# Domain Controller 1 ## Accounts ![](https://1937192737-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FObuEPM0wMmlYGGoxYCbD%2Fuploads%2FnDXhxMpwgLloTQ8A36kA%2Fimage.png?alt=media\&token=865662ca-c799-4b88-a8ad-57e342d29ea7) Most Secure Password = `P@ssw0rd` ## PC Name First I'll be renaming my server as shown below. ![](https://1937192737-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FObuEPM0wMmlYGGoxYCbD%2Fuploads%2FstXcd1i0xvJKbz3snfjR%2Fimage.png?alt=media\&token=ff924240-b098-49da-879d-79c1026bbb97) ## Network Settings Its important to set a static IP for our Domain Controller. ![](https://1937192737-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FObuEPM0wMmlYGGoxYCbD%2Fuploads%2F5sYTXnNksqHbg90kRjMG%2Fimage.png?alt=media\&token=8788ef0c-8e17-4e5e-819d-46f1fb24e418) ![](https://1937192737-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FObuEPM0wMmlYGGoxYCbD%2Fuploads%2FOlKye7UoHchAN9iRuZBv%2Fimage.png?alt=media\&token=a2c2cff9-d208-4545-a8c6-9c981c167bd1) ## Active Directory Services Next, I'll be adding the active directory domain services role on to the server. ![](https://1937192737-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FObuEPM0wMmlYGGoxYCbD%2Fuploads%2FBXpPBfPXt3TFSFlxrjSy%2Fimage.png?alt=media\&token=8c005daf-a2f3-4454-a66c-de1f62c5570e) ![](https://1937192737-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FObuEPM0wMmlYGGoxYCbD%2Fuploads%2FJkxIT80tHDu6uq2jqchq%2Fimage.png?alt=media\&token=ccabc4d8-0f19-4d70-b8d6-8f465b040960) ![](https://1937192737-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FObuEPM0wMmlYGGoxYCbD%2Fuploads%2F2UvOelgZH5ObvN16BSP5%2Fimage.png?alt=media\&token=7436a1b3-1195-4a09-a43f-858da9a9eb09) ![](https://1937192737-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FObuEPM0wMmlYGGoxYCbD%2Fuploads%2FGkmULRaGtCwpqiLhYEBp%2Fimage.png?alt=media\&token=09676ed1-e841-4dae-8d46-39b5434d2403) ![](https://1937192737-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FObuEPM0wMmlYGGoxYCbD%2Fuploads%2FLynu6diwle7VjtsD6ry6%2Fimage.png?alt=media\&token=f46fd4d0-12d7-4d9b-a791-cc76002c0d7b) ![](https://1937192737-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FObuEPM0wMmlYGGoxYCbD%2Fuploads%2FBMywowDe5SyllP19dN69%2Fimage.png?alt=media\&token=8f2c09e8-897d-4b2f-a700-06b48b1555e7) ![](https://1937192737-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FObuEPM0wMmlYGGoxYCbD%2Fuploads%2F9MUiNv8fh3hEIXw5n9PC%2Fimage.png?alt=media\&token=345eac5a-b348-4bea-abc2-30759f99f8af) ### Promoting Server to DC Once the active directory domain services is done installing, there'll be a prompt asking to promote the server to a Domain Controller. Let's go ahead and do that. ![](https://1937192737-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FObuEPM0wMmlYGGoxYCbD%2Fuploads%2FarAJ2OlUcuAunzq74mYS%2Fimage.png?alt=media\&token=584006d9-4d8b-4fc5-bb69-25426c57b21b) ![](https://1937192737-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FObuEPM0wMmlYGGoxYCbD%2Fuploads%2Fw7pan3wJj6DrRLL4TJQ7%2Fimage.png?alt=media\&token=67cb9039-262e-4a76-b36e-a2b40c3c6c91) ![](https://1937192737-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FObuEPM0wMmlYGGoxYCbD%2Fuploads%2Fzef753qbsANTqlx7Jkw4%2Fimage.png?alt=media\&token=5349fa3b-982e-4872-85c8-01ff58e1afd0) ![](https://1937192737-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FObuEPM0wMmlYGGoxYCbD%2Fuploads%2FYKlyt05GxbggQ3dVZC34%2Fimage.png?alt=media\&token=3b4a5c84-e804-4e0b-b8db-28b8458be5ec) ![](https://1937192737-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