Windows Homelab - Creating a Domain Controller-DHCP-DNS Server Part 1

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

greetings people of the internet hunky joe here hunky joe's playhouse i got a fresh cup of coffee so you know that means there's going to be trouble yeah today we're starting a new series of videos called the home lab series and let's get it started right now i'm gonna drink my coffee so windows home lab yeah for those of you out there who want to practice play around with microsoft and get familiar with domain controllers and what they do and how they do it dhcp servers and dns and all that stuff i don't think people stop and realize how powerful microsoft windows server operating system is i mean it's all it's all of the stuff in one operating system uh linux is the same way but as you know i'm a windows guy i'm a gui guy i'm familiar with the windows so what i want to do is share my experience with you on setting up a complete domain controlled environment for windows including workstations and including windows 7 workstations windows 8 maybe and definitely windows 10. and then showing you different things uh how to how to manage these operating systems how you would do it in a small to mid-size business or in the enterprise level now i'm a big fan of windows i'm also a big fan of linux doesn't mean it can't be done in linux but i just find it's easier to be done in windows now i'm going to use windows hyper-v and i've got hyper-v loaded on one of my enterprise level servers the dell r720 now that has dual uh intel xeon processors in there only 32 gig of ram but it'll give us a good idea of how how performant hyper-v is even even with that small amount of ram and what we're going to do is we're going to go through and we're going to set up a couple of domain controllers on there so that we have redundancy there then we're going to set up workstations and i'm going to take you through the process soup to nuts beginning to end and tell you about some of the things i've learned about windows server along the way and we're going to do all this on windows server 2019 under hyper-v and we're going to talk about shared storage i'm going to show you how to set up your shared storage with your synology and as or whatever other nas you decide to use we will uh we will talk at some point about connecting up shared storage on things like uh true navs uh and perhaps even on uh unraid just depends on what kind of mood i'm in now this is not gonna be on any regular type of schedule in other words i'm not gonna put out a windows home lab video every week it might be every three weeks four weeks it might be once a month but you'll know it's part of the home lab series because it'll say windows home lab part whatever with the description next to it that's how you'll know i'm putting out new videos on the windows home lab and just because i'm calling it the windows home lab that's because i'm running hyper-v as my base hypervisor but it doesn't mean i can't run linux machines under there it doesn't mean that we won't be spinning up a linux server to show you just exactly how flexible windows server 2019 and hyper-v are and how powerful they are now a lot of people are under the un under the impression that you need to pay money to run a windows server and uh in a commercial environment you do you need to pay your licensing fees to microsoft but microsoft has an evaluation version of all their software and windows server 2019 is no different you can load the evaluation software of windows server 2019 for 180 days and then it'll start nagging you that you need to buy the software however you can re-enable that trial for another two times a total of three so for example give you a kind of example that's about three years of use you can have in your home lab microsoft doesn't have any problem as long as you're not selling this using it to sell a service to somebody microsoft does not have any problems with people running the trial version of their software in home labs in fact they encourage it and i encourage you to learn it as well now you'll hear a lot of talk around here oh the vmware no xcpng no proxmox no vmware no citrix no whatever learn them all that's the message i'm sending out to you know how to use xcpng know how to use proxmox know how to use the uh linux virtualization know how to use hyper-v know how to use vmware it can't hurt you and that's the beauty of setting up a home lab so i'm going to share with you my vast knowledge of windows servers and what i do how i set my clients up and but i think you'll find it interesting educational and informative and that's the whole idea behind this channel it's something i've done in the past i kind of forgot about it and i want to move forward because as i've gotten my lab built up now as i've got hunky joe's playhouse built up now i have lots of shared storage and lots of different flavors and options so i can show you how those will all interact with one another so this is the first in those series of videos what today's video is about is setting up an active directory domain controller that is in essence the big cone of the network it controls logins passwords policies on the network your dhcp server is going to reside on here your dns is going to reside on here now keep in mind what i the recommendations i'm making on my setup for are for a small to medium business not for a big enterprise level client for big enterprise level client you probably want those duties put on separate servers in other words your active directory on one server your dhcp on another your dns on another etc but today's video again assuming you're for the small to medium business or just for your home lab we're going to show you soup to nuts beginning to end on how to set up that server so this may be one of those videos you