Homelab Guide Part 2: Active Directory, DNS, and DHCP
Setting Windows Server(WS) 2019 up to be a domain controller in your virtual environment and adding a workstation to active directory
configure your VM's setting to have a "Bridged Connection" so that is connected directly to the network
you can follow along with this video: https://www.youtube.com/watch?v=i2EcP3pAqrI
boot up your Server VM
open the Server Manager
click on Local Server on the left hand column
under properties, click on the IP address to the right of "Ethernet0" - this opens your network connections - take note that it says the IP addressed was assigned by DHCP(Dynamic Host Configuration Protocol)
double click your network and open "Details" - copy down your IPv4 Address, IPv4 Default Gateway, and IPv4 DNS Servers
close the details and click "Properties"
double click "Internet Protocol Version 4(TCP/IPv4)" to open its properties
click the "Use the following IP Address" radio button and type in all the saved information from before. Leave the alternate DNS blank
press okay when finished to close the IPv4 tab and then okay again to close the properties tab
test your connection by "ping google.com" in the command prompt
open the Server Manager and see that "assigned by DHCP" is gone so that means your IP address is now static
you can follow along with this video: https://www.youtube.com/watch?v=NE2nQlYcwao
Installation Type = Role-based or feature-based installation
click next
Server Selection = select a server from the server pool and highlight the only one there
click next
checkmark Active Directory Domain Servers(click add features)
checkmark DHCP Server(click add features)
checkmark DNS Server(click add features)
click next
Features = leave default settings
click next
AD DS = click next
DHCP Server = click next
DNS Server = click next
Confirmation = click install
Once installed, you now have to configure some things in the same install wizard
click "Promote this server to a domain controller"
click the "Add a new forest" radio button
type in a root domain = for example "homelab.local"
click next
Domain Controller Options = leave everything default except for the DSRM password which you must create and write down
click next
ignore the warning
click next
Additional Options = leave the default and click next
Paths = leave the default options and click next
Review Options = review everything you put and click next
Prerequisites Check = wait to see if the checks are passed, ignore the results warnings, and click install
once installed your computer will reboot and you will login with the administrator account and the password you chose
open the server manager, click tools at the top right, and click DNS
expand your server on the left
right click "Reverse Lookup Zones" and click "New Zone" - Reverse lookup zones are used to resolve IP addresses to a hostname
Zone Type = Primary Zone & checkmark "store the zone in AD"
click next
AD Zone Replication Scope = leave default
click next
Reverse Lookup Zone Name = IPv4 Reverse Lokup Zone
click next
Netowrk ID = your first three octets of the IP address you set as the static IP for your machine. for example: "192.168.1.45" you would put 192.168.1
click next
Dynamic Update = leave default to allow secure dynamic updates
click next
Completing the New Zone Wizard = click finish
click on your newly create zone and you will see the SOA and NS but you still have to add a pointer domain controller
right click in the blank space and click "New Pointer"
click browse
double click on your server name, then your forward lookup zone folder, then your named AD, and finally scroll down and select your host(the server you are running on)
click okay and now you can see the pointer record is there under Reverse lookup folder
finally, we have to change the preferred DNS server back in the Ethernet settings from the start of this guide
open the Ethernet properties and double click on IPv4
you will see that the preferred DNS server has changed to 127.0.0.1 which is actually "local server" - this will work because you have just configured the server to act as a DNS server and therefore "pointing to itself" to resolve domain names is not a problem. But, if you configured another separate machine to act as a DNS server, you would have to point to it for domain resolution to work
type in the server's IP Address instead. Remember, this server is not both the Domain Controller AND the DNS Server
DHCP will handle the IP addresses of the workstations you will add under this Domain Controller's forest
open the server manager and click on the flag on the top that has a yellow warning sign
click "Complete DHCP configuration" and a wizard will open
click next
Authorization = leave everything default because your account has sufficient privileges to handle DHCP
click commit
you will see the security groups are created and privileges set
click close
since it is configured you can now open up DHCP by clicking tools at the top of the server manager and then DHCP
expand your server, expand IPv4
right click IPv4 and click "New Scope"
click next
put "SCOPE1" as the name and click next
IP Address Range = use your initial 3 octets again, "192.168.1.x" and substitute a number for x. For example: Start = 192.168.1.135 and End = 192.168.1.155 so you give the DHCP a scope of 20 IP addresses to hand out to new devices
leave the LENGTH and the SUBNET MASK default and click next
Exclusions and Delay = leave blank and click next
Lease Duration = change 8 days to 8 hours and click next (this is how long a device is allowed to use an IP before it must request a new one from the DHCP server)
Configure DHCP Options = Yes and click next
Router(Default Gateway) = type in the IP of your router which will probably be 192.168.1.1 as this is a reserved address for the default gateway (by reserved it really means following a standard)
click next
Domain Name and DNS Servers = leave default and click next
WINS Server = leave blank and click next
Activate Scope = yes and click next
click finish
now you can see your new scope was created
click on Address pool to see the range
click on Address leases to see if IP addressed were leased out (this is where you will come back to to see if your workstations are being handled by the DHCP server correctly later on)
go here https://www.microsoft.com/en-us/evalcenter/evaluate-windows-10-enterprise
download a windows 10 Enterprise VM
install and configure it with VMware just like you did with the Server and turn it on.
when the installation is complete you will be prompted to login to your Microsoft account
skip this and click domain join on the bottom left
follow the wizard and create an account
wait for windows to start up
open cmd, ipconfig, and take note of your current IP address - it will change after adding this workstation to the Domain
in search bar to to "About PC"
click on advanced system settings at the bottom and go to "Computer Name"
click on Change at the bottom
click the "Domain" radio button under "Member Of"
type in the name of your domain controller - for example "homelab" and click okay
it will load for a little bit and then ask you to login to the administrator account of the server
login and then you will have to restart the workstation
now you will see under the "Computer Name" tab in the advanced system settings that your "Full Computer Name" is your desktop name + .homelab.local and the "Domain" is homelab.local
open command prompt, ipconfig, and see that your IP address fits within the Address pool range you set on the server.
go back to your server and look at the Address leases in the DHCP tool
your workstation should now be listed as a device that has been leased an IP address
you can also go to the server manager, open tools at the top right, and click Active Directory Users and Computers
expand your domain.local and click on the computers folder
here you will see your workstation
now, you must create a user to fuse it with the workstation
right click the user folder, click new, click user
choose a first name(it can be the username), type in the user logon name, and hit next
create a password with uppercase, lowercase, and a number
uncheck the "User must change password at next logon" and hit next
hit finish and you can now see the user in the list
now when logging into the workstation, click other user at the bottom left, type in the username you just created, the password, and you will see you are signing into the DOMAIN you created
if you restart this machine, the original account you created when first initializing the VM install will disappear from the login options and you will only be able to login into the account provided by the Domain Controller