see so the amount of time that it takes is more or less the same and this interface is pretty much identical so click next click install now you can say you don't have a product key unless you want to license it in that case put in a key now for this it does kind of matter which version you select the home versions of windows 11 are not designed to be joined onto a domain as i started this video i mentioned that active directory is used by most businesses and organizations it's typically not something you're going to run out your house unless you happen to be an i.t person like myself then you might run a domain controller but it's typically not for home so you want to make sure you select at least a pro or higher tier of windows 11. so windows 10 11 pro would be fine windows 10 11 education would be fine and if you have the option for enterprise that would be fine as well the home version is not going to have the functionality built in at least i don't believe it does and i would also avoid these n versions they're designed for the european market so i'm just going to do windows 11 pro and we're going to go ahead and select those licensing terms and say ok select custom select drive 0. that's unallocated and just like windows server it's going to install windows 11 and the process for this again will take about as much time as windows server did which by the way i'm guessing is probably now done look at that uh great so we need to now set a password for our administrator account on windows server this is where things look a little bit different from windows 11. with windows 11 the setup process is going to be different than this so let's go ahead and set a password to select a more complicated password i guess one second there it goes cool alrighty so here we are now there are some things we're going to want to do to this and there is quite there's quite a list of things you want to do we have windows server 2022 installed but at this point it's kind of like a very much vanilla unconfigured windows server install and if you don't if you didn't already know this windows server by default is kind of like a a very vanilla empty operating system and by by intention microsoft doesn't put a lot of tools and utilities on windows server by default unlike what it does for windows 11 so you're not going to find like the xbox app installed in here and the weather channel app that stuff is not going to be in here by default by default the windows server is like a very kind of stripped down operating system but the cool thing about that is you can take windows server and you can turn it into a fully functional web server or a domain controller or a dns server or whatever you want so there's a lot of really cool things you can do to take this very vanilla blank operating system and change it into whatever or better customize it and convert it to be a best server for whatever your needs are so right now it's pretty empty pretty blank so we need to essentially prep the server to become a domain controller so what we first want to do is install vmware tools so to do that you can right click on your server and say install vmware tools what this is going to do is this is going to allow your virtual machine to i guess work better as a vm without vmware tools installed it's going to make it difficult to copy things between virtual machines or copy things onto your host computer or copy and go back and forth it adds a lot of nice quality of life improvements and also helps with scaling and resolution which is going to be the biggest help i think for this video as you're going to see so i said install vmware tools and now this pop-up had popped up so i can click on that i can say run and this is going to start the vmr tools installer okay so you can just click next next next and install when this is done it is going to ask you to restart the server but just you just want to abstain from that for a minute because there's going to be a couple other things you want to change before we reboot this device otherwise we're going to be rebooting this like 10 times because pretty much every step we're going to take here is going to require a reboot so i want to try to avoid the reboots if i can just to save us a little bit of time oh and there we go so you can see now how the resolution is like 100 times better already it just automatically filled in my empty window within vmware workstation so i'll say no to the reboot i'm going to close that out and the next thing i want to do on this guy is change the computer name so if you search for a pc name or name it'll probably come up with view pc name on windows settings which is great and you want to rename this pc by default windows tends to give very generic computer names and it's not going to make any sense to anybody else that's looking at devices on a network so you want to give it a meaningful name so i'm going to rename this and my general recommendation is typically to name your virtual machine the same name as what it is in like vmware or virtualbox so i will copy that name of info st adc and click next and we'll give it a second and again this is going to want us to restart i'm going to once again to say restart later all right so now the next thing you want to change now this domain controller is going to also act as a dns server it's going to hold essentially a fictitious domain for a domain name that doesn't exist so we need to have dns services running on this and what that means we're going to have to do is we're going to have to point our computers the pc1 or pc2 or whatever computers that are joining this to the domain we want to make sure that they're pointed to the server for dns services now by default most computers are going to be set to use dhcp and generally that's fine but if you're a domain controller and you're serving out dns you don't want your you don't want your ip address to change randomly because it will break your networks you want to set a static ip address so now to do that we can do that within control panel and you can go into network and internet and we can adjust it from dhcp and we can set a static ip address the issue however is going