want to put on when you don't have any other disturbances around you nothing to just squirrel nothing to distract you because it is a rather deep dive and i i've been told i can get my voice can get a little drone on a little bit i'll try to make it entertaining for you as we go along and you're gonna learn like i did the hard way sometimes uh how to correct problems you might run into so i've babbled enough let's get the video started right now all right so i'm gonna come over here to my unifi network and i'm going to go to the gear icon and what i'm going to do is create a new network for this lab so i'm just going to click here on the create new network button now this is going to be a corporate network and i'm just going to call this lab net it's going to be corporate i'm going to keep it on lan 1 there's two lan interfaces on that unified security gateway i'm going to keep everything on lan 1 and i'm going to give it a vlan id of 20. so i'm going to give it the same vlan id as i am subnet so i keep all of my routing devices on my gateways at a 254 address so this is going to be the 192 168 20 network so i'm going to give this an ip address of 254 sorry 254 slash 24 for the subnet and you'll see here it's going to list this as the gateway 20.284 it's going to have the network broadcast ip at 255 and it's going to give us 254 ip addresses 20.1 through 20.254. however i'm going to turn off the dhcp server because i'm going to use uh in the active directory network i'm going to create my own dhcp server and that should be all i need to change and then click on save and then if we come over here to our devices we'll see that it is now provisioning all the devices that need to know where that new subnet and vlan is and as they get provisioned they'll come out of provisioning mode and go back to normal mode so what we've done now is we've created a 20 a vlan id of 20 on a subnet and we'll have that ready for our lab all right so now i'm over on my dell r720 which is running windows server 2019 uh it's got uh and it's got hyper-v loaded on it and this unit has got the dual z e5 2620 cpus i've got 32 gig of ram to play around with i've got a 10 gig uh ethernet card in there uh even though it says gigabit 1.1 it's actually 10 gig and it even has a nvidia quadra quadro p400 video card in there which we're not going to be using but it's it's nice to know that i have that available should i need it so you've seen me do sysprep on windows server 2019 before if not just go look under my videos do a search on sysprep and you'll be able to find one of the videos where i create a an image for both windows 10 and for windows server 2019 and all i've done is imported that image and then i've renamed it so i'm just calling it dc1 dc01 uh our dc yeah dc01 home lab and under the hard drive i named that under the virtual hard drive i've given it the same name dc-01-home lab and that is actually out on my iscsi shares so if you want to know how to set up iscsi shares just go out and do a search on my videos and look for iscsi with a synology land but there is my iscsi share on my synology fs1018 so now all i need to do is come in here and connect it and then i'm going to go ahead and start the virtual machine and we'll get started on configuring it as soon as it boots up now since this image has been sysprepped it's going to go through through the initial configuration we'll have to set up a user a password that kind of thing and then we'll be able to actually come back and do some other configuration on it and actually i did a little booboo i should have changed one of the settings but we'll fix that here in a minute all right so continue on with our initial configuration we're going to click next there we're going to accept the license terms and we're going to create a new super secret password for the administrator account and even though this is in a lab get in the habit of creating a a good secure password that way you don't have to come back to you don't have to remember to come back and secure it later okay now i've already done that it's gone through its initial setup so i'm gonna go ahead and hit control delete to log on i'm gonna log on with that super secret password it'll come up and go through its initial setup because remember this was coming from a sysprep image and you'll see it's windows server 2019 evaluation and i'm just going to click on yes here for now i'm going to close server manager now i'm going to go ahead and shut this unit down because i need to check one more little tick box and i can't do that while the server is on so come here to the windows menu button go to the power icon and do a shutdown and i'm just going to tell another so the one thing i forgot to do before firing this up is coming under file and settings and because we're on a vlan we need to come out under the network settings and we need to turn on vlan identification and change that vlan to 20. that's why we created that separate network for this click on apply okay and then we'll go ahead and start the unit up again so we're rebooted now so let's uh go ahead and log in and then we can get the network set up that's the first thing we want to do then log in we may or may not get a warning about network you'll see that we've got a little exclamation point down there so let's go to local server under server manager you can do this through server manager or you can do it by just coming down here it's up to you but you'll see right now our ipv4 address is being assigned by dhcp and there is no ipv4 address so we're going to click on this which will then open our ethernet controller so i'm going to right click on that and the first thing i'm going to do is i'm going to rename that to the 10 gb so i know that is the 10 gigabit uh network adapter and then we'll right click on it again go to properties and then double click on internet protocol version 4 and we're going to give it a manual ip address and what do you think this is going to be let's guess 192. 