Tuturial on AD using Oracle VM VirtualBox

Inspired by Josh Madakor Learning Active Directory can be fun and hard, but I hope with writing down the steps it will make it easier to understand. 

In many companies or even your home it's important who can get access to your resources. Such resources include the files, data or even your network. A great way of managing the people who have access to such resources is using Active Directory. With Active Directory you can create rules, boundaries, and different policies. After I had watched Josh Madakor Video on how to setup AD on a vm. I was inspired to do the same and make my own virtual AD and the steps to show it. 

For information go to Josh Madakor Youtube channel - Cite use for this article - Madakor, Josh, ‘How to setup a Basic Home Lab Running Active Directory (Oracle VirtualBox) | Add Users w/Powershell”, YouTube, 3 years, https://youtu.be/MHsI8hJmggI?si=oUt27YiQX50QxNld

Windows 2019 server - 

Installation steps for Microsoft 2019 Server using Oracle VM virtualBox 

Firstly here’s a link for Microsoft 2019 server download. Or you can manually go search Microsoft.com windows server 2019 using Google or Microsoft Edge or Safari. Next you want to download the ISO onto your desktop a couring to what language you speak. 

Next, open up VirtualBox (virtualBox download link VirtualBox website). Click new, which opens up a virtual Machine prompt. In the “name” type in DC for Domain controller. Then in “Version” select other Windows (64 bit). Then click Next.

After clicking there will be a hardware page. On this page it depends how many resources your device can give. Since a VM is using your device's resources to run itself as another computer. For this since my device has 16 gb of ram I had allowed 2048 mb = 2 gb and 4 cores for the cpu.  For storage, again it depends if your device has enough storage, but because I have enough storage to spare I had put in 20 GB. Then click next.

Click Finish. Your VM should now be on your left hand side and it should be named “ad” or the name that you gave it.

After creating the vm click on your vm and go click on settings. Go down to the Network and click on Adapter 2. Click check on “Enable Network Adapter” Then “Attached to” change to Internal Network. This allows the VM to have an internal vm network, while adapter 1 uses NAT to connect the internet.

Next start running the “ad” by clicking on it. After your virtual “ad” is running you can click enter and a prompt for a dvd file will appear. In the box you want to select the ISO Windows 2019 server file which helps boot your VM into WIndows Server 2019.

Next select your language, and time and currency format, and Keyboard or input. For me these are my selections. Click Next when done.

Click Install Now, next a startup screen will pop up.

Next, a Windows setup will appear. Select Windows Server 2019 Standard Evaluation (Desktop Experience). Then click next.

Applicable notices and license terms page will appear. After reading the license terms then click “ I accept the license terms”.

Next select “Custom: Install Windows only (advanced) 

Next select your Drive and click “Next”.

Installing Windows can take some time so wait until it’s completely finished. Then a command prompt will appear that says, “Press any key to boot from CD or DVD” (DO NOT PRESS OR CLICK ANYTHING UNLESS YOU WANT TO GO BACK TO BOOT SETUP MENU). After downloading the Customize Settings page will appear. For this demonstration I used “Password1” for the Password, but you can create your own. Next click finish after creating your password.

Now that we have Windows 2019 servers downloaded. Inorder to unlock we have to Press Ctrl+Alt+Delete to unlock, however since it is on a vm it’s different. On the top of the taskbar there’s “Input”, click on Input then click on keyboard, next click on “insert Ctrl-Alt-Delete. 

Next input your password that you have created or for this demonstration it would be “Password1”.

This is what home screen would look like. (Note: if you want to make the Windows vm a bit smoother, you can go to devices on top of the taskbar then click insert guest Addition CD image. Next go to files on the vm Windows server. After opening the files, then go to this PC and go to CD Drive (D:) VirtualBx Guest. Next click on VBoxWindowsAdditions-amd64. Click Next on the VM Setup. Next click on install location, install on next page, then click Finish which will restart the VM.

Login back into the vm. Next we need the vm to connect to the wifi. Go to wifi settings or click on this image then got to Network & Internet Settings which will send you to the ethernet settings.  In the Ethernet settings click on “Change adapter options” under Related settings on the far right. .

I’m going to rename these Ethernet in order to make it easier to remember what their roles are. For instance Ethernet 1 changed to _internet since it’s using your wifi. While Ethernet 2 is using the vm internal network. This will be very important later on. (Note: if you want to rename the pc here’s some quick steps. First go to start on the bottom left hand side, then right click on start and click on System. The settings page will appear on the About and the bottom will the Rename this PC option. Click on the Rename this PC and type what you want the PC to be called. Then you can restart now or later option).

Next we want to setup our IP address for the internet and internal network

Clicking Internet Protocol Version (TCP/IPv4) will bring you to General page. With this page you want select “Use the following Ip address”. Inserting the IP address creates a static address for your internet which means the ip address doesn’t have to constantly change.

 Setting up Windows AD -

Now that we have a Windows 2019 server setup, let now set up Active Directory.  

