Lab Setup – Windows AD Quickly

      No Comments on Lab Setup – Windows AD Quickly

I wanted to have a quick and easy and disposable Windows Active Directory lab environment to use for testing of 802.1x authentication setups. With virtual machines and an eval VHD from Microsoft this is pretty easily done. See my post on how to use VMware Workstation Pro and linked clones to save storage space and deploy multiple machines from the same base setup.

Items Needed

Steps

  1. Install VMware Workstation Pro or whatever VM environment of choice
  2. Setup the Windows Server 2012 R2 virtual machine but do not power it on
    • I highly recommend working from a copy of the original file rather than the original, doing so will save you from downloading the thing again down the road
  3. Make a snapshot (Initial) of the Virtual Machine prior to power on
  4. Power on the virtual machine, allow Windows to get itself ready and then install VMware Tools (or tool of choice equivalent)
  5. Copy lab setup scripts into the virtual machine (C:\Temp or somesuch)
  6. Power off the virtual machine and make a snapshot (Pre-AD Setup)
  7. Power on the virtual machine and login
  8. Open PowerShell and set execution rights to allow the scripts to run 
    • Set-ExecutionPolicy RemoteSigned
  9. Run 1-AddAdPrereqs.ps1 and wait for reboot
  10. After auto-logon and PowerShell console opens run 2-AddAdFeatures.ps1
    • Look at the log and make sure everything installed that needed installing
  11. Run 3-InstallNewForest.ps1, when the reboot is finished you now have a brand new Windows Active Directory environment to play around with
  12. Run 4-AddOtherItems.ps1 for additional server configuration

Scripts Used

There are four scripts used to prep and then install the Active Directory services on the Windows Server 2012 R2 Virtual Machine. These scripts are based on the works from over here with some additional items on setting Windows Auto-Logon and DHCP server setup.

1-AddAdPrereqs.ps1

Make sure to set the IP addressing appropriately for your virtual machine environment. For the auto-logon to work you’ll need to change the username and password to whatever you set when Windows Server first powered on.

#1-AddAdPrereqs.ps1
#set static IP address
$ipaddress = '192.168.128.11'
$ipprefix = '24'
$ipgw = '192.168.128.2'
$ipdns = '192.168.128.11'
$ipif = (Get-NetAdapter).ifIndex
New-NetIPAddress -IPAddress $ipaddress -PrefixLength $ipprefix 
-InterfaceIndex $ipif -DefaultGateway $ipgw
Set-DnsClientServerAddress -InterfaceIndex $ipif -ServerAddresses $ipdns
#rename the computer
$newname = 'dc01'
Rename-Computer -NewName $newname -force
#install features
$LogPath = 'c:\poshlog\'
$LogFile = 'featurelog.txt'
$LogFullPath = $LogPath + $LogFile
If (!(Test-Path $LogPath)) {New-Item $LogPath -type directory}
New-Item $LogFullPath -ItemType file -Force
ipconfig /all >>$LogFullPath
Get-WindowsFeature | Where installed >>$LogFullPath
# =====================
#
# Set automatic login for next boot
#Registry path declaration
$RegPath = 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon'
$RegROPath = 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce'
$DefaultUsername = 'Administrator'
$DefaultPassword = 'XXXXXXXX'
$AutoLogonCount = 1
$ScriptKey = 'PowerShell'
$Script = 'c:\windows\system32\WindowsPowerShell\v1.0\powershell.exe -nologo -noexit -command "& {cd c:\temp}"'
#setting registry values
Set-ItemProperty $RegPath 'AutoAdminLogon' -Value 1 -type String
Set-ItemProperty $RegPath 'DefaultUsername' -Value $DefaultUsername -type String
Set-ItemProperty $RegPath 'DefaultPassword' -Value $DefaultPassword -type String
Set-ItemProperty $RegPath 'AutoLogonCount' -Value $AutoLogonCount -type DWord
If (!(Test-Path $RegROPath)) {New-Item -Path $RegROPath}
Set-ItemProperty $RegROPath $ScriptKey -Value $Script -type String
#======================
#
#restart the computer
Restart-Computer

2-AddAdFeatures.ps1

Installs some of the basic items necessary for AD to be provisioned. Yes, this could be made into one script with 3-InstallNewForest.ps1 but the source author had it as two so I left it that way.