168 what 20.1 that's right and then our gateway which is our unify usg unified security gateway is 29 254 and then i'm just going to enter one of google's dns servers in here we'll come back later and change that i'm going to click ok and ok and now it should go out and update so if we click the refresh button on here we need now see that we have a 20.1 ipv4 address so let's right click on the windows button and go to a powershell admin command prompt and let's just see if we can ping outside of our network and we can so we know it can find the gateway and now let's see if we can actually do a address translation and we can now let's see if we can ping something on our five subnet [Music] let's say gandalf good we can retrieve that too because we haven't set up any rules on the unified security gateway to tell it don't allow things from the 20v land to go onto the 5v lane you follow me or to the 5 subnet i doubt that it's going to translate the ip address though let's find out because it doesn't know anything about the dns server on 5.1 so that's fine so the other thing i want to do here under server manager is i want to go ahead and make sure our time zone is set right it is let's go ahead and turn off what am i looking for here internet explorer enhanced security configuration i'm going to turn that off for administrators okay and now the next thing i want to do now that i've got an ip address in it is i want to give this computer a name so we'll click up here on computer name and go over to change and we're going to call it dc 0 1 home lab all right going to click on ok and it's warning us the computer needs to restart to save these changes so we'll go ahead and click on close and then restart now go ahead and click on the control alt delete icon up here i'll go ahead and log back on and now if all is right with the world we should see our little yellow exclamation point should be gone on our networking sometimes it'll stick around though looks correct now yep shows we got a network and we have internet access and if we come back here to the server manager you'll notice our server name is now correct we got our ip address we've got our ie in internet explorer enhanced security configuration is off our time zone is correct so we need to launch internet explorer and the first time it comes up we're going to need to use the recommended security settings now i'm just going to go directly to nynite.com i'll just type it in there all right so what i want to do is i'm going to install chrome and edge now you also have that option to install edge now under nynite which i feel is a better browser anyway it has less it's the same browser as chrome it's chromium base uh but it doesn't have all the fluff that google puts on there uh then i like to also get 7-zip as my compression program let's see what else do i want i want don't need handbrake on this one i do want notepad plus plus i want filezilla just in case when scp putty and there's another one i want on here winder stat that tells you the size of individual directories and what could be consuming a lot of space on your your hard drive so now that i've selected what i want i'm going to get my ninite it's going to download a package installer for ninite for those applications i'm going to go ahead and click on run then i'm going to close internet explorer and we'll just let nine night run all right so nine night is now complete we'll go ahead and close it then the first thing i'm gonna do is open microsoft edge let it go through its initial configuration do do i'm going to go ahead and complete my setup i like a focused browser i'm going to continue without signing on we're gonna get the welcome screen we'll close it okay so nine night is done so now let's get to let's carry on with getting this configured to be a domain controller all right so we've got uh our system initially set up we've got a hard-coded ip address in there we've named our server properly we got all our applications loaded now we want to turn this into a domain controller for our home lab or lab net domain and actually folks i i made a booboo earlier i called it lab net we're going to call this home lab and we're going to use uh we're going to change the name of the computer and we're going to just change that to dc1 [Music] because once i get done with configuring the domain it could be a little bit confusing so we'll just call this dc01 and we're going to need to restart that and the other thing i'm going to do is rename everything else here so we're consistent now it really doesn't matter what i call it up here right there we can change that later or not all right so let's get logged back in and you'll see the reason i wanted to change that name i'll explain it to you because i didn't want to say dc101-homelab.homelab.local you follow me because that's what we're going to use as our domain name is homelab.local and that'll come into play as we get it set up next so just leaving it set up as dc01 is fine i'll know that's a domain controller you can name it anything you want to though so let's go up to manage and we're going to add roles and features up we got to wait for the little bar to quit going across there all right now we can go add roles and features we're going to click on next we're going to do a roll base or feature based install next we're going to select this server dc01 click on next and we're going to install active directory domain services now once i've clicked that it's going to tell you it installs all these other roles as well so we'll click on add features now the other thing it's going to do and we'll click on next here the other thing it's going to do is it's going to