Active Directory Basics Lab

Hands-on AD DS lab with OUs, users, groups, and baseline configuration

Active Directory Basics Lab Documentation

Objective

This document outlines the setup and configuration of a basic Active Directory environment using Azure Virtual Machines. The lab demonstrates domain controller promotion, DNS configuration, and client domain join verification.

Lab Environment

- Platform: Microsoft Azure

- Domain Controller: Windows Server 2022 (DC01)

- Client Machine: Windows Server 2022 (Client01)

- Domain Name: lab.local

- Resource Group: DC01_group

- VM Size: Standard_B2s

Step 1: Deploy Domain Controller VM

A Windows Server 2022 virtual machine was created in Azure to act as the Domain Controller.

Step 2: Configure Networking & DNS

The Domain Controller was configured with appropriate networking settings. DNS was verified to ensure the server could support Active Directory services.

Step 3: Install Active Directory Domain Services

The Active Directory Domain Services (AD DS) role was installed via Server Manager on DC01.

Step 4: Promote Server to Domain Controller

DC01 was promoted to a domain controller and a new forest was created using the domain name lab.local.

Step 5: Verify Domain Controller Promotion

Post-promotion verification was completed by logging in with domain credentials and confirming Active Directory management tools were available.

Step 6: Create Domain Users

User accounts were created within Active Directory Users and Computers to test authentication.

Step 7: Join Client Machine to Domain

Client01 was joined to the lab.local domain after configuring DNS to point to the domain controller.

Step 8: Validate Domain Membership

The client successfully authenticated using domain credentials, confirming proper domain membership.

Step 9: Bonus Active Directory Administration Tasks

This step includes optional but highly recommended tasks that reflect common real-world Active Directory administration responsibilities.

9.1 Configure Domain Password Policy

The Default Domain Policy was modified to configure domain-wide password settings. Minimum password length and maximum password age were adjusted using Group Policy Management.

9.2 Create and Assign a Logon Script

A basic logon script was created and stored in the domain SYSVOL scripts directory. The script was assigned to a domain user account and executed successfully upon logon.

9.3 Delegate Password Reset Permissions

Password reset permissions were delegated to a Helpdesk security group at the branch Users OU level, allowing limited administrative control without granting full domain privileges.

9.4 Move Client Computer to Correct OU

The client computer account was moved from the default Computers container into the appropriate branch Workstations OU to ensure correct Group Policy application.

Conclusion

This lab successfully demonstrates a foundational Active Directory setup suitable for enterprise environments and serves as a base for further work with Group Policy, OUs, and hybrid identity.