Open in app

Sign in

Write

Sign in

Setting up Active Directory Administration in a VirtualBox Homelab

Antwan McLemore
17 min readAug 16, 2023

--

Are you interested in learning more about Active Directory Administration, but don’t have access to an enterprise environment?

Setting up a homelab is a great way to gain experience and knowledge in this area. However, creating a physical homelab setup can be both confusing and expensive, especially if you’re new to the IT industry. Virtualizing a homelab environment can be a great solution allowing heightened flexibility at a low cost!

In this post, we will walk through the process of downloading VirtualBox and downloading the required ISO files for both Windows Server 2022 and Windows 10. From there, creating a domain controller server (from this point referred to as DC) using Windows Server 2022, configuring a DHCP server, routing capabilities, and creating a client that will connect to the internet through the Domain Controller, which acts as a default gateway. Finally we will be creating a PowerShell script that will automate provisioning, maintenance, and deprovisioning of user accounts.

Let’s get started!

Downloading VirtualBox and the Windows ISOs Files

To create a virtual homelab environment using VirtualBox, you will first need to download and install VirtualBox on your computer. VirtualBox is a free and open-source virtualization software that allows you to run multiple operating systems on a single physical machine. With VirtualBox, you can create and manage virtual machines (VMs) on your computer, each of which can run a different operating system and set of applications without affecting your host operating system.

You can download the latest version of VirtualBox from the official website: https://www.virtualbox.org/wiki/Downloads. Select the newest and correct version for your host machine. (At this time, the newest version is v7.0.8)

Choose between Windows, macOS, or Linux hosts.

Once downloaded, run the installer and follow the on-screen instructions to install VirtualBox on your computer.

Next, you will need to download the ISO file for Windows Server 2022. You can download an evaluation copy of Windows Server 2022 from the Microsoft Evaluation Center: https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-2022.

Select the Download ISO link.

You may need to sign up for a license to download the ISO file. Once you’ve done so, you’ll be good to go. Download the executable and proceed with the installation process.

Next, you will also need to download the ISO file for Windows 10. You can download the Windows 10 ISO file from the Microsoft website: https://www.microsoft.com/en-us/software-download/windows10ISO

As I am writing this tutorial on macOS, I am unable to download the Media Creation Tool specific for Windows. For macOS users, you will see this page and can directly download the image file from the dropdown menu shown above.

Setting Up VirtualBox VMs for both Windows Server 2022 and Windows 10

Now that you’ve gotten the required files downloaded, let’s begin setting up the virtual environments! Here’s a speedy rundown of how to set up the Windows Server 2022 environment to act as the DC for your Active Directory environment.

  1. Open VirtualBox and click on the New button to create a new virtual machine.
  2. In the Name and Operating System window, enter a name for your virtual machine, such as “Domain Controller”, and select Microsoft Windows as the Type and Windows Server 2022 (64-bit) as the Version. Click on Next to proceed.
  3. In the Memory window, allocate the amount of memory you want to allocate for the virtual machine. The recommended amount of memory for a Windows Server 2022 VM is 2 GB or more, depending on your system resources. Adjust the memory size as needed, and click on Next to proceed.
  4. In the Hard Disk window, select Create a virtual hard disk now and click on Create to proceed.
  5. In the Hard Disk File Type window, select the default option VDI (VirtualBox Disk Image) and click on Next to proceed.
  6. In the Storage on Physical Hard Disk window, select the default option Dynamically allocated and click on Next to proceed.
  7. In the File Location and Size window, enter a name for your virtual hard disk and specify its size. The recommended size for a Windows Server 2022 VM is 20 GB or more, depending on your storage capacity. Adjust the size as needed, and click on Create to proceed.
  8. Once the virtual machine has been created, select it from the list of virtual machines in VirtualBox and click on Settings to configure its settings.
  9. In the System tab, allocate the number of CPU cores you want to allocate for the virtual machine. The recommended number of CPU cores for a Windows Server 2022 VM is 2 or more, depending on your system resources. Adjust the CPU core usage as needed, and click on OK to save the settings.
  10. In the Network tab you are going to need to have two adapters, one will already be created attached to NAT, you will need to create the other and attach it to the Internal Network. This will be important later.
  11. In the Storage tab, select the empty optical drive, click on the Choose Virtual Optical Disk File button, and browse to the location of the downloaded Windows Server 2022 ISO file. Select the file and click on OK to save the settings.
  12. Click on Start to power on the virtual machine and begin the installation process. Follow the on-screen instructions to install Windows Server 2022 on the virtual machine.
  13. When prompted, go ahead and set the password to “Password1”. Going forward, this will be the password for everything in this tutorial. Terrible for use in an actual enterprise environment, but for the sake of simplicity it’ll have to do.

