Create the Domain Controller VM (Windows Server 2022) named “DC-1”:
Create the Client VM (Windows 10) named “Client-1”. Use the same Resource Group and Vnet that was created in previous step:
Set Domain Controller’s NIC Private IP address to be static:
Ensure that both VMs are in the same Vnet (you can check the topology with Network Watcher):
Login to Client-1 with Remote Desktop and ping DC-1’s private IP address with ping -t
Login to the Domain Controller and enable ICMPv4 in on the local windows firewall:
Check back at Client-1 to see the ping succeed:
Login to DC-1 and install Active Directory Domain Services:
Promote as a Domain Controller:
Setup a new forest as myactivedirectory.com (can be anything, just remember what it is - I ultimately did set it up as myadproject.com which you'll see in the next pic):
Restart and then log back into DC-1 as user: myadproject.com\labuser:
In Active Directory Users and Computers (ADUC), create an Organizational Unit (OU) called “_EMPLOYEES” and another one called "_ADMINS":
Create a new employee named “Jane Doe” with the username of “jane_admin”:
Add jane_admin to the “Domain Admins” Security Group:
Log out/close the Remote Desktop connection to DC-1 and log back in as “myadproject.com\jane_admin”. Use jane_admin as your admin account from now on:
From the Azure Portal, set Client-1’s DNS settings to the DC’s Private IP address:
From the Azure Portal, restart Client-1.
Login to Client-1 (Remote Desktop) as the original local admin (labuser) and join it to the domain (computer will restart):
Login to the Domain Controller (Remote Desktop) and verify Client-1 shows up in Active Directory Users and Computers (ADUC) inside the “Computers” container on the root of the domain.
Create a new OU named “_CLIENTS” and drag Client-1 into there:
Log into Client-1 as mydomain.com\jane_admin and open system properties.
Click “Remote Desktop”.
Allow “domain users” access to remote desktop.
You can now log into Client-1 as a normal, non-administrative user now.
Normally you’d want to do this with Group Policy that allows you to change MANY systems at once (maybe a future lab):
Login to DC-1 as jane_admin
Open PowerShell_ise as an administrator.
Create a new File and paste the contents of this script (https://github.com/agruezo/configure-active-directory/blob/script/createUsers.ps1) into it:
Run the script and observe the accounts being created:
When finished, open ADUC and observe the accounts in the appropriate OU and attempt to log into Client-1 with one of the accounts (take note of the password in the script):
I hope this tutorial helped you learn a little bit about network security protocols and observe traffic between virtual machines. And although I ran this on a my MacBook Air, this can be easily done on a PC without having to download a remote desktop app since Windows provides that with it's software.
And now that we're done, DON'T FORGET TO CLEAN UP YOUR AZURE ENVIRONMENT so that you don't incur unnecessary charges.
Close your Remote Desktop connection, delete the Resource Group(s) created at the beginning of this tutorial, and verify Resource Group deletion.