set up group policy management as well okay and then it's just warning us it's telling us it stores information about users computers and other devices it's basically a database to track all the user and group policies and so forth we can also use azure's the online version of active directory that's another video for another time so i just clicked on next and now i'm going to click on install and this is going to install start the install first it has to install the software and then we'll need to promote this machine to a domain controller and it's very important when you're setting up domain controllers make sure they're make sure any server you set up has a hard-coded ip address in other words an ip address that is not going to change it's not a good idea to be changing the ip address on your servers or assigning them dhcp addresses where they could change now if you want to assign a dhcp address with what's called a reservation you could do that that way as long as the mac address doesn't change on the network card you'll get the same ip address from the dhcp server every time it's up to you alright so that feature installation is done so now we'll go ahead and click on close but if you notice we'll have a yellow exclamation point up here so the next step is to after we've got the active directory software installed is to run promote the server to a domain controller so we're going to click on that little link and what we're going to do is add a new forest okay and our root domain name is gonna be called home lab click on next ah that's because this needs to be home lab dot local okay click on next uh next it wants us to suggest a forest function level now i know it's counter intuitive but we do keep this set to windows server 2016. uh that was so it would be backwards compatible with uh previous versions of windows server as well um but we'll just leave it set for for uh for that setting right now now this is a root password or a password for our directory services restore mode so in case we foobar active directory at some point in the future will have a recovery password so make sure you pick a secure super secure password super secret super secure password okay once you've got that in there also we're going to set up dns and we're going to make this a global catalog server so we click on next and you're going to get a little warning about a dns server cannot be created because the authority or parent zone cannot be found that's because the dns server doesn't exist yet so don't worry about that just click on next and to be backwards compatible with older versions of windows it's going to set your netbios domain name to homelab without the dot local so just click on next and these are the locations for your database log file and sys volume since we're running a small and a medium business or a just a home lab we can keep everything on the local drive you could create another drive or another partition just specifically to store that information i have never found a need to do that but you know if you want to and i would i would recommend follow whatever microsoft best practices on this but for a little home lab i wouldn't worry about it click on next click on next and it's going to verify the prerequisites for the domain controller operation and everything is okay nothing is a show stopper we've got some warnings about default security settings and delegation you can ignore those for now let's just click on install and we'll let this run and we're getting the warning again and it is starting so we'll just let this run until it gets done and we can now see windows is restarting to continue on with the installation and promotion to a domain controller now when it reboots this time we should actually be logging into the actual server and domain controller so our login screen may look a little bit different all right so the machine has completed its reboot install so let's go ahead and log in and you'll notice now that instead of just saying administrator for the login name it also includes our domain name so it's home lab backslash administrator instead of just administrator then go ahead and enter your super secret password and once it logs us in it should bring up server manager and it did or it has and keep in mind it's still updating the little bar going across the top so if we come over here to local server you'll see that the computer name is dc01 it's now a member of homelab.local our time zone is still correct our ip address is correct however you're going to see one little problem here you should see windows defender firewall not only on for private but it should say domain here now this is a known problem with windows server 2019 and it's simply a matter of services not starting in the right order so i'm going to show you how to manually go out there and fix this because that could cause problems moving forward if it continues to be a problem moving forward with our home lab then we'll i'll show you how to permanently fix it but for now just go to the windows button and start typing in services click on services and what we're looking for is no network location awareness so that'll be before the ms kl i am i'm sorry it'll be after the m's network location awareness so if you right click on that and choose restart it'll also restart the network list services so we're going to tell it yes all right close that and then come back here to server manager and refresh and now it it properly reflects the fact that we're on a domain so that's how to temporarily fix it now the next thing i'm going to do so that we can continue on doing this via remote desktop is come to remote desktop and i'm going to write or click on that and i'm going to choose allow remote connections to this computer now if you go to select users you'll see that the administrator already has