Now your Domain Controller VM is ready to go! For a better experience within VirtualBox, I highly recommend navigating to the Devices tab within the VM and opting to download the Guest Additions in order to have a much smoother experience in the virtual environment. Doing so, you will notice much less lag on your cursor, as well as the ability to resize the VM window and resolution. Be sure to restart!

Next, we will do the same to set up the Client in Windows 10 with largely the same process!

  1. Open VirtualBox and click on the New button to create a new virtual machine.
  2. In the Name and Operating System window, enter a name for your virtual machine, such as Windows 10, and select Microsoft Windows as the Type and Windows 10 (64-bit) as the Version. Click on “Next” to proceed.
  3. In the Memory window, allocate the amount of memory you want to allocate for the virtual machine. The recommended amount of memory for a Windows 10 VM is 2 GB or more, depending on your system resources. Adjust the memory size as needed, and click on Next to proceed.
  4. In the Hard Disk window, select Create a virtual hard disk now and click on Create to proceed.
  5. In the Hard Disk File Type window, select the default option VDI (VirtualBox Disk Image) and click on Next to proceed.
  6. In the Storage on Physical Hard Disk window, select the default option Dynamically allocated and click on Next to proceed.
  7. In the File Location and Size window, enter a name for your virtual hard disk and specify its size. The recommended size for a Windows 10 VM is 50 GB or more, depending on your storage capacity. Adjust the size as needed, and click on Create to proceed.
  8. Once the virtual machine has been created, select it from the list of virtual machines in VirtualBox and click on Settings to configure its settings.
  9. In the System tab, allocate the number of CPU cores you want to allocate for the virtual machine. The recommended number of CPU cores for a Windows 10 VM is 2 or more, depending on your system resources. Adjust the CPU core usage as needed, and click on OK to save the settings.
  10. In the Storage tab, select the empty optical drive, click on the Choose Virtual Optical Disk File button, and browse to the location of the downloaded Windows 10 ISO file. Select the file and click on OK to save the settings.
  11. In the Network tab you will adjust the default adapter to attach to the Internal Network this will allow the Client to get a DHCP-configured IP to the machine. This will emulate how a corporate network would function.
  12. Click on Start to power on the virtual machine and begin the installation process. Follow the on-screen instructions to install Windows 10 Pro.
  13. Make sure to Continue with Limited Setup as this will prevent you from needing to create a Microsoft Account to login to this machine.
  14. I personally recommend turning off all trackers and making your machine as private as possible.

Now your Client VM is ready to go! It is again recommend to download the Guest Additions to your virtual environment. Now that all the setup is finished, we can finally jump into the nuts and bolts of Active Directory.

Setting Up IP Addressing

Now that the Windows Server VM is up and running we can begin to set up our IP addressing scheme. If you recall from earlier, we have two network adapters attached to this machine. One is going to be configured to get IP addressing from our home router, so nothing needs to be done there, and the other will be set to provide a default gateway for our Client VM to connect to. This will replicate how an enterprise environment would be set up.

To get started, you’re going to click on the network icon on the bottom right of the Windows Taskbar. From there click on Network.

After clicking on network, click on Change Adapter Options.

After doing so, you’ll see two Network Connections in the Control Panel.

Note that mine have already been labeled in distinguishably different formats. Yours will not appear like this.

You’ll need to verify which of these two connections is the outward internet-facing adapter, and which is the one configured to be part of the internal network between VMs. To do so, you will double-click an adapter and then click Details. Look at the IPv4 Address and notice that one will have a typical public-facing IP such as 10.0.X.X whereas the internal-facing adapter will have an Autoconfiguration IPv4 instead. Label the adapters accordingly.