to be is because they're running this within vmware with a nat configuration is we don't know what ip address we should use so what you can do is open up the command prompt enron ipconfig and you can see this is on a 192.168.75 network and the default gateway is 75.2 so what i'm going to do is i'll just keep it the same ip address that it currently has so 192.16875.130 and i'm going to go in and set this to use a static ip address now you don't want to copy my ip address you want to make sure you check to see what network your machine is configured to be on because yours might yours might not be a 192.168.75 network you might be at 192.168.55 network you don't know and if you uh type in an ip address that's not going to work for the network configuration well this whole thing is not going to work and again that default gateway you might be tempted to do 192.168 dot one dot one that's not going to work and then you might be thinking okay okay you're right it should be seven five dot one and i say that's still not gonna work you wanna pay very close attention to how your configuration is set up and the default gateway should be 75.2 so just like that and you would want to set this dns server address now to two different things you first want to set the primary address to be 127.0.0.1 this will tell the server to reference itself for any dns query so when you are querying this fictitious domain we're going to set up it's going to be able to resolve from itself so we're going to leave that to the local loopback address and then for the second one i'd recommend just setting a public dns server so you can just query just general things on the internet so like quad it's 8.8.8.8 which is google's dns server okay so at this point um we are ready to reboot this machine so i'm going to go ahead and restart it there's also some other things you could do at this point as well if you wanted to like enable remote desktop you could do that or anything else you wanted to do on the server you could definitely do that so this is gonna go and restart and when that's when that's when this is rebooting um we'll let that happen and we're gonna hop over to our desktop computer so this is that windows 11 computer we had just set up and it's ready to have the configuration finished so we can go ahead and this is going to be a new interface for those of you that haven't set up windows 11 before this has actually been changed quite a bit from windows 10. so click yes i'm in the us i'm clicking yes obviously if you're somewhere else in the world feel free to complete this for what with whatever information makes sense for you and it is kind of nice that microsoft will check for updates as you're installing the os because a lot of people have old or stale installation media so this is kind of a nice perk let's give it a second or two for it to query windows update and all right so that step actually took about five minutes to complete i just paused the video as it was getting updates ready um and we're now at this screen so what we're going to do is we're going to set up for worker school now you might be tempted to say set up for personal use but because we're going to be joining joining this to a domain which is typically used for enterprises or for work we're going to select this option so click next and microsoft has been really pushing their azure services having everything cloud connected and cloud is obviously the future in yada yada yada however because this is a lab environment i'd recommend not attaching this to a microsoft account unless you are are testing things with azure active directory or or similar so to get to to get around this what you can do is say sign in options and then say uh domain join instead and then we're going to give our account a name so i'm just going to give an account i'll put in my name so i'll do jim and i'm going to create a password and we have to create security questions of course i hate that it has you do the security questions when you make a local account like this because um i really never pay attention to the security questions or use them and this local account is going to be more more or less not needed after we get this joined to the domain okay a little bit bigger for you all uh and you can choose your privacy settings i'll just leave this as is for now if this was a real computer i might decide to like carefully read over those and probably turn most of them off but this is fine again for a lab environment purpose so it's going to check for updates once more and then restart and it's going to boot into the login screen for us now this process is known as the first time login the first time you log into a system it's going to take a little bit longer and that's because it's going to essentially create a profile for you on the system it's going to take a default template and make a copy of it and this template is usually a couple of gigabytes in size so when it does it it's going to be it's going to be a little bit slow for the first time you log on to a system but the second the third fourth fifth however many times you log in after the first time it generally is faster unless your profile gets corrupted or deleted um or if something else happens to it then it has to recreate it so i'll just let this go for a second and as it's running um we can just hop back over to our server and we can we can just continue work on that over here so our server is going pretty good we have a base server 2022 installed and we have now the ip address and dns configured with a valid pc name so what we're going to do is log into our domain controller and we're actually going to make it into a domain controller i think as i mentioned before by default uh server 2022 is like very like vanilla there isn't really like anything installed on this very plain so we can convert this into a number of various servers the way that you would typically do this especially for microsoft services is you would use this server manager this essentially allows you to take this blank install and convert it into something that is more useful so what we're going to do is we're going to click on add rules and features