# Domain Controller 1

## Accounts

![](/files/kTTElOyTrcb4jMWHLkYt)

Most Secure Password = `P@ssw0rd`

## PC Name

First I'll be renaming my server as shown below.

![](/files/MCUicmfQBCmGa7PFGTWr)

## Network Settings

Its important to set a static IP for our Domain Controller.

![](/files/Dbecxw2RDhvc22UlpnGN)

![](/files/fz3mkmsF1iLc3C1FRfuQ)

## Active Directory Services

Next, I'll be adding the active directory domain services role on to the server.

![](/files/Dx6vlEZ8MJxsnCXfSjfu)

![](/files/qkLDfz3cfeFH0CY9k3Qt)

![](/files/dnZuDJIjOE5Lb8VPmf83)

![](/files/9pE2EXXZaRcO8iyRQxgb)

![](/files/WrAl0EuEK1K3BCGmND9h)

![](/files/uHLOyZ8gE1HwwABEaHrt)

![](/files/BFUZur9AOeWVqb4BmfVp)

### Promoting Server to DC

Once the active directory domain services is done installing, there'll be a prompt asking to promote the server to a Domain Controller. Let's go ahead and do that.

![](/files/gxCGfzpaCwGv9TKc3lpQ)

![](/files/at8CzMdTeqfdB0PdbGvK)

![](/files/z2qEG3fw8PnHt3VgaGYf)

![](/files/sjNWYlcIhINTUqCtrqwN)

![](/files/3gVJEXaQ22VP2UP0VwQt)

![](/files/OIj04yDbSygQnt4F2o43)

![](/files/7nC1v9BeXfBSuEA1zTLZ)

![](/files/MmMFV0oDCJEWg7m5Z9cg)

![](/files/atlPpSutHQezyDFNnhHT)

After a restart the domain will be populated as shown bellow. If you see something like this, you've done it correctly.

![](/files/UYP4HIxAhgLyg0MOmDfg)

![](/files/WPDnvmYqC36vb23uHivD)

## DNSClient Server Address

Now that we have the Active Directory service up and running, we can set the correct interface which will be handling our DNS Queries.

```
Set-DnsClientServerAddress -InterfaceIndex 15 -ServerAddress 10.11.12.10
```

![](/files/Y77FJdbCv3UqsntGwMt0)

## Active Directory Certificate Services

Next, AD Certificate Services can be optionally added to the server for LDAP.

![](/files/e5GyoShukv8IPEju2lj6)

![](/files/KUbM6PFI9wCrAdp2gBT8)

![Hit install](/files/GPWinfJqhawfEKDaYbwv)

### Configuring Certificate Services

Similar to the case above, a prompt will request to configure the Certificate Services.

![](/files/X3oz6FL9ksooQ51KWiOf)

![](/files/Dei2HIiIULdujm07dW1P)

![](/files/J0uF0oZChFVn95QSi4YZ)

![Hit configure](/files/eWmVelf8SoWtVQkhgRP3)

![](/files/ijKepjZ3yiGFBLybdzi3)

Reboot the server for changes to take place!

## Adding Users & Service Accounts

I'll be adding a couple users into the domain for the lab's purpose.

![](/files/Ai7kFWg5Hs4fMEu9ekPm)

### User Accounts

#### John Hammond

```
First = John
Last = Hammond
logon = john
password = P@ssw0rd
```

<div align="center"><img src="/files/U2t36QALzyAgif1sauoj" alt=""></div>

#### Heath Adams

```
First = Heath
Last = Adams
logon = heath
password = P@ssw0rd
```

![](/files/fT8gHPaGq2beDct6pcKk)

### Service Account

Go ahead and copy he Administrator account to create the service account.

```
First = SQL
Last = Service
logon = SQLService
password = MiP@ssw0rd!
Description = Devs pls take note: password = "MiP@ssw0rd!"
```

![](/files/HY7jMq9meeI3L07eBsWk)

![](/files/34IKnSYPPrByo4UkiUbe)

### Service Principal Name (SPN) setup

A service principal name (SPN) is **a unique identifier of a service instance**. SPNs are used by Kerberos authentication to associate a service instance with a service logon account. Lets go ahead and create that.

```
setspn -a 4pfsec-DC/SQLService.4pfsec.local:60111 4pfsec\SQLService
```

![](/files/vCGM3C1fx0d1CSqHWtNU)

#### Verify SPN

Now that we have setup the SPN, lets verify that its up and running as per expectations.

```
setspn -T 4pfsec.local -Q */*
```

![](/files/gKxFJmh1yAj3v23guNKy)

## SMB Share

### Create a folder

First, create a folder that you'd like to share out to your network.

```
important
```

![](/files/RcxRBlpdQOdcNR2ThzwP)

### Create New Share

![](/files/dDGRfS6AD7H0Fs41PyOx)

![](/files/PRjKReU0FLPakW1rnpg0)

![](/files/gYpjxlbMkHZ9XYsHfy4b)

![Hit create](/files/Ydunr8bolpBTVHgoK5uf)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://ad.4pfsec.com/domain-setup-4pfsec.local/domain-controller-1.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.