{"id":3274,"date":"2025-02-27T20:22:02","date_gmt":"2025-02-28T02:22:02","guid":{"rendered":"https:\/\/chrisrgaunt.com\/?p=3274"},"modified":"2025-02-27T20:25:46","modified_gmt":"2025-02-28T02:25:46","slug":"setting-up-active-directory-in-a-virtual-machine-vm-step-by-step-guide","status":"publish","type":"post","link":"https:\/\/chrisrgaunt.com\/?p=3274","title":{"rendered":"Setting Up Active Directory in a Virtual Machine (VM) \u2013 Step-by-Step Guide"},"content":{"rendered":"\n<p>If you&#8217;re diving into <strong>Active Directory (AD)<\/strong>, setting it up in a virtual environment is the best way to test things out without breaking anything important. In this guide, I\u2019ll walk you through:<\/p>\n\n\n\n<p>\u2714\ufe0f <strong>Installing Windows Server in a VM<\/strong><br>\u2714\ufe0f <strong>Setting up a Domain Controller<\/strong><br>\u2714\ufe0f <strong>Adding users, groups, and roles<\/strong><br>\u2714\ufe0f <strong>Joining a Windows 11 machine to the domain<\/strong><br>\u2714\ufe0f <strong>Applying Group Policies (GPOs)<\/strong><br>\u2714\ufe0f <strong>Using PowerShell to automate AD tasks<\/strong><\/p>\n\n\n\n<p>Let\u2019s get started.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>1. Setting Up Your Virtual Machine<\/strong><\/h2>\n\n\n\n<p>First things first, you need a VM running <strong>Windows Server 2019 or 2022<\/strong>. You can use <strong>Hyper-V, VMware, or VirtualBox<\/strong> to create one.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Step 1: Install Windows Server in a VM<\/strong><\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Download the <strong>Windows Server 2022<\/strong> ISO from Microsoft.<\/li>\n\n\n\n<li>Create a new VM with at least:\n<ul class=\"wp-block-list\">\n<li><strong>2 vCPUs<\/strong><\/li>\n\n\n\n<li><strong>4GB RAM (8GB recommended)<\/strong><\/li>\n\n\n\n<li><strong>50GB+ storage<\/strong><\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Mount the ISO and install Windows Server.<\/li>\n\n\n\n<li>Set a <strong>static IP address<\/strong> (important for domain setup).<\/li>\n<\/ol>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>2. Installing Active Directory Domain Services (AD DS)<\/strong><\/h2>\n\n\n\n<p>Once your Windows Server VM is running:<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Step 2: Install AD DS Role<\/strong><\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Open <strong>Server Manager<\/strong> &gt; Click <strong>Manage<\/strong> &gt; <strong>Add Roles and Features<\/strong>.<\/li>\n\n\n\n<li>Select <strong>Role-Based Installation<\/strong> &gt; Click <strong>Next<\/strong>.<\/li>\n\n\n\n<li>Under <strong>Server Roles<\/strong>, check <strong>Active Directory Domain Services<\/strong> and click <strong>Next<\/strong>.<\/li>\n\n\n\n<li>Click <strong>Install<\/strong> and wait for it to finish.<\/li>\n<\/ol>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>3. Promoting the Server to a Domain Controller<\/strong><\/h2>\n\n\n\n<p>Now, we need to <strong>promote<\/strong> the server to a <strong>Domain Controller (DC)<\/strong>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Step 3: Set Up the Domain<\/strong><\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>After installation, click <strong>Promote this server to a domain controller<\/strong> (from the Server Manager notifications).<\/li>\n\n\n\n<li>Choose <strong>Add a new forest<\/strong> and enter your <strong>domain name<\/strong> (e.g., <code>mydomain.local<\/code>).<\/li>\n\n\n\n<li>Click <strong>Next<\/strong> through the prompts and:\n<ul class=\"wp-block-list\">\n<li>Set <strong>Forest Functional Level<\/strong> to <strong>Windows Server 2016 or later<\/strong>.<\/li>\n\n\n\n<li>Set a <strong>DSRM password<\/strong> (for AD recovery).<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Click <strong>Install<\/strong> and let it reboot.<\/li>\n<\/ol>\n\n\n\n<p>After rebooting, log in using <strong>DOMAIN\\Administrator<\/strong>.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>4. Creating Users, Groups, and Roles in AD<\/strong><\/h2>\n\n\n\n<p>With our domain set up, let\u2019s create <strong>users and groups<\/strong> in <strong>Active Directory Users and Computers (ADUC)<\/strong>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Step 4: Open ADUC<\/strong><\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Click <strong>Start<\/strong>, type <code>Active Directory Users and Computers<\/code>, and open it.<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Step 5: Create an Organizational Unit (OU)<\/strong><\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Right-click your <strong>domain name<\/strong> (<code>mydomain.local<\/code>) &gt; <strong>New<\/strong> &gt; <strong>Organizational Unit<\/strong>.