Next, right-click the internal network and go to Properties. Double-click on the Internet Protocol Version 4 checkbox. Now, you will go ahead and assign addressing to this adapter. I’m not going to go into the nuances of IP addressing in this tutorial, as I could sit here and type here for hours regarding methodology and subnetting, instead I ask that you take my word for it. Set the following properties:

  • IP address: 172.16.0.1
  • Subnet mask: 255.255.255.0
  • Gateway: <leave empty> (because the DC server itself will act as the default gateway)

As for the preferred DNS server setting we will be setting the DNS server as the loopback address. This is because Windows Server Active Directory will automatically configure a DNS for the DC. So using the loopback address will have the DC use itself as the DNS.

  • Preferred DNS server: 172.0.0.1

Configuring Active Directory Domain Services (AD DS)

Great! Now that we’ve set up our two network adapters for the DC machine, we can go ahead and configure Active Directory Domain Services (AD DS).

In order to do so:

  1. Open Server Manager. In the Server Manager window, click on Add Roles and Features from the Dashboard.
  2. In the Add Roles and Features Wizard window, click on Next to proceed.
  3. In the Installation Type window, keep Role-based or feature-based installation selected and click on Next to proceed.
  4. In the Server Selection window, select the local server and click on Next to proceed.
  5. In the Server Roles window, select Active Directory Domain Services and click on Next to proceed.
  6. In the Features window, click on Next to proceed.
  7. In the AD DS window, read the information and click on Next to proceed.
  8. In the Confirmation window, review the installation summary and click on Install to proceed.
  9. Wait for the installation to complete.
  10. Once the installation is complete, click on Close to exit the wizard.
  11. In the Server Manager window, you’ll notice a flag icon has appeared. This is because despite Click on it and then click on Promote this server to a domain controller.
  12. In the Deployment Configuration window, select Add a new forest and enter a root domain name of your choice, such as “mydomain.com”. Click on Next to proceed.
  13. In the Domain Controller Options window, select the default options and enter a Directory Services Restore Mode (DSRM) password of your choice. Click on Next to proceed.
  14. In the DNS Options window, select the default options and click on Next to proceed.
  15. In the Additional Options window, review the information and click on Next to proceed.
  16. In the Paths window, select the default options and click on Next to proceed.
  17. In the Review Options window, review the configuration summary and click on Install to proceed.
  18. Wait for the installation to complete.
  19. Once the installation is complete, the virtual machine will automatically restart and you will be able to log in to the domain controller using the domain Administrator account you just created.
Yours should look like this with the “MYDOMAIN” being replace by whatever you choose to name it, for the purposes of this tutorial we’ll go with “MYDOMAIN”

Now we’re going to be creating a new Organizational Unit (OU). An OU is a container object used to organize and manage user accounts, computer accounts, and other objects within a domain. An OU can contain other OUs, as well as user accounts, computer accounts, groups, and other objects. It allows you to apply Group Policy settings to a specific subset of users and computers, and delegate administrative control for a specific set of objects to a particular group of administrators. This helps simplify administrative tasks and reduce the risk of errors or unauthorized changes.

In order to set up an OU:

  1. Log back in.
  2. Open the Active Directory Users and Computers program by clicking Start and typing Active Directory Users and Computers in the search box.
  3. Right-click on the “mydomain.com” domain node in the left-hand pane and select New > Organizational Unit from the context menu.
  4. In the New Object — Organizational Unit dialog box, enter a name for the OU that reflects its purpose, such as “_ADMINS” , and click OK.
  5. The new OU will now be visible in the left-hand pane of the Active Directory Users and Computers program.
  6. Right-click on the OU and select New > User.
  7. In the New Object — User dialog box, enter the desired username in the User logon name field. Remember to follow the naming convention of a-”username”. For example, if you wanted to create a user named “John”, you would enter “a-john” as the username. This is a typical naming convention for administrators in an enterprise environment.
  8. Reuse the “Password1” from earlier for the sake of simplicity.
  9. Be sure to uncheck the box User must change password at next logon.
  10. Be sure to check the box Password never expires.
  11. Click Next
  12. Click Finish

Great, we’ve got the user created. However, the user still does not have admin privileges (despite the a- naming convention.) We’re going to have to add that user as a “Member Of” the Domain Admins group. To do so:

  1. Right-click on the user account and select Properties.
  2. In the Properties dialog box, click on the Member Of tab.
  3. Click the Add button to add the user to a new group.
  4. In the Enter the object names to select field, type Domain Admins and click Check Names. This will confirm that the group name is valid.
  5. Click OK to close the Select Groups dialog box.
  6. Click Apply to ensure that the changes have been applied.
  7. Click OK to close the Properties dialog box.