and this is the area where you can choose to like turn your domain controller into or change your windows server into a domain controller or change your windows server into a database server or whatever you might be potentially trying to accomplish so i'm going to go ahead and click next this is going to be role based and we're going to be doing it on this physical local server we're going to select the server and here are all the various things that you can install there's a lot in here and it might not very be very obvious what all these things are supposed to do after you get more and more experience in the it feel this stuff will become more obvious the one that you're going to want to install to get to get active directory working is the active directory domain services so you click on this and it's going to say hey in addition to installing that we also need to install these other things do you want to continue and you want to say yes add features so then click next click next click next click not next but install and it's going to install that role so this is going to take a few minutes probably like 10 or 15 minutes and once this is done uh it's not quite installed yet so the server will be converted into a domain controller but it's going to be once again an unconfigured domain controller so we actually have to either join it to an existing domain and we'll talk more about that in a minute or you're going to be able to create a new domain which is what we're actually going to do so as this is running in the background i'm just going to hop back over to our windows 11 desktop and let's just see how we're going so as you can see we have now been dropped into the windows 11 desktop environment and we are pretty close to being able to join this thing to the hypothetical domain we're about to set up but there's going to be a couple other changes we have to make so just like our domain controller we're going to number one want to change the computer name and then number two we're going to want to uh set the dns on here to point towards the domain controller that we are currently configuring so let's take care of the computer name first um just like windows server you're going to go into uh into uh the search bar and just type the computer name and the view your pc name box will pop up within windows settings and you can change your computer name from this generic desktop name to something more meaningful and again my recommendation is to follow the name of the virtual machine so infost dash pc1 as usual it's going to ask us to restart and we're going to say no then we'll configure the the dns address so we're going to set this to be over here and for this we don't need to set a static ip address so it's fine to leave this top option selected to automatic but for this bottom one for dns we are going to set this statically so you want to put in the ip address of whatever your your domain controller is and ours if you remember correctly is 192 168 75.130. and i'm going to double check that because if this is wrong it's not going to work it's not going to be able to contact or resolve our domain over dns let's go back command prompt and just do ipconfig double check that and it looks good and just like for our domain controller i'd recommend setting the second address to be something that is resolvable to the internet so like google's 8.8.8 for google's dns services close and close okay so we're just about done there is one other thing i forgot to have us do which is install vmware tools so you can right click and say install vmware tools or since i have this dialog box up i can just click install vmware tools right there and just like before we are going to go in here and install vmware tools and i will mention as you're setting up these machines to test it's really really important that any account that you create has a password because if you try to to set up the active directory domain services on a domain controller with an account existing that doesn't have a password it's not going to work i've done this before where i'd set up a windows server domain or sorry a windows server server domain controller and i would make the admin account without a password just out of habit just because i was trying to be quick and dirty just to get this thing up and running to test and it does not work without a password so make sure you set passwords for all of your local and domain accounts otherwise you're going to run into issues [Music] cool okay so click next next install uh and just like with our domain controller the install process will take uh just probably a minute or so and it's gonna ask for the restart because this is the last thing we need to install on here um we can go ahead and give it the reboot when it requests it and we'll let this reload back into windows 11. all right so the installation just finished and now we can give it the reboot so that'll take just a second and as it's happening we can hop back over to our domain controller and as you can see that the domain controller has been installed so now our windows server is now a domain controller but it is still unconfigured so the way this works is most organizations that run active directory they're not going to have just one domain controller they're going to have multiple and the reason for this is if your domain controllers go down then no one is going to be able to authenticate or log on to most things on a network so you can imagine that would be like a really really bad outage if your domain controllers went down folks wouldn't be able to log on to computers they wouldn't be able to print they wouldn't be able to log into websites pretty much the entire network would be down if your active directory environment goes down so what most organizations will do is they will have at least at least two domain controllers and these domain controllers and these domain controllers will replicate with one another so if you need to do maintenance or if there's an outage you can safely take a domain controller offline and that second one will still be online to handle any of those authentication requests and keep the domain up and running