access so that's okay we'll click on apply and okay now it should also open ports on the firewall to allow a remote desktop to come in i'm gonna go ahead and click on refresh here and you should see it say remote desktop is now enabled so let's go out and test this by trying to do a remote desktop connection to to this machine so i've got my remote desktop connection window open and i entered an ip address of 192.168.20.1 click on connect and it found it so i need to change this to home lab backslash administrator enter our super secret password click on ok except the security warning then hopefully if all went well i should see the server manager screen and it did and we've got some errors down here we're not going to worry about those for right now but we're now connected remotely to our server we should have dns running so i'm going to come over here to windows administrative tools and we should see our dns entry i'm going to i'm just going to minimize this and i'm going to drag right so i'm going to right click and i'm going to send this to the desktop create a shortcut to our dns now what i don't see here i'm also going to send group policy management to the desktop what i don't see here is our dhcp server the reason i don't see that is because we have not installed dhcp yet so we're going to come back here to server manager go up to manage add roles and features next it's going to be a role based feature we're going to do it on dc01 and we're going to select dhcp server we're going to choose add the features click on next click on next on the next screen and it's warning us remember what i told you about a static ip address yeah we've already done that so we'll click on next and click on install now what i like to do is reserve my first 25 ip addresses for servers and whatnot and then if i have phones or something i'll i'll preserve like address 100 through 150 or 175 and then i leave addresses of 26 through 99 available for pcs depending on your situation that's just how i typically set up my dhcp server because we'll need to do that next as well as to authorize a dhcp server to run on the network all right so the dhcp server installation is complete now it's telling us we need to complete the configuration so i'm going to click on that little link and i'm going to follow the little guide and we're going to use the following user credentials home lab backslash administrator and we're going to commit those changes click on close click on close on the wizard and i'm gonna go ahead and refresh this screen here come up here a little notification and it tells us we're done and we should see dhcp over here on the side now and we'll see that it's activated and the online performance counters are not started on it no big deal so now we can come back to windows administrative tools and now we should see a dhcp icon in there so let's right click on that and let's send to the desktop create a shortcut and close out of there now let's get the dhcp configured so we'll double click on the icon and we should see that i'm going to expand the window out here we should see that we're green now which means our scope has been authorized so i'm going to right click and i'm going to do a new scope it'll bring up a little wizard i would click on next and we'll just call this home lab default call it whatever you like give it whatever description you like click on next so i'm going to start at [Music] 20.26 and i'm gonna go through 98 i'm sorry 99 [Music] click on next i'm not going to add any exclusions right now click on next eight hours is fine now it asks me do i want to configure the options such as the router dns server and win settings so yes i do click on next now the router is going to be 192.168.20.254 click on add now it's homelab.local and you'll notice it's put 192.168.20.1 in there automatically that's fine we're also going to put google in there just in case because we don't just in case 20.1 is not available for whatever reason then it'll go to the 8.8 a lot it'll allow people to go outside of the network to do a dns lookup click on next we're not going to have any wind servers so we'll click on next and then it asks you do you want to uh activate the scope we'll tell it yes click on next and finish and now we have our address pool set aside and you'll notice we have under our options we have our router dns servers and our domain name so dhcp is now set up and configured now here's an article on the very problem that we're encountering and this was last asked on december 21st of 2020 and that that is domain server starts with the wrong network profile and what they're saying here is you could try setting it to automatic delay and start i've already tried that it didn't make any difference you could try appending the dns suffix for the con connection i've tried that it doesn't fix it the fix is right here you want to create a dependency for network location awareness service just run the following command so in other words this service depends on all these other services to start up before it starts so worst cases we can type the command in here so let's see if we can't do that good old good old typing so sc space config uh nla svc and then a space and then depend equal uh nsi forward slash r p c capital s s forward slash t c p i p slash dhcp slash event log slash let's see net log on okay so change service config succeeded so now what we'll do is we'll reboot the virtual machine and see if it fixed the problem all right so let's see if that worked i'm hoping it will if not we'll need to add some more services to the dependencies namely dns and there's another service we can add so if you read that article along with me there was a an additional note down at the bottom the problem was i think when i typed it in for whatever reason it did not tie the net login service