Home Lab

Create a VM without an OS first, and then add the Windows Server 2022 ISO file as the path.

Mollysec-DC01

From server manager:

1. Add Roles and Features → Role-based or feature-based installation

2. Local server → AD Domains Services

3. Cick on the Promote to DC configuration triangle post-install

4. Add new forest and go through the wizard

# Rename host
Rename-Computer -NewName "MOLLYSEC-DC01" -Restart

# Users list
> cat users.txt
molly-ea
molly-da
molly
sylune
henry
freya
poppy
willow
gecko
lennie
indy
rudy
ca_svc

# Create multiple users
Import-Module ActiveDirectory
Get-Content .\users.txt | ForEach-Object {New-ADUser -Name $_ -SamAccountName $_ -AccountPassword (ConvertTo-SecureString "Password123!" -AsPlainText -Force) -Enabled $true}

Puppy-DC01

# Rename host
Rename-Computer -NewName "Puppy-DC01" -Restart

# Point DNS server to the root-DC
Set-DnsClientServerAddress -InterfaceAlias "Ethernet0" -ServerAddresses 192.168.239.134

# Add computer to the root domain
Add-Computer -DomainName mollysec.local -Credential MOLLYSEC\Administrator -Restart

# Install AD DS feature
Install-WindowsFeature AD-Domain-Services -IncludeManagementTools

# Add a new user
New-ADUser -Name "puppy-da" -SamAccountName "puppy-da" -AccountPassword (ConvertTo-SecureString "Password123!" -AsPlainText -Force) -Enabled $true -Server "puppy.mollysec.local"

# Make the user DA
Add-ADGroupMember -Identity "Domain Admins" -Members "puppy-da" -Server "puppy.mollysec.local"

CA-01

# Rename host
Rename-Computer -NewName "CA-01" -Restart

# Point DNS server to the root-DC
Set-DnsClientServerAddress -InterfaceAlias "Ethernet0" -ServerAddresses 192.168.239.134

# Add computer to the root domain
Add-Computer -DomainName mollysec.local -Credential MOLLYSEC\Administrator -Restart

# From a local administrator shell, install AD CS
> Install-AdcsCertificationAuthority -CAType EnterpriseRootCA -CryptoProviderName "RSA#Microsoft Software Key Storage Provider" -KeyLength 2048 -HashAlgorithmName SHA256 -CACommonName "MOLLYSEC-CA" -Force

ErrorId ErrorString
------- -----------
      0
      
# Verify it worked
> Get-Service certsvc

Status   Name               DisplayName
------   ----               -----------
Running  certsvc            Active Directory Certificate Services

> certutil -config - -ping
CA-01.mollysec.local\MOLLYSEC-CA
Connecting to CA-01.mollysec.local\MOLLYSEC-CA ...
Server "MOLLYSEC-CA" ICertRequest2 interface is alive (2719ms)
CertUtil: -ping command completed successfully.

From server manager:

1. Manage → Add Roles and Features

2. Check ADCS → Click on the post-install notification triangle

3. Choose CA → Enterprise CA (defaults for the rest)

• Certificate Authority server manager (aka CA console): certsrv.msc

• Certificate Template manager: certtmpl.msc

# From mmc
1. Add or Remove Snap-ins
2. Add `Certificates`
3. Computer Account
4. Local Computer
5. View fields/details

DEV01

# Rename host
Rename-Computer -NewName "DEV01" -Restart

# Point DNS server to the root-DC
Set-DnsClientServerAddress -InterfaceAlias "Ethernet0" -ServerAddresses 192.168.239.134

# Add computer to the root domain
Add-Computer -DomainName mollysec.local -Credential MOLLYSEC\Administrator -Restart

# Check SMB singing
> Get-SmbServerConfiguration | select requiresecuritysignature

Commands

Write-Host "Hostname: $env:COMPUTERNAME"
Write-Host "NetBIOS Name: $env:COMPUTERNAME"
Write-Host "Domain Name: $((Get-WmiObject Win32_ComputerSystem).Domain)"
Write-Host "FQDN: $([System.Net.Dns]::GetHostByName(($env:COMPUTERNAME)).Hostname)"
Hostname: DC01
NetBIOS Name: DC01
Domain Name: molly.local
FQDN: DC01.molly.local