additionally most companies will also have domain controllers at remote locations so if you think about something like a bank where you have lots of branch offices um a lot of times they'll have a domain controller at that location because if there is connectivity between a branch office and a headquarters that would also prevent anybody at those branch offices from being able to log into anything if the network goes down between them and their branch office so in order to improve redundancy and reliability it folks will oftentimes put a domain controller at those branch offices so if there is any internet issues or general network issues between them and their headquarters they can still log on and do work that being said for homeland purposes um to get up and running just having our one domain controller is fine but the reason why i explain that is you're gonna have the option now to either take this unconfigured domain controller and join it to an existing domain which is what a lot of people will often do or you can create a new domain which is a little bit uncommon because most people have a domain and they just have one domain and once it's set up it's set up forever so this is something you typically would do like in a home lab or if you have the pleasure of starting a new domain for a business which would be kind of cool to be able to do now to do this in your server manager you can go ahead and click on this little exclamation mark where it says we have a notification and then say promote the server to be a domain controller when you do this as you can see you can create a new domain or you can add it to an existing domain or forest and this can also get a little bit more complicated because instead of having just one domain within a company you can have more than one domain and a good example of this is let's say i work for milwaukee tool and let's say milwaukee tool buys out dewalt so both huge companies one company is going to assume the other company what happens to dewalt's active directory environment well you could move everybody from dewalt into the milwaukee domain but that would be a huge process that would take a long time and be very complicated so what a lot of companies will do is they will essentially keep both domains around so you might have a company that has two domains from two different eras or purposes but they're going to be under the same roof and that's called a forest and we've also seen this done oftentimes at school districts where each school might have their own domain but maybe the district has a forest that's another common way to do it so there's different ways you can structure it what we're going to do is we are going to create a new domain so we are going to add a new forest and for this i'd recommend keeping your domain name the first part of whatever you had named your server and your desktop computer so i'm going to call this the infost domain so info st and if you own an actual domain like if you go to a domain registrar like google domains or godaddy or network solution and you buy a.com or org or whatever you could use a real fully qualified domain name that's resolvable on the internet for your actual domain name but that can create some issues and it can be tricky to manage and it costs money so for home lab purposes so for learning i'd recommend just creating a fictitious domain that doesn't actually exist so i'm going to call this infost.local dot local is a tld or top level domain name that is oftentimes used for testing it is not something that's actually going to work in the real world so i'm going to go ahead whoops and click next i lost my wizard box where did it go just going to minimize that here it goes okay so click next at this point this will take just a second or two which is fine and we are going to just leave this alone this functional level would be as if you were trying to decide if you were going to add this into another domain if you're going to add a note if you're going to add another domain controller into an existing domain you can decide on what level your domain is going to operate at this is important because let's say you have a domain with 50 domain controllers this could be at a large company it wouldn't be unreasonable to have 50. it's a lot but it's possible you can only operate your domain at on essentially the highest level of your your oldest operating system so if we're setting up a server 2022 domain but we still have any server 2016 domain controllers laying around uh the highest operating level we can we can we can run at is going to be server 2016. until they're all done and after that we can move them to a higher level so i'm going to leave it just that 2016. that's actually the latest they haven't made a whole lot of changes they used to change like every major os thankfully i think that they have stopped that so i'm going to leave this as is for now um and you do need to create a password and it's important you don't forget this password um typically i would name this password and make this password the same password as my admin account um that's kind of bad security practice in the real world you wouldn't want to do that um you would want to make it something different but that's what i'm going to do so do that i might have had a typo there let's see if it accepts it cool and it did all right so then click next this will take a second as well you can just wait for your netbios name to pop in and i would recommend not changing it just leaving it to be as the default infostm and for the past we're going to leave this alone as well now there's a reason why you might potentially want to change this so bigger companies that have you know hundreds of thousands of users lots of scripts add-ons and such within their domain um you might start to fill out fill up these directories this is essentially where the database for active directory is going to be stored and this by the way uh will be replicated to other domain controllers so you could have an issue if number one um your hard drive was not large enough like let's say you had a domain controller that had multiple drives if you're storing these database