First you want to click on Server manager which can be found by clicking start then clicking on Server Manager under Search.

Next you want to click on “Add role and features”.

Click Next.

Click Next. 

This page is used for downloading the specific server you want. Which is Active Directory.Then select DC and click Next.

After clicking next we will select server roles, for this server we select the box with “Active Directory Domain Services”. Then click “Add Features” Then click next for the “Features page, Next for “AD DS page”, then click next for Confirmation page, then finally click install on the “Results” page.

Close the “Add Roles and Features Wizard page after installation. You will see this flag with a yellow exclamation sign.. Click on it, then click on “Promote this server to a domain controller”. This will allow us to create a domain sense we haven’t created on our AD (AD Domain allows admins to control devices on the network such as printers, computers, files, and ect.)

Next click on “Add a new forest”, then go to “Root domain name:” and insert a name. But because I am following Josh Madakor tutorial, I am going to put my Root domain name as “mydomain.com”. Then click next after creating a name.

Next we want to insert a password at the bottom, but because this server is a vm and for practice uses only. I had used “Password1” for my password, but a course you are welcome to choose the password you like. After creating your password click “Next”. Then click “Next” in DNS Options page, “Next” for Additional Options page, click “Next” for Paths page, click “Next” for Review Options, then on the Prerequisites Check click “Install”

After installation of the Domain, the vm will restart. Now with the Domain installed, relogin,

Next we are going to build our own dedicated Admin Domain account instead of using the built in Admin account. First go to “Start” then find “Windows Administrative Tools”, then click on “Active Directory Users and Computers”.

After clicking on “Active Directory Users and Computers”. Right click on mydomain.com, then click on New. Next to the right click “Organizational Unit”.

We will name the folder “_ADMINS” because we are using this folder to create a new Admin user.  You can uncheck the box that says, “Protect container from accidental deletion” if you want but it just helps delete the folder easier. Then click OK. 

Next after the folder is created right click on the “_ADMINS” folder. Click “New”, then on “User”.

Now we want to put our own first and last name into where it says “First name”and “last name”. Then for the “User login name”, you can use this format since many companies use similar ways. “a-first initial and last name”. For example my login name would be “a-jthompson”. Then click “Next”.

Next there will be a password page, since this is for practice I’m going to use “Password1” for my password. Then uncheck “User must change password at next login”. Next check “Password never expires”. It’s because when we relogin we don’t get a prompt to change our password the next time we login and we won’t have to worry about our password expiring.Then click “Next”. Then click, “Finish”.

Even though our folder is named admin, this user is still not an Admin. So after clicking “Finished”, right click on your name on the right hand side in the “_ADMINS” folder. Then go to “Properties”. 

Now that we are on “Properties”, we want to go to “‘Member of”.

Click on “Add” near the bottom. Then under “Enter the object names to select (examples):” , enter Domain Admins. Then click “Check Names” which result in Domain Admin. Then proceed to click “OK”, then “Apply”, then “OK”. We have just now created our own Admin Domain account!

Now that we have our Domain Admin account, go ahead and sign out of your vm computer by going to “Start”, then find the user icon, then click “Sign out”. This time instead of signing into our Admin account, we are going to sign in to “Other user”. For the “Username” put in what you had when you were creating a new user. For instance my Username was a-jthompson and my password was “Password1”.

Explanation on Network - Now that we have created our Domain AD account we need to create a NAT which stands for Network Address Translation. NAT allows your private Ip address to become a public address which allows you to get access to the internet. This is important because the eventual goal is to create a client with a Windows 10 and the client be managed by the AD. Since we are using a vm it’s using a VMWare Network (default private ip address), the client’s ip address needs to be translated through the DC which will have the NAS, which will then connect to the internet.  

To begin we need to go to “Add roles and Features” from the Server Manager (Server Manager located from Start, then on the right hand side). Then when on the “Add Roles and Features Wizard” page go and click “Next”. On the “Installation Type” page click “Next”, then click “Next” for the Server Selection page. Then for the “Server Roles” page select Remote Access and “Next”. Click “Next” for the “Feature” page, “Next” on the “Remote Access” page. On the “Role Services” page select “DirectAccess and VPN (RAS)” and also select “Routing”, then click “Next”. Click “Next" on Web Server Role (IIS), then “Next” for the “Role Services” page, then click “Install” on the Confirmation page.

Next go to “Tools” and go to “Routing and Remote Access”

Next right - click on “DC (local)” , and select “Configure and Enable Routing and Remote Access”.

Click “Next” ,then select “NAT” and “Next”. Next select “Use the public interface to connect to the internet:” and select the internet we had named from the beginning that has the (DHCP) at the end, and click “Next”. Then click “Finish”.

You will know the installation was finished when you see the green light next to the DC, while before it had a red light.

Note: Now we need to create a DHCP so our client devices can get a Ip address (DHCP stands Dynamic Host Configuration Protocol and it ip addresses for devices). 

To start go to “Add roles and features” go through and click “Next” until you get to the “Server roles” page. On the Server Roles page select DHCP Server. Then click “Next” all the way to “Confirmations” page, then click “install”. After installation you can close. 