<\/li>\n\n\n\n<li>Name it something like <code>IT Department<\/code> and click <strong>OK<\/strong>.<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Step 6: Add a New User<\/strong><\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Inside your OU, <strong>right-click<\/strong> &gt; <strong>New<\/strong> &gt; <strong>User<\/strong>.<\/li>\n\n\n\n<li>Fill in:\n<ul class=\"wp-block-list\">\n<li><strong>First Name, Last Name, Username<\/strong> (<code>jdoe<\/code>).<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Set a <strong>password<\/strong> (e.g., <code>Password123!<\/code>).<\/li>\n\n\n\n<li>Click <strong>Finish<\/strong>.<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Step 7: Create a Group and Assign Users<\/strong><\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>In <strong>ADUC<\/strong>, navigate to an <strong>OU<\/strong>.<\/li>\n\n\n\n<li>Right-click &gt; <strong>New<\/strong> &gt; <strong>Group<\/strong>.<\/li>\n\n\n\n<li>Name it (e.g., <code>IT Admins<\/code>).<\/li>\n\n\n\n<li>Select <strong>Global<\/strong> and <strong>Security<\/strong> &gt; Click <strong>OK<\/strong>.<\/li>\n\n\n\n<li>Right-click the <strong>user<\/strong> &gt; <strong>Properties<\/strong> &gt; <strong>Member Of<\/strong> &gt; <strong>Add<\/strong> the group.<\/li>\n<\/ol>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>5. Joining a Windows 11 Machine to the Domain<\/strong><\/h2>\n\n\n\n<p>To test AD, we\u2019ll join a <strong>Windows 11 VM<\/strong> to the domain.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Step 8: Set Up Windows 11 VM<\/strong><\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Install <strong>Windows 11<\/strong> in a VM.<\/li>\n\n\n\n<li><strong>Set a static IP<\/strong> (in the same subnet as your AD server).<\/li>\n\n\n\n<li>Set the <strong>Preferred DNS<\/strong> to the <strong>AD server\u2019s IP<\/strong>.<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Step 9: Join the Domain<\/strong><\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Open <strong>Settings<\/strong> &gt; <strong>System<\/strong> &gt; <strong>About<\/strong>.<\/li>\n\n\n\n<li>Click <strong>Domain or Workgroup<\/strong> &gt; <strong>Change Settings<\/strong>.<\/li>\n\n\n\n<li>Select <strong>Domain<\/strong>, enter <code>mydomain.local<\/code>, and click <strong>OK<\/strong>.<\/li>\n\n\n\n<li>Enter your <strong>AD Administrator credentials<\/strong>.<\/li>\n\n\n\n<li>Restart the computer.<\/li>\n<\/ol>\n\n\n\n<p>Now you can log in as <strong>DOMAIN\\jdoe<\/strong>!<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>6. Applying Group Policies (GPOs)<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Step 10: Create and Apply a GPO<\/strong><\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Open <strong>Group Policy Management<\/strong> (<code>gpmc.msc<\/code>).<\/li>\n\n\n\n<li>Right-click <strong>Group Policy Objects<\/strong> &gt; <strong>New<\/strong> &gt; Name it (e.g., <code>Security Policy<\/code>).<\/li>\n\n\n\n<li>Right-click an <strong>OU<\/strong> &gt; <strong>Link an Existing GPO<\/strong>.<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Step 11: Enforce Password Policy<\/strong><\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Open your GPO and go to:pgsqlCopyEdit<code>Computer Configuration &gt; Policies &gt; Windows Settings &gt; Security Settings &gt; Account Policies &gt; Password Policy<\/code><\/li>\n\n\n\n<li>Modify:\n<ul class=\"wp-block-list\">\n<li><strong>Min Password Length<\/strong>: 10 characters<\/li>\n\n\n\n<li><strong>Enforce Password History<\/strong>: 5 previous passwords<\/li>\n\n\n\n<li><strong>Max Password Age<\/strong>: 90 days<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Click <strong>Apply<\/strong> and <strong>OK<\/strong>.<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Step 12: Restrict USB Devices<\/strong><\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Go to:pgsqlCopyEdit<code>Computer Configuration &gt; Policies &gt; Administrative Templates &gt; System &gt; Removable Storage Access<\/code><\/li>\n\n\n\n<li>Enable <strong>All Removable Storage Classes: Deny All Access<\/strong>.<\/li>\n<\/ol>\n\n\n\n<p>Run <code>gpupdate \/force<\/code> on the client machine to apply policies.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>7. Automating Active Directory with PowerShell<\/strong><\/h2>\n\n\n\n<p>Manually managing AD is fine for small setups, but <strong>PowerShell saves time<\/strong> when dealing with multiple users.