folders and files on your c drive and that fills up well that's going to cause an issue for your domain controller so you might want to be mindful about where you're putting this you could allocate it to like a different external drive or some faster storage because these files are going to be extremely important that are going to be located in these folders but for home lab purposes i'm fine just to leave these as they are next and you may see some warnings in here and that's okay the warnings are generally nothing you need to worry about but if you see any errors those are going to be things you want to address so let's just take a look to see what happens again some just general warnings which are fine so i'm going to click install and it is starting we have a couple more warnings here but that's okay and as as per the usual this process will take another 10 or 15 minutes uh so we're just going to let this run once again in the background and we're going to move back over to our windows 11 desktop and we'll just see how it's going and we can continue the process in here so with our windows 11 desktop at this point you're going to want to log in as your local account and you're going to want to make sure that your dns server is still set to point towards the domain controller occasionally those network settings will get reverted or reset that's going to be a problem and in the real world if you're going to set up a domain controller for like a company or a business your your actual real dns server within your organization would handle this so your computers would just automatically have those dns information but again being a home lab we're going to kind of set things up kind of in a shoestringed fashion so just doing an ipconfig slash all just to make sure that our dns servers are set correctly so here is our first record which looks correct and our second record which is great so this looks good and this is now ready to be joined the domain but our domain is not quite up and running yet so we're just going to hold off on our windows 11 box for a little bit longer and move back towards our server it looks like it's automatically restarting on its own which is which is fine so we'll let that go for a second or two yet this restart i think should be relatively quick but it might go into a windows update looking screen and that might take once again another few minutes for that process to finish and i keep saying this but again really the more memory and the faster processor and hard drive that you have on your host computer the faster that this is going to take so if you're trying to quickly learn having a fast modern computer makes that uh process a lot easier i i can't tell you the number of students that i've talked with that have you know either only like access to a chromebook or like a you know a 10 or 15 year old computer and i know finances can be tight but it just makes learning so much more difficult and challenging and just takes so much longer so if you do have the funds to buy a nicer computer to learn this stuff i would definitely recommend it and this is that uh windows update looking screen as i was mentioning again probably you know 10 or 15 minutes at most maybe faster if you have a nice computer so i'm going to just pause my video here for a second as this finish finishes installing a computer configuration and i'll let you know when that's done and we'll jump back to it okay so that ended up only taking i would say maybe like two or three minutes to finish so at this point i can sign back in and you're going to notice a change so what looks different here is we have infostee slash and if you ever see this as you're trying to log on to a windows system this would typically be a good indication that the system you're trying to log on to is on a domain this is the domain name infost our domain name is officially infost.local but microsoft will often just abbreviate it infost or wherever the main part of your domain actually is so if you forget what the main part of your domain is if you needed it you can go into other user and then if you say how do i sign into another domain this may sometimes tell you if i click in here too if i go into dot slash it may tell you what the actual full domain is looks like it's not doing it right now which is fine but anyways so i'm gonna sign in with my admin password that i had set um this is the password you had set as you were creating um your admin account in the active directory setup so i believe that is my username and we are now on our domain controller uh just like with our windows desktop i'm going to actually just double check my dns settings on here sometimes those get changed as well after after this is up and running you don't worry about it changing as often but when you convert things to be a domain controller sometimes it'll mess with the dns settings as well so if you do ipconfig slash all that will tell us that we have our dns server and as you can see it looks like it kind of messed up things because our dns server currently only has localhost listed and we really want an external dns server as well so that way if we need to like query like a real website on the internet we'd be able to do that so as usual just go into control panel and go into the network and internet and find your uh your network adapter i'm going up right there and right there and this is going to be pretty easy to fix and i don't know why i cleared it out but we just add back in 8.8.8.8 perfect okay so now that we have made this into a domain controller i'll explain how you can actually manage the domain if you click on this start button here you're going to find windows administrative tools and these are tools that when you promote it when you uh install the active directory domain services and promote or configure a domain controller to be a member of a domain that's when these are going to show up on the domain controller now most it professionals don't connect directly to to a domain controller to manage it instead they're going to manage it remotely so you can also install these tools on a computer so if you're an i.t administrator you can install these