FObuEPM0wMmlYGGoxYCbD%2Fuploads%2FH6SCSNa01lIxA40KfSPE%2Fimage.png?alt=media\&token=790214e2-03ff-4199-8c40-ca7140c1fcb0) ![](https://1937192737-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FObuEPM0wMmlYGGoxYCbD%2Fuploads%2FHLOQHWtJRhDkC1g5lxd7%2Fimage.png?alt=media\&token=f403bb34-6f41-4e47-a409-43fc41cce8a9) ![](https://1937192737-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FObuEPM0wMmlYGGoxYCbD%2Fuploads%2FsXCjKEwl93tTP3oUMeYN%2Fimage.png?alt=media\&token=d049425d-d1a7-4efb-b194-4ba4cb5867e2) ![](https://1937192737-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FObuEPM0wMmlYGGoxYCbD%2Fuploads%2FH1vY2Vj9V0F0auWPrZUU%2Fimage.png?alt=media\&token=6878872d-a62e-40cf-8f22-1f88cda4c85d) ![](https://1937192737-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FObuEPM0wMmlYGGoxYCbD%2Fuploads%2FiXadWwQFW8QPRiaD026f%2Fimage.png?alt=media\&token=4dda1c0e-6f44-4e32-be93-56dc80c95a6e) After a restart the domain will be populated as shown bellow. If you see something like this, you've done it correctly. ![](https://1937192737-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FObuEPM0wMmlYGGoxYCbD%2Fuploads%2F3xKaCq6lwZDabZhPBeg0%2Fimage.png?alt=media\&token=adc419f9-d854-4bea-acd3-48f19d034e89) ![](https://1937192737-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FObuEPM0wMmlYGGoxYCbD%2Fuploads%2FmTFGALjPxDLaqlo5idyL%2Fimage.png?alt=media\&token=7c0c0dc1-ba39-4338-9c29-401e79c8bad2) ## DNSClient Server Address Now that we have the Active Directory service up and running, we can set the correct interface which will be handling our DNS Queries. ``` Set-DnsClientServerAddress -InterfaceIndex 15 -ServerAddress 10.11.12.10 ``` ![](https://1937192737-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FObuEPM0wMmlYGGoxYCbD%2Fuploads%2FXQbt3EmlPEuWieIjK84Q%2Fimage.png?alt=media\&token=84815c70-576d-4901-a576-d243b56ffc64) ## Active Directory Certificate Services Next, AD Certificate Services can be optionally added to the server for LDAP. ![](https://1937192737-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FObuEPM0wMmlYGGoxYCbD%2Fuploads%2FscGKjzlJICx1WadkruPr%2Fimage.png?alt=media\&token=0badaa86-e3a4-4bb4-a843-a91907938342) ![](https://1937192737-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FObuEPM0wMmlYGGoxYCbD%2Fuploads%2FFWWL2IwzPHH2NdzO7EBd%2Fimage.png?alt=media\&token=9392e57a-f9ad-4958-846e-45be6f070b11) ![Hit install](https://1937192737-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FObuEPM0wMmlYGGoxYCbD%2Fuploads%2FsVNAzDSsLk2O1ezhjcin%2Fimage.png?alt=media\&token=9e4e40ec-81d3-4dba-8194-db348eb8c529) ### Configuring Certificate Services Similar to the case above, a prompt will request to configure the Certificate Services. ![](https://1937192737-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FObuEPM0wMmlYGGoxYCbD%2Fuploads%2Fy98xRr39GIriZIUG5YWM%2Fimage.png?alt=media\&token=bcb61bd6-2b1a-4de5-ace1-c2dba5490d65) ![](https://1937192737-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FObuEPM0wMmlYGGoxYCbD%2Fuploads%2FsbYKzUl1ZcYKjHZ6hXuj%2Fimage.png?alt=media\&token=fa7fd915-b838-46d0-a950-d9226e14d13c) ![](https://1937192737-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FObuEPM0wMmlYGGoxYCbD%2Fuploads%2FgVsvDgOszENZjjCpw3bD%2Fimage.png?alt=media\&token=773dab9f-326e-46f6-a403-4cd06becd4db) ![Hit configure](https://1937192737-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FObuEPM0wMmlYGGoxYCbD%2Fuploads%2FAcsqKyBi9J1x6PJGHbiR%2Fimage.png?alt=media\&token=6103cdf4-c493-4c44-834a-73b4b9fa3610) ![](https://1937192737-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FObuEPM0wMmlYGGoxYCbD%2Fuploads%2F7Ow3AKFlgJMxYAHIczaS%2Fimage.png?alt=media\&token=aa456bba-9ca5-4daa-b1c1-84da33f0c425) Reboot