#2-AddAdFeatures.ps1
#Install AD DS, DNS and GPMC
$LogPath = 'c:\poshlog\'
$LogFile = 'featurelog.txt'
$LogFullPath = $LogPath + $LogFile
If (!(Test-Path $LogPath)) {New-Item $LogPath -type directory}
If (!(Test-Path $LogFullPath)) {New-Item $LogFullPath -type file}
start-job -Name addFeature -ScriptBlock {
Add-WindowsFeature -Name 'RSAT-AD-Tools'
Add-WindowsFeature -Name 'ad-domain-services -IncludeAllSubFeature 
-IncludeManagementTools
Add-WindowsFeature -Name 'dns' -IncludeAllSubFeature -IncludeManagementTools
Add-WindowsFeature -Name 'gpmc' -IncludeAllSubFeature -IncludeManagementTools }
Wait-Job -Name addFeature
Get-WindowsFeature | Where installed >>$LogFullPath

3-InstallNewForest.ps1

Create the new AD Forest and Domain.

#3-InstallNewForest.ps1
# Create New Forest, add Domain Controller
$domainname = 'network.lab'
$netbiosName = 'NETWORK'
$pwd = ConvertTo-SecureString 'XXXXXXXX' -AsPlaintext -Force
Import-Module ADDSDeployment
Install-ADDSForest -CreateDnsDelegation:$false 
-DatabasePath 'C:\Windows\NTDS' -DomainMode Win2012 -DomainName $domainname 
-DomainNetbiosName $netbiosName -ForestMode Win2012 
-SafeModeAdministratorPassword $pwd -InstallDns:$true 
-LogPath 'C:\Windows\NTDS' -NoRebootOnCompletion:$false `
-SysvolPath 'C:\Windows\SYSVOL' -Force:$true

4-AddOtherItems.ps1

  1. Sets up DHCP server for local network
  2. Enables Remote Desktop
#4-AddOtherItems.ps1
#
#Add Features and Roles
start-job -Name addFeature -ScriptBlock {
Add-WindowsFeature -Name "dhcp" -IncludeManagementTools }
Wait-Job -Name addFeature
Get-WindowsFeature | Where installed >>$LogFullPath
# =====================
# Configure DHCP Server
#
# DHCP Scope Information
$ScopeName = 'Lab'
$ScopeID = '192.168.128.0'
$ScopeStartRange = '192.168.128.1'
$ScopeEndRange = '192.168.128.254'
$ScopeSubnetMask = '255.255.255.0'
#
# DHCP Scope Exclusion
$ScopeExStartRange = '192.168.128.1'
$ScopeExEndRange = '192.168.128.20'
#
# DHCP Scope Options
$ScopeDNS = '192.168.128.11'
$ScopeDomain = 'network.lab'
$ScopeGateway = '192.168.128.2'
#
# Add security groups to local DHCP server
Add-DhcpServerSecurityGroup
Restart-Service dhcpserver
# Register DHCP in AD
Add-DhcpServerInDC
# Tell Server Manager that configuration is complete
Set-ItemProperty –Path registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ServerManager\Roles\12 –Name ConfigurationState –Value 2
# Create DHCP scope with applicable options/settings
Add-DhcpServerv4Scope -Name $ScopeName -StartRange $ScopeStartRange -EndRange $ScopeEndRange -SubnetMask $ScopeSubnetMask
Add-Dhcpserverv4ExclusionRange -ScopeId $ScopeID -StartRange $ScopeExStartRange -EndRange $ScopeExEndRange
Set-DhcpServerv4OptionValue -ScopeId $ScopeID -DnsServer $ScopeDNS -DnsDomain $ScopeDomain -Router $ScopeGateway
# =====================
#
# Enable Remote Desktop
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -Name 'fDenyTSConnections' -Value 0
Enable-NetFirewallRule -DisplayGroup 'Remote Desktop'
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -Name 'UserAuthentication' -Value 1

Leave a Reply