Next go to “Tools” and go to DHCP. Note: we are going to create a scope which allows clients and devices to get their ip addresses in specific ip address range - 172.16.0.100

Click on the arrow on dc.mydomain.com to drop down and right click on “IPv4” and select new scope. 

Click “Next” after on the New Scope Wizard page. For the name we will name it after the ip address which is 172.16.0. 100-200, then click “Next”  

Then insert in “172.16.0.100” for Start IP address and “172.16.0.200” for End IP address. Then make the length for the subnet mask be 24. Then click “Next” through Add Exclusions and Delay page since it’s a vm we don’t need to do this, however in real world situation you should deny certain ip address from getting on to your network. Lease Duration page is used for how long each ip address will be assigned to a device before switching. Once again it’s a vm so we don’t really have to worry about it. Click “Next” for Configure DHCP Options (“Yes, I want to configure these options now” should be selected). 

Next put in “172.16.0.1” which is the DC ip address. Then click “Add” from the side, and click “Next”. Domain Name and DNS Servers page click “Next”, then “Next” WINS Servers, then select “Yes, I want to activate the scope now” if it’s not already selected. Then click “Next” and “Finish”.

After finishing, right click on “dc.mydomain.com” and click “Authorize”. Then click refresh, and both your IPv4 and IPv6 should turn green (If one turns green but the other doesn’t just refresh again. That should fix the issue).

Note: Now that we have created our DHCP and the scope for the IP address range, let create a client to test if we can connect to this AD. 

FIrstly we need to create a new vm with Windows 10. So go back to vm and click “New” and name it “Client1”. The Version should be WIndows 10 (64-bit), then proceed to “Next”.

For ram I’m going to give 4048mb which is 4 Gb, and 4 CPU for the processors, then click “Next”.

Adjust how much Disk size, then Click “Next”, and Finish.

Before turning on the Client1 vm, right click on the vm, then go to “Network”. Change the Adapter 1 to Internal Network. Then click “OK”.

Next turn on the Client1 vm, a prompt for disk will appear. You want to select the downloaded WIndows 10 iso file. Then click “Mount and Retry boot”.

Click “Next”, and “Install”.

Select “I don’t have a product key”.

Next select “WIndows 10 Pro” so that you can join the Domain. Then click “Next”.

Click “I accept the license terms”, then “Next”.

Select “Custom: Install Windows only” (advanced) and “Next”.

Now it should start install, this can take a couple minutes. During the process don’t click on anything. 

Next select your Region.

Select your keyboard layout, and click “Skip” for custom layout.

Select, “I don’t have internet”. 

Select “Continue with limited setup”.

Enter “user” for the name, and we don’t need a password so you can click “Next”.

You can click “Accept” and if you want you can also deselect all the options that are already selected.

Select “Not Now”.

Now that we have Windows 10 setup we need to see if it has wifi. So go to the command line by “Type here to search” and typing cmd.

We can type ipconfig which will show us our network configuration, DHCP, and DNS. 

For some reason our default gateway is not showing up, so we need to log back on back to our DC vm.

On our DC vm, we want to go to “Server manager”, then to “Tools”, then go to DHCP. 

Click on IPv4 then right click Server Option, then click configurations. Select “003 Router” if it’s not already selected. Then in IPaddress enter “172.16.0.1” which is the DC default IP address. Then click “ADD”, and click “Apply” .

We need to restart the server and we can do this by right clicking “dc.mydomain.com”, and selecting “All Tasks” and “Restart”.

Now go back to the client vm with the command line, and enter ipconfig again to see whether or not you will get a “Default Gateway”.

I didn’t get it so I am going to enter “ipconfig /renew”.

IT Works! Now to test if our client can reach out to the internet (Note: in theory the Client should be able to connect to the DC which is then connected to the internet, because the Client is using a internal IP address. That’s why we had to create a RAS/NAS on the DC inorder for the DC to change the client’s IP address to a public address in order to for it to reach the internet). We can test if the internet works by typing “ping google.com” in the command line.

We got responses back from google.com which means our client could reach the internet!!!

Now how to make this client join our domain 

First right click the Start menu and go to systems.

On the About page go all the way down and find “Rename this PC (advanced)”.

Next type in Client1 or the name you chose for the vm, then click on Domain and enter “mydomain.com”. Then click “OK” After clicking okay you will be prompted with a password and username. For the username and password you can use your admin account which was using you first initial and last name then “Password1” for the password. Then click “OK” to restarting computer. 

Now we can go back to our DC and go back to DHCP (found by clicking the start menu and finding Server manager and then select tools from the right handside, then select DHCP) then select “dc.mydomain.com” and select Scope, then select “Address Leases” which will show you the client that you have just added to your domain!

Thank you for reading. I hope this was helpful and once again this whole project was inspired by Josh Madakor. For more in depth here’s his Youtube video - https://youtu.be/MHsI8hJmggI?si=tGlHvGUDQX-F78jz