to as a dependency so now this is the second time i've rebooted the server so now it's it's come up both times with the domain on so i'm going to say that that is fixed so i added that dependency to the network location awareness and it seems to be coming up every time now now the next thing i'd like to do is go ahead and get a user a new user set up i believe i can come into tools and active directory users and computers and what i want to do is i want to copy the administrator account let's go to users i want to copy this account and set up our adama account and set that up with a secure password and i want to tell the password never expires now what that should have done by copying it is given bill odama we got here to properties and go to member of here we go and it should be domain admins users enterprise admins everything we need so now what i want to do is i want to log out and keep in mind when you do this it's you're going to lose all your icons on your desktop and have to start fresh and it says it's set to log into home lab so we'll see login as a doma in our super secret password and of course it's going to create a new windows profile for us which is fine there we go so there's our new desktop let's see if this uh uh shows us we're on our domain controller as well yay it worked all right now you also notice remote desktop is enabled so the next thing i want to do is disable that administrator of account but i want to do it through remote desktop to show you that so i'm going to go ahead and log off here then i'm going to go ahead and close this window and we'll come to our we'll go out to our desktop so i'm out here at my desktop and since my mid-earth.local domain does not know anything about my home lab domain and vice versa i'm going to have to use the ip address of the server i want to connect to so we gave that a subnet of 20. so we'll type that in here 192.168.20.1 is the ip address now it's going to try and log in with home lab administrator but we're going to do home lab adama instead so let's go ahead and see if we can connect and let's enter our super secret password and we'll accept the certificate and uh if i've done my job properly here we will now see our domain controller very good there it is now let's go back out to active directory users and computers and we're going to lock out the administrator account now that we've created a an account a copy of it so we'll come back here to homelab.local go to users and the administrator account we will disable so now that account's been disabled nobody should be able to log in as it and i don't need server manager to come up at login so i'm going to tell that not to do that and there you go our domain controller is created it's up and running we have remote access to it even from a different subnet and we can continue on with our lab so there you go after some trials and tribulations we got it set up but you know if you if you hadn't run into that problem that i ran into you might never know about it and i don't run into that problem where the network location awareness bug rears itself ugly head it doesn't occur in every installation so you've got to be prepared and have this knowledge either written down somewhere in your head from past experience and this is why it's so important that you train yourself in a lab environment before you go out into the real world and try to make this stuff happen because you will find stuff that will drive you to distraction and this is one of those issues that has driven me to distraction over the past few years but i am going to put a link to that article in the down in the uh about section of the notes section whatever the hell you want to call it so you guys can go out and read that article for yourself being that as it may i like to share with you some of the problems you might run into just in case so that you won't get frustrated and give up on it if you haven't seen on how to set up hyper-v on a server go go look at my videos there's a little search bar there's a little search uh magnifying glass on youtube so if you go to the channel and you type in hyper-v it'll bring up every video where i've talked about hyper-v and i do have videos out there where i've set up hyper-v from scratch on these enterprise level servers so that way you have a base for moving forward and learning how to do the lab do the lab videos so there you go it's all set up we now have a primary domain controller or a first domain controller for our home lab network that wasn't that difficult was it so there you go people of the internet we hope you found the video entertaining and informative as always please give us a thumbs up down below if you liked the video please leave your comments down in the comments section and we like comments from our subscribers subscribe if you're not already a subscriber and if you're so inclined to donate we take paypal patreon and the youtube join function there's a little join button down there for two dollars a month set it and forget it you don't have to worry about it automatically recurring membership helps a lot to keeping this channel up and with valid and relevant content for you and uh you know so if you find you get some value out of this channel please donate it's greatly appreciated i wanna i want you to know i appreciate each and every one of you and please don't forget we'll see all of you on the other side you

Info

Channel: Unkyjoe's Playhouse

Views: 3,315

Rating: undefined out of 5

Keywords: windows, windows server, windows 2019 server, windows server 2019, homelab, lab network, windows networking, dhcp server, dns server, windows dns server, unifi network, unifi vlan, vlan creation, domain controller, windows domain controller

Id: 4qP0wL0f38E

Channel Id: undefined

Length: 45min 45sec (2745 seconds)

Published: Wed May 19 2021