right onto your your windows 11 desktop and you can remotely connect to your domain but because this is a home lab we're just going to open up these tools and use them directly on here and as you can see there is a lot in here active directory is a huge service that has a lot of a lot of potential a lot of different things you can run within it i will mention though i'll mention probably the three most important so first off we have active directory users and computers we have dns and we have group policy i think of those as kind of the three most uh the three most important parts of active directory so when we installed active directory domain services it wasn't just active directory but a whole bunch of other stuff also got installed a good example is a dns service that also got installed as well so this is using microsoft's dns service if you wanted to like if you already had a dns server running at your company or within your organization you can use that instead you don't have to use the the built-in active directory dns just because microsoft installed it and wants you to you could offload it to somewhere else but that's on here within active directory users and computers this is where all the user accounts and all the computers that are joined to the domain are going to be kept track of by default you don't see any computers in here because this is an empty domain by default for users though you do see quite a few things you see users here and then all these different groups down here there are a couple of different groups that are created by default by the domain and these are for various purposes but the only active user that's actually able to do anything currently is our admin user that is right here and then finally we have group policy this is really important because this allows it administrators to control how devices operate on a network like as an example if you've been into like a computer lab or a public library you'll notice that oftentimes they're fairly locked down you can't do things like change the wallpaper install software those things are restricted and the way that those restrictions are oftentimes handled is by group policy within group policy you can do pretty much anything from like lock users out of access to the control panel to set a specific wallpaper there's a lot of functionality in here pretty much anything you can control or configure via the control panel you can configure via group policy now as i say this and i explain all this all these different things that you're seeing within these control panels these are all referred to as objects so we have a computer folder object this is known as an organizational unit we have a user objects such as administrator we have group objects such as this group down here and these objects can be created and serve different purposes to do that you can just right click and you can say new whether you want a computer a group whatever it might potentially be and you can make things in here we will go back into this in a little bit but i don't want this video to get too long so i'm not going to do a deep dive in active directory today this video is more or less just to get your home lab up and running so just wanted to give you kind of an overview of some of those things now let's go ahead and we're going to join our windows 11 computer to this domain so to do that what we need to be able to do number one is we need to make sure that we can resolve our domain controller from this computer this is made a little bit more complicated because we're using a fictitious domain infost.local that isn't actually resolvable outside of our home lab so this is where a lot of people have issues but let's give it a try so what i'm going to do is try to make this a little bit bigger so it's easier to read and i am going to try to do nslookup which is going to allow us to test our dns capabilities to resolve infost dot local so as you can see this is a good sign we were able to query it and it was able to return its ip address which is great and we might even be able to ping it so let's try it ping infost.local so that's great we get a reply now if you can't ping it and you can't resolve it well you could just have a weird firewall issue so you can take a look at your firewall configuration but realistically most of the time when i've seen issues it's because dns isn't working so double check dns make sure it's working active directory is very reliant on dns so to join this computer to a domain now you can search for domain and it's going to say access worker school so feel free to select that option we are then going to connect this to worker school you are going to join this to a local active directory domain uh microsoft really wants you to use their online azure services so we're going to say we're just going to bypass all that and now we can type in our domain name so info st dot local so again if you get an error message at this point it's because dns isn't working is is i would say the most likely scenario so feel free now to type in administrator and the password that you had set and go ahead and say make administrator and administrator and restart now and now our computer will be joined to the domain and i'll mention that restarting your computer is a necessary part of this if your computer doesn't restart and you try to start managing it from the domain it's not going to work that restart is absolutely necessary so this will happen pretty quick and when it comes back online you are now going to be able to sign into this machine using a domain account and this is again how most people will use computers and businesses if you go to like any computer at our university as an example um you could sign in any computers using your using your university credentials you don't have to have an account for every specific computer same thing at your place of employment i bet if you you know work at a big company you could sign into most computer just by sitting in front of it and typing in your company's credentials domains provide a lot of the functionality to be able to allow you have one set of credentials and have it work anywhere so if