Now that the User has been created, assigned to an OU representative of the level of privilege the user has, as well as had those privileges assigned to them, we can now log in to verify that our setup has been correctly configured.

Go ahead and sign out of the domain account. When you’re greeted by the home screen go ahead and click Other user in the bottom left corner and log in with your newly-created credentials.

Setting Up RAS/NAT (Remote Access Server/Network Address Translation)

The next step is to set up RAS/NAT within the DC so that in the future we can connect our Windows 10 Client VM to the internet while still staying within our internal virtual network. To do so:

  1. Open the Server Manager by clicking on the icon on the taskbar or by searching for it in the start menu.
  2. In the Server Manager, select Add roles and features from the Dashboard section.
  3. In the Add Roles and Features Wizard, click Next until you reach the Server Roles page.
  4. On the Server Roles page, select Remote Access and click Next.
  5. On the Remote Access page, select Routing and click Add Features if prompted. (Note that the DirectAccess and VPN (RAS) checkbox will automatically be selected once you do this.)
  6. Click Next until you reach the Confirm installation selections page, then click Install.
  7. After the installation is complete, click Close.
  8. Now that the RAS role is installed, open the Routing and Remote Access tool in the Server Manager Dashboard.
  9. In the Routing and Remote Access tool, right-click the DC(local) icon and select Configure and Enable Routing and Remote Access.
  10. Follow the prompts and when at the Configuration page, select the Network address translation checkbox. This will allow all internal clients to connect to the Internet using one public IP address assigned to the DC by your home network.
  11. Go ahead and continue, when at the NAT Internet Connection page, check the Use this public interface to connect to the Internet option. At this point I’ve noticed that sometimes this option may be greyed out, not sure exactly why that is, but it can be resolved by exiting the wizard and following the process again.
  12. This is why we named our two network interfaces so that we can clearly identify which is the public-facing internet from our home network vs our virtualized internal network. Go ahead and select the one labeled “INTERNET”. (At least it should be if you’ve been following along :))
  13. Once the wizard is complete, you should have successfully set up RAS and NAT on your DC.

Now we can move on to the next step!

Setting up a DHCP Server on our DC

The purpose of us configuring a DHCP server on our DC is so that any client VMs we create will automatically be configured to connect to the internet through the DC automatically assigning IP addressing as well as acting as the default gateway (router) of our virtualized internal network. To do so:

  1. Follow similar steps as before to navigate to the Server Roles page. (Hope you’ve been paying attention!)
  2. Select DHCP Server and Add Features.
  3. Click Next until you can’t anymore and click Install.

Great! Now we can set the scope of our DHCP server. For the purposes of this tutorial I’ll be using a range of 172.16.0.100–200, a subnet mask of 255.255.255.0 or a /24 configuration. Again, enterprise environments would differ, typically having a /16 to allow for up to 65,536 IP addresses, but this is beyond the scope of our needs. Just keep that in mind. To define our scope:

  1. Click on Tools in the top right corner, and select DHCP from the drop-down menu.
  2. In the DHCP console, right-click on the server name in the left pane and select Authorize to authorize the DHCP server on the network.
  3. Once authorized, right-click on the IPv4 node and select New Scope to create a new DHCP scope.
  4. I like to name my scopes based on the range of IP addresses, makes it simple to use. In this case, “172.16.0.100–200”.
  5. Click Next.
  6. On the IP Address Range page, set the Start IP as “172.16.0.100 (without quotes) and the End IP as “172.16.0.200”.
  7. Now set the Length as 24 and the Subnet Mask should automatically configure to 255.255.255.0
  8. Go ahead and click Next until you reach the Configure DHCP Options page, no need to mess with any Exclusions or Lease Durations for our purposes.
  9. You’ll want to click Yes to configure your DHCP options now
  10. Now, go ahead and enter the DC’s IP address which should be “172.16.0.1” and be sure to click Add before moving on.
  11. Next, you’ll end up on the Domain Name and DNS Servers page, here, because Active Directory automatically configures a DNS server on boot, we can just use the domain name of the DC to use as our DNS server. In this case “mydomain.com”
  12. Click Next until you get to the Active Scope page, and activate the scope now.
  13. Click Finish

