Active Directory Domain Controller
Last updated
Last updated
To gain practical experience with a production-level domain controller, I set up and managed an Active Directory DC within my Proxmox server environment.
Set up Domain Controller .
Configure DNS server (reverse lookup zone, DNS forwarder ).
Add and configure DHCP server.
Add Windows 10 client to the domain.
After created a Windows 2019 server VM, I wanted to promote it to my domain controller.
First of all, I set new hostname for my server.
Open TCP/IPv4 properties, set the new static IP address within my LAN subnet range, subnet mask and my OPNsense LAN IP address as a default gateway.
Reboot and then I opened the Server Manager.
Clicked add roles and features.
Selected role-based or feature-based installation.
Next, selected my server name, and selected these roles: Active Directory Domain Services, DHCP server, DNS server.
Continued to the end to confirm and start the installation.
Once finished, I promoted this server to a domain controller.
Added a new forest and name my domain “homelab.com”
Set the root password, no DNS delegation because this domain will exist locally
Continued to the end and installed.
Reboot and done.
Server name
DomainController
Domain name
homelab.com
IP address
172.16.40.19
Subnet mask
255.255.255.0
Default gateway
172.16.40.1
Prefer DNS
172.16.40.19
Run “nslookup DomainController.homelab.com” in cmd, and by default, we should get the correct IP address as a result. However, we cannot do the other way around yet unless we create a reverse lookup zone.
First open DNS manager, select Reverse Lookup Zones OU. Add a new zone as a primary zone and store the zone in Active Directory.
Next, select the second option “To all DNS servers running on domain controllers in this domain: homelab.com.”
Select IPv4 Reverse Lookup Zone, and enter the IP address.
Next, select allow only secure dynamic updates. Finish.
Right-click our new zone in the reverse lookup zone OU.
New pointer (PTR), enter our host IP address and host name.
Done. Now we should be able to nslookup by hostname or IP address.
In order to lookup any domain outside of my homelab VLAN, I need to set up a DNS forwarder.
Open the properties tab of our host “DOMAINCONTROLLER” in DNS.
Select the forwarders tab, click edit and enter the IP address of the forwarder.
Now open PowerShell to test, I should be able to nslookup domain outside of our network scope such as google.com.
Open DHCP, right-click IPv4 and select a new scope.
Enter your scope name and a description.
Enter the IP address range and subnet mask.
Next I excluded the first twenty IP addresses in the scope, so I can use them for later services.
Set the lease duration to seven days.
DHCP options, I selected “ I want to configure these options now”.
Router IP address should be the OPNsense homelab VLAN IP address.
Domain name and DNS server will be auto set, and I skipped WINS server configuration.
Activate the scope.
Open server manager, and clicked “complete the DHCP configuration” on the top left yellow flag notification.
Confirm my user’s credential, and clicked commit on the next page.
The process of creating Windows 10 Enterprise VM should be similar to create the Windows 2019 server VM.
Since I enabled DHCP service, the lease was rent to this VM.
I configured the static IP in within the network with my domain controller and I set the domain as preferred DNS server.
Then, I navigated to Accounts > Access work or school > Join this device to a local Active Directory domain.
After enter the domain name, I entered username and password of an account with administrative privileges on the domain.
I skipped adding user, and restart.
Once restart, I then can log in as user with the format DOMAIN\username
To verify the virtual machine had successfully joined the domain, the full device name should include the domain.
In summary, this page detailed the creation and configuration of a domain controller, including DNS and DHCP services, and the process of adding a new client VM to the domain.
