In this lab, we need to setup an Active Directory Server. But instead of doing everything manually, we need to automate the whole process. We’ll be doing this using Vagrant for now, but later we might to the same on a Cloud Lab setup on AWS using Terraform.
Vagrant might be new to many readers, as it was to me as well. But its great learning, while doing this task I found solutions to many of my ideas which I’ll be sharing soon. For now, lets start with the task.
Create two machines A and B. Machine A should be the domain controller and Machine B is the machine to join the domain controller. Machine B should have chrome installed and its Firewall should be off.
Host System Configuration:
Key | Value |
---|---|
OS | Kubuntu 20.04 |
Hypervisor | VirtualBox |
RAM | 8GB |
CPU | Intel i5 6th Gen |
To install Vagrant on your Linux System, use the following commands:
curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add - sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main" sudo apt-get update && sudo apt-get install vagrant
Once vagrant has been installed, we need to get the base images for the lab setup.
Now we need to configure vagrant for installing the correct OS Images and then executing some scripts as soon as the OS is installed.
In this lab, we need to create two machines:
The machines will be having their own configurations which will be discussed later. For now, the configuration requires both the machines to be in the same subnet and have static IPs as mentioned below.
To perform the above, First we need to initialize Vagrant to the Project Folder.
vagrant up
We’ll be using Vagrant Cloud to get the initial base image.
For restarting the VMs smoothly, we need to install the following plugin as well.
vagrant plugin install vagrant-reload
Configuration File For Machine A:
Vagrant.configure("2") do |config| config.vagrant.plugins = ["vagrant-reload"] config.vm.define "Machine-A" do |dc| dc.vm.provider "virtualbox" do |vbox| vbox.memory = 2048 vbox.cpus = 1 vbox.name = "Machine A" vbox.gui = true end dc.vm.box = "gusztavvargadr/windows-server" dc.vm.box_version = "1809.0.2203" dc.winrm.transport = :plaintext dc.winrm.basic_auth_only = true dc.vm.hostname = "aurordc" dc.vm.network "private_network", ip: "10.0.0.9" dc.vm.provision "shell", path: "./scripts/setup_dc.ps1" dc.vm.provision "reload" dc.vm.boot_timeout = 6000 end end
Configuration File explained line by line:
vagrant-reload
for smooth restartConfiguration File for Machine B:
Vagrant.configure("2") do |config| config.vagrant.plugins = ["vagrant-reload"] config.vm.define "Machine-B" do |user1| user1.vm.provider "virtualbox" do |vbox| vbox.memory = 2048 vbox.cpus = 1 vbox.name = "Machine B" vbox.gui = True end user1.vm.box = "gusztavvargadr/windows-10" user1.vm.box_version = "2102.0.2204" user1.winrm.transport = :plaintext user1.winrm.basic_auth_only = true user1.vm.hostname = "UserMachine" user1.vm.network "private", ip: "10.0.0.19" user1.vm.provision "shell", path: "./scripts/user_setup.ps1" user1.vm.provision "reload" user1.vm.boot_timeout = 6000 end end
The configurations are similar and they will be combined in a single file. The complete Vagrant Configuration File will be
Vagrant.configure("2") do |config| config.vargrant.plugins = ["vagrant-reload"] config.vm.define "Machine-A" do |dc| dc.vm.provider "virtualbox" do |vbox| vbox.memory = 2048 vbox.cpus = 1 vbox.name = "Machine A" vbox.gui = true end dc.vm.box = "gusztavvargadr/windows-server" dc.vm.box_version = "1809.0.2203" dc.winrm.transport = :plaintext dc.winrm.basic_auth_only = true dc.vm.hostname = "aurordc" dc.vm.network "private_network", ip: "10.0.0.9" dc.vm.provision "shell", path: "./scripts/setup_dc.ps1" dc.vm.provision "reload" dc.vm.boot_timeout = 6000 end config.vm.define "Machine-B" do |user1| user1.vm.provider "virtualbox" do |vbox| vbox.memory = 2048 vbox.cpus = 1 vbox.name = "Machine B" vbox.gui = true end user1.vm.box = "gusztavvargadr/windows-server" user1.vm.box_version = "1809.0.2203" user1.winrm.transport = :plaintext user1.winrm.basic_auth_only = true user1.vm.hostname = "UserMachine" user1.vm.network "private", ip: "10.0.0.19" user1.vm.provision "shell", path: "./scripts/user_setup.ps1" user1.vm.provision "reload" user1.vm.boot_timeout = 6000 end end
Once vagrant configuration is done, we need to write the PowerShell Scripts for setting up the DC and the user to connect to the DC
setup_dc.ps1:
# Creating a Local User net user adam Pass@123 /add # Allow User to perform RDP net localgroup "Remote Desktop Users" adam /add # Global Variables $domain_name = "auror.local" $domain_netbios_name = "auror" $mode = "Win2012R2" $password = "Password@123!" $secure_password = $password | ConvertTo-SecureString -AsPlainText -Force # Install Active Directory Install-WindowsFeature AD-Domain-Services -IncludeManagementTools -IncludeAllSubFeature # Configuring Active Directory ## Import AD DS Deployment Import-Module ADDSDeployment ## AD DS Forest Configuration $forest_config = @{ DomainName = $domain_name SafeModeAdministratorPassword = $secure_password DomainMode = $mode DomainNetBIOSName = $domain_netbios_name ForestMode = $mode InstallDNS = $true DatabasePath = "C:\Windows\NTDS" LogPath = "C:\Windows\NTDS" SYSVOLPath = "C:\Windows\SYSVOL" Force = $true NoRebootOnCompletion = $true } ## Install AD DS Forest Install-ADDSForest @forest_config
user_setup.ps1:
# Disable Firewall Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False # Disable Windows Defender Set-MpPreference -DisableBehaviorMonitoring $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -DisableIOAVProtection $true -EnableNetworkProtection 0 # Configure Machine A as the DNS Server $net_adapters = Get-WmiObject Win32_NetworkAdapterConfiguration $net_adapters | ForEach-Object {$_.SetDNSServerSearchOrder("10.0.0.9")} # Add Computer to Domainn $username = "vagrant" $password = "vagrant" $secure_password = $password | ConvertTo-SecureString -AsPlainText -Force $credentials = New-Object System.Management.Automation.PSCredential($username, $secure_password) $domain = "auror.local" Add-Computer -DomainName $domain -Credential $credentials # Add User Adam to Local Administrators net localgroup "Administrators" auror\adam /add # Install Chrome $PATH = "C:\\Windows\\Tasks" $INSTALLER = "chrome_installer.exe" Invoke-WebRequest "http://dl.google.com/chrome/install/375.126/chrome_installer.exe" -OutFile $PATH\$INSTALLER Start-Process -FilePath $PATH/$INSTALLER -Args "/silent/install"
Now as we have got all out files ready, its time to run vagrant and test if the files are working correctly.
vagrant up
As soon as the above command is executed, your complete infrastructure is up and running.
Note: You might some irrelevant errors, if so re-run the command.
Reference: https://www.passthehacks.com/post/the-auror-project