Now, be sure to go to the DHCP server and right-lick to Authorize and right-click once more to Refresh. Once that’s done, congrats you’ve set up your own DHCP server! But before we go ahead and finish configuring the Client VM to connect to it, let’s get to the fun part of using a PowerShell script in order to create a whole bunch of users in Active Directory. No need to do it manually.

Powershell Script to Generate Users for Active Directory Use

I’ve gone ahead and written a simple Powershell Script that will generate a bunch of users for you to play around with and practice managing user permissions and so on. This way, you won’t have to manually create them yourself.

If you’d like to use this script I’ll provide the link to my GitHub where you can download the file (be sure to do this inside of the VM):
https://github.com/digital-dogma/create-users-with-ps-script/raw/main/Active%20Directory%20PS.zip

Once downloaded, go ahead an unzip the archive file and move to somewhere easily accessible like the Desktop. For the purposes of this tutorial I’ll be saving it there.

Now go ahead and open Windows Powershell ISE as an admin and go ahead and open the “USER_CREATION” .ps1 file.

You should be looking at this screen:

Now, if you try running the script, you’ll receive a message stating that because the file is not digitally signed you can’t run it on the current system. This is a security feature, not an error. But becasue we’re in a lab we don’t really need this security feature enabled. To fix this error go ahead and enter in the command line “Set-ExecutionPolicy Unrestricted” (no quotes). It will ask if you’re sure you want to do this, click Yes to All.

Now, I could go ahead and break down this script line-by-line in order to explain what’s going on here, but I made sure to make this script very human-readable and just taking a look at what’s labeled should give you a high-level understanding of what the script is doing. In short, it’s taking names from the *names.txt* file and assigning them to newly created user accounts. They are all assigned the password “Password1” for the sake of simplicity and in keeping consistent with the rest of the tutorial logins.

In order to run the script you’re going to need to change to the directory the script is running in. To do so. we’ll be using the cd (or change directory) command.

If you’ve been following the tutorial you should be able to run this command replacing the quotes with your username:

cd C:\users\“username”\Desktop\Active _Directory_PS

Once you’ve navigated to the folder housing the script, go ahead and click the green Play button in the ISE and click Run once if you get an additional pop-up. Now watch as your users are created automatically!

It’s going to take a little bit to fully create all the users, but once it’s done go ahead and open Active Directory Users and Computers again, right-click your domain and notice that there is now a “_USERS” OU for you to play around with.

Okay! Now we’ve got our DC environment fully setup, we have users to play with, now all we need to do is check in on our Windows 10 Client VM.

Checking on our Configuration in our Client VM

Now that we’ve gone through all the work to set up a fully functional “enterprise” environment, let’s go ahead and confirm that everything we’ve done has been correctly configured.

After signing in to the Client VM, go ahead and open the Command Prompt and type in “ipconfig”. If everything has worked the way it should you should find that your Client has an IP automatically assigned to it thanks to our previously configured DHCP server in the DC. It should also have a default gateway assigned to it thanks to us setting up Routing within our DC.

And that’s basically it! You can now do whatever it is you would like with a fully functional virtual environment that is set with 1000+ users. Now you can practice with setting up different Group Policies, mimic having a team of administrators, etc. You can even practice remediating attack scenarios that target Active Directory! No matter what your goal, this basic setup can help provide a pathway to practicing and eventually mastering it.

I hope you found this tutorial helpful!

Active Directory
Homelab
Virtualization

--

--

Antwan McLemore
Antwan McLemore

Written by Antwan McLemore

2 Followers
1 Following

IT professional with a strong foundation in technology and a B.S. in Cybersecurity and Information Assurance.

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams