Domain Controller 1


Most Secure Password = [email protected]

PC Name

First I'll be renaming my server as shown below.

Network Settings

Its important to set a static IP for our Domain Controller.

Active Directory Services

Next, I'll be adding the active directory domain services role on to the server.

Promoting Server to DC

Once the active directory domain services is done installing, there'll be a prompt asking to promote the server to a Domain Controller. Let's go ahead and do that.
After a restart the domain will be populated as shown bellow. If you see something like this, you've done it correctly.

DNSClient Server Address

Now that we have the Active Directory service up and running, we can set the correct interface which will be handling our DNS Queries.
Set-DnsClientServerAddress -InterfaceIndex 15 -ServerAddress

Active Directory Certificate Services

Next, AD Certificate Services can be optionally added to the server for LDAP.
Hit install

Configuring Certificate Services

Similar to the case above, a prompt will request to configure the Certificate Services.
Hit configure
Reboot the server for changes to take place!

Adding Users & Service Accounts

I'll be adding a couple users into the domain for the lab's purpose.

User Accounts

John Hammond

First = John
Last = Hammond
logon = john

Heath Adams

First = Heath
Last = Adams
logon = heath

Service Account

Go ahead and copy he Administrator account to create the service account.
First = SQL
Last = Service
logon = SQLService
password = [email protected]!
Description = Devs pls take note: password = "[email protected]!"

Service Principal Name (SPN) setup

A service principal name (SPN) is a unique identifier of a service instance. SPNs are used by Kerberos authentication to associate a service instance with a service logon account. Lets go ahead and create that.
setspn -a 4pfsec-DC/SQLService.4pfsec.local:60111 4pfsec\SQLService

Verify SPN

Now that we have setup the SPN, lets verify that its up and running as per expectations.
setspn -T 4pfsec.local -Q */*

SMB Share

Create a folder

First, create a folder that you'd like to share out to your network.

Create New Share

Hit create