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Step 13: Create a User with PowerShell<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-preformatted\">powershellCopyEdit<code>New-ADUser -Name \"John Doe\" -GivenName \"John\" -Surname \"Doe\" `\n-SamAccountName \"jdoe\" -UserPrincipalName \"jdoe@mydomain.local\" `\n-Path \"OU=IT Department,DC=mydomain,DC=local\" `\n-AccountPassword (ConvertTo-SecureString \"Password123!\" -AsPlainText -Force) `\n-Enabled $true\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Step 14: Bulk Import Users from CSV<\/strong><\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Create a CSV (<code>users.csv<\/code>):CopyEdit<code>FirstName,LastName,Username,OU John,Doe,jdoe,IT Department Jane,Smith,jsmith,HR<\/code><\/li>\n\n\n\n<li>Run:<\/li>\n<\/ol>\n\n\n\n<pre class=\"wp-block-preformatted\">powershellCopyEdit<code>$users = Import-Csv \"C:\\users.csv\"\nforeach ($user in $users) {\n    $password = ConvertTo-SecureString \"Password123!\" -AsPlainText -Force\n    New-ADUser -Name \"$($user.FirstName) $($user.LastName)\" `\n    -SamAccountName $user.Username -UserPrincipalName \"$($user.Username)@mydomain.local\" `\n    -Path \"OU=$($user.OU),DC=mydomain,DC=local\" `\n    -AccountPassword $password -Enabled $true\n}\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Step 15: Assign a User to a Group<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-preformatted\">powershellCopyEdit<code>Add-ADGroupMember -Identity \"IT Admins\" -Members \"jdoe\"<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Final Thoughts<\/strong><\/h2>\n\n\n\n<p>Congrats! \ud83c\udf89 You now have a working <strong>Active Directory lab<\/strong> running in a VM. You\u2019ve set up users, groups, policies, and even automated tasks with PowerShell.<\/p>\n\n\n\n<div class=\"wp-block-group is-content-justification-center is-nowrap is-layout-flex wp-container-core-group-is-layout-1 wp-block-group-is-layout-flex\">\n<p class=\"has-white-color has-text-color\">SHARE ON<\/p>\n\n\n\n<div class=\"wp-block-buttons is-layout-flex wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button\"><a class=\"wp-block-button__link wp-element-button\" href=\"https:\/\/www.facebook.com\/sharer\/sharer.php?u=https%3A%2F%2Fchrisrgaunt.com%2F%3Fp%3D72\" target=\"_blank\" rel=\"noreferrer noopener\">Facebook<\/a><\/div>\n\n\n\n<div class=\"wp-block-button\"><a class=\"wp-block-button__link wp-element-button\" href=\"https:\/\/www.linkedin.com\/sharing\/share-offsite\/?url=https%3A%2F%2Fchrisrgaunt.com%2F%3Fp%3D72\" target=\"_blank\" rel=\"noreferrer noopener\">Linkedin<\/a><\/div>\n\n\n\n<div class=\"wp-block-button\"><a class=\"wp-block-button__link wp-element-button\" href=\"https:\/\/twitter.com\/intent\/tweet?text=https%3A%2F%2Fchrisrgaunt.com%2F%3Fp%3D72\" target=\"_blank\" rel=\"noreferrer noopener\">Twitter<\/a><\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>If you&#8217;re diving into Active Directory (AD), setting it up in a virtual environment is the best way to test<\/p>\n<p><a href=\"https:\/\/chrisrgaunt.com\/?p=3274\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\">Setting Up Active Directory in a Virtual Machine (VM) \u2013 Step-by-Step Guide<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":3276,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[10],"tags":[],"class_list":["post-3274","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-projects"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/chrisrgaunt.com\/index.php?rest_route=\/wp\/v2\/posts\/3274","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/chrisrgaunt.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/chrisrgaunt.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/chrisrgaunt.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/chrisrgaunt.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3274"}],"version-history":[{"count":3,"href":"https:\/\/chrisrgaunt.com\/index.php?rest_route=\/wp\/v2\/posts\/3274\/revisions"}],"predecessor-version":[{"id":3279,"href":"https:\/\/chrisrgaunt.com\/index.php?rest_route=\/wp\/v2\/posts\/3274\/revisions\/3279"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/chrisrgaunt.com\/index.php?rest_route=\/wp\/v2\/media\/3276"}],"wp:attachment":[{"href":"https:\/\/chrisrgaunt.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3274"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/chrisrgaunt.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3274"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/chrisrgaunt.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3274"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}