Creating a Lab Domain in PowerShell

I am spending a lot of time in Microsoft 365 these days. Because of my new contract, I found myself needing to build a lab environment from scratch. Yes, I am working in Azure AD, but for my role I realized it would be help to have an on-premise Active Directory Domain Services environment, in order to have a Hybrid-AD environment.

Before going any further, let’s define a few terms you will need to understand:

Active Directory Domain Services: This is the good old on-premises AD that we have been using since the advent of Windows Server 2000. It was renamed ADDS at some point, but it is the same AD, only evolved. It leverages Kerberos authentication, and is controlled by our domain controllers that run the AD services.

Azure Active Directory: The cloud authentication service may share part of its name with ADDS, but it is quite different. For one, it is not a Kerberos system, rather it leverages OAuth and other modern protocols.

Rather than investing in new hardware, I opted to build my new domain controller in a Hyper-V environment. The configuration of that infrastructure for that is out of scope for this article.

I opted to start with Microsoft’s latest server operating system, Windows Server 20H2. This iteration does not include the graphical user interface (GUI, or Desktop Experience) that its predecessors do. Because of that, we will be relying entirely on PowerShell to build and configure our DC.

The Preliminaries!

I have installed the server OS, and am logged in to my new (clean) server. This is a lab environment in my home office that is not segregated from my regular devices, so it has gotten a DHCP address from my home router. The first thing I want to do is to change that to a static IP address.

image

I verify my current IP configuration using the Get-NetIPConfiguration cmdlet in PowerShell… essentially the modern version of ipconfig. I checked my existing environment and decided my IP address would be 10.0.0.2. I know that my subnet mask is 255.255.255.0, so my prefix length is 24. What I needed from this cmdlet was the Interface Index.

So to set my IP address, I will use the following cmdlet:

New-NetIPAddress –InterfaceIndex 4 –IPAddress 10.0.0.2 –PrefixLength 24 –DefaultGateway 10.0.0.1

That sets the IP Address, but clears the DNS Server information. I’ll fix that with the following:

Set-DnsClientServerAddress –InterfaceIndex 4 –ServerAddresses “10.0.0.1”

With that, my virtual machine is connected to the Internet again.

I don’t like the idea of having my domain controller named WIN-GQ35FV9 (or whatever random name Windows selected, so I’ll do a quick computer rename:

Rename-Computer MDG-DC

This won’t take hold until I reboot my system, so let’s do that now.

**Note: Lab environments can be tricky when they are on your production network. If I was building a completely segregated lab, or if I was building a lab that did not need the Internet, I would install a DHCP Server in this machine. As I am not, I will have to configure static IP addresses on all lab machines.

Let’s Do It!

Now that our networking is configured, we can move ahead with the domain creation.

The first step is to download the PowerShell module. That’s simple enough, although the name of it has changed a few times, so I want to make sure I download the right one:

Install-WindowsFeature AD-Domain-Services –IncludeManagementTools

It won’t take but a couple of minutes to download and install them.

image

image

Now let’s build my AD Forest:

Install-ADDSForest –DomainName <domain.name>

image

This will run for a few minutes, and when completed, you will be informed the computer needs to reboot.

When I am prompted to log in, I now need to know my username (it will be Administrator, as well as my password.

image

So let’s go back into PowerShell, and make sure that everything worked.

Get-Addsdomain | fl name, domainmode

Get-Adforest |fl name, domainmode

Get-Service ADWS,KDC,Netlogon,DNS

This will show us that the domain is properly configured, and that the necessary services are running.

image

That’s It?

Well, not quite… but that’s the scope of the article. To manage it, I am going to create a virtual machine running Windows 10 with the necessary Remote Server Administration Tools to manage my AD. Yes, you can do everything in PowerShell… but there are some things I still prefer to do in MMC consoles!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s