i were to try to log into our windows 11 computer using the domain credentials for administrator it's going to work just like that it's going to allow me to log in to the workstation as i mentioned though this process will take just a second or two for the first time log in it's going to be a little bit slower and any subsequent logins will be faster let's give it a second to finish and here i am so i'm just another user now on this system and i can do things like make folders and files and i can do whatever i want and i can log into any other computer that's attached this domain and do whatever i want as well so as an example now i'm just going to sign off of here so what i'm going to do is within our domain now i'm going to go into active directory users of computers and when i click on this computer's organizational unit that's what you call a folder within here it's called an ou or organizational unit you're now going to see if i hit the f5 button my computer that shows up in here so i can do different things with it in addition i could also create additional user accounts so i'm going to actually make a new user account so right click and i'm going to say new user and i'll make a user for um let's pretend my wife claire is working at infost so we can do claire c-l-a-i-r-e okay schultz and our epen their id cd ailers and from here you can give some other options so a lot of times the it staff will set a password and they'll say okay here's your password and you need and you have to change it after you log in because i don't want to know your password and user will say okay yeah no problem i promise i'll change it and they take their temporary password and then promptly keep it and use it forever they don't actually change it so you can force people to change the password at next login you can create accounts that are currently disabled so you can unlock them later for like future purposes you can create accounts that can't change their password or where the password doesn't expire this would be helpful for a user account i'm just ask some examples so you can also set password requirements as well on your domain these are configured in group policy so by default they're they're quite strong so i'm going to set a stronger password here still not strong enough okay i'll try it once more and i'll make it so i don't have to change my password when i log in next time passwords do not match jeez i swear like passwords are like the bane of like most people's existence okay yeah there you go so now i made an account for claire and if claire wants to log on to this computer we have now on our domain she can log on to not only this computer but any other computer and that's pretty straightforward to do you just click other user type in your user's username and i can log in as claire so um let's say uh for let's say for whatever reason claire wanted to change your name so if you wanted to do that you could also do that quite easily to centrally so if you ever had to call your iq help desk and they had to help either like change your password or reset your name they're probably doing it through active directory users or computers i can go in here and set a new password or change things like a name and as you go in here you're going to see a lot of different fields for a lot of other information so active directory by by default or kind of from the beginning is meant to be a directory service it's most it's meant to keep information about employees and personnel so this has information to keep track of not only like username and password but also things like office location email address webpage telephone number and much much more all this stuff can be stored with an active directory in fact if you go into here and enable the advanced features and you were to then go to look at an account let me see if i can pull clear once again or even this one's fine you're going to see there's even more stuff now you can get to more details and if you go into attribute editor where did it go at least that thought it was somewhere in here attribute editor right there you can see these are all the various fields that can be stored in a user object with an active directory there's a ton of stuff most of these by default are not set but there's a lot of stuff in here it keeps track of a lot a lot of stuff and this can be really useful because even things like last login as an example are tracked so right here as you can see this is helpful from an it perspective is let's say someone's like yes i've been showing up at work every day at 8 am and working and let's say you have a supervisor that has suspected that a person was not actually showing up to their office on time you could look to see um okay well when when when they when did they last log in right and you could see well was it at eight o'clock or was it some other time so that information is helpful to have in here same thing for computers as well there's a lot of good attributes in here as well if you wanted to know like has anybody used this computer in the past year you could see the last person that was that logged into it or the last time period what operating system is being ran a lot of other valuable things as well so in order to keep this video i think to a more reasonable length i'm going to wrap it up for now my hopes is eventually i will have a video kind of going over the basics of active directory so we'll dive more into things like uh group policy and managing computer objects but um that'll be for that'll be for another video so i hope you enjoyed this video um if you like it feel free to give it a like subscribe to my youtube channel and sign up for notifications by clicking that bell icon and as always just feel free to leave me let me know if you need anything or have any questions and i will talk to you later

Info

Channel: Jim Schultz

Views: 30,888

Rating: undefined out of 5

Keywords: Active Directory, AD, Microsoft, Windows 11, Server 2022, VMware, Home Lab, Testing, Server, Domain, Domain Controller, Group Policy, DNS, Domain Name Sever

Id: aqA6bktFHoY

Channel Id: undefined

Length: 54min 48sec (3288 seconds)

Published: Thu Feb 03 2022