the server for changes to take place! ## Adding Users & Service Accounts I'll be adding a couple users into the domain for the lab's purpose. ![](https://1937192737-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FObuEPM0wMmlYGGoxYCbD%2Fuploads%2FLy1UL4uozrxaRGfgil8U%2Fimage.png?alt=media\&token=cbac6840-c712-46a8-bdd9-5224fe1705e3) ### User Accounts #### John Hammond ``` First = John Last = Hammond logon = john password = P@ssw0rd ```
#### Heath Adams ``` First = Heath Last = Adams logon = heath password = P@ssw0rd ``` ![](https://1937192737-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FObuEPM0wMmlYGGoxYCbD%2Fuploads%2FxUsZFXWmoa98XfgA0SqC%2Fimage.png?alt=media\&token=b32aa846-09af-4ac4-9a9b-a83a40527798) ### Service Account Go ahead and copy he Administrator account to create the service account. ``` First = SQL Last = Service logon = SQLService password = MiP@ssw0rd! Description = Devs pls take note: password = "MiP@ssw0rd!" ``` ![](https://1937192737-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FObuEPM0wMmlYGGoxYCbD%2Fuploads%2Fsu4BAA2gcHPTDJDVtHAS%2Fimage.png?alt=media\&token=96e68b60-64ee-45fa-9635-89db18b5e3c6) ![](https://1937192737-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FObuEPM0wMmlYGGoxYCbD%2Fuploads%2FN5qUpL6kBJJEfqppUyYP%2Fimage.png?alt=media\&token=4b513607-5589-4352-8197-0b8be1932621) ### Service Principal Name (SPN) setup A service principal name (SPN) is **a unique identifier of a service instance**. SPNs are used by Kerberos authentication to associate a service instance with a service logon account. Lets go ahead and create that. ``` setspn -a 4pfsec-DC/SQLService.4pfsec.local:60111 4pfsec\SQLService ``` ![](https://1937192737-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FObuEPM0wMmlYGGoxYCbD%2Fuploads%2FyMn8jifnMstNtmhY077w%2Fimage.png?alt=media\&token=54b77ae1-e545-4fa1-8201-150958b66431) #### Verify SPN Now that we have setup the SPN, lets verify that its up and running as per expectations. ``` setspn -T 4pfsec.local -Q */* ``` ![](https://1937192737-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FObuEPM0wMmlYGGoxYCbD%2Fuploads%2FKWgQRUIqakXzoD1inWE6%2Fimage.png?alt=media\&token=212a5bee-7472-4881-80c1-52481304ed3c) ## SMB Share ### Create a folder First, create a folder that you'd like to share out to your network. ``` important ``` ![](https://1937192737-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FObuEPM0wMmlYGGoxYCbD%2Fuploads%2F5Mh7Yz4Mq5TZfGUIhs7R%2Fimage.png?alt=media\&token=a81db669-e88d-4581-9571-3bdfcf26ea80) ### Create New Share ![](https://1937192737-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FObuEPM0wMmlYGGoxYCbD%2Fuploads%2F1DX0MGfvWUy5TaNjickM%2Fimage.png?alt=media\&token=59c02d4d-7da2-4f0c-a430-0e62034ac91d) ![](https://1937192737-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FObuEPM0wMmlYGGoxYCbD%2Fuploads%2FTZCA04mCUgOl49792iWV%2Fimage.png?alt=media\&token=b502e431-f731-4b48-9cdb-56a393a2667c) ![](https://1937192737-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FObuEPM0wMmlYGGoxYCbD%2Fuploads%2F5Dtv8qn4gJzNVDkyI9NG%2Fimage.png?alt=media\&token=d8b1d0cd-71eb-4005-b6d6-49db985c2c0d) ![Hit create](https://1937192737-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FObuEPM0wMmlYGGoxYCbD%2Fuploads%2FwUbRtrPw1DRuxUx2IbNB%2Fimage.png?alt=media\&token=5d1ada03-bcc9-410a-b46c-f8fab8f44d74)