- Microsoft Azure (Virtual Machines/Compute)
- Remote Desktop
- Active Directory Domain Services
- PowerShell
- Windows Server 2022
- Windows 10 (21H2)
Create the Domain Controller VM (Windows Server 2022) named DC-1.
Create the Client VM (Windows 10) named Client-1. Use the same Resource Group and Vnet that was created in the previous step.
Set Domain Controller's NIC Private IP address to be static.
Ensure that both VMs are in the same Vnet. You can check the topology with Network Watcher.
Login to Client-1 with Remote Desktop and ping DC-1's private IP address with ping -t which is a perpetual ping.
Login to the Domain Controller and enable ICMPv4 in on the local windows firewall.
Check back at Client-1 to see if the ping succeeded.
Login to DC-1 and install Active Directory Domain Services.
Promote as a Domain Controller.
Setup a new forest as anything that you can remember. I did avyaktrout.com.
Restart and then log back into DC-1 as user.
In Active Directory Users and Computers, create an Organizational Unit called _EMPLOYEES and another one called _ADMINS.
Create a new employee named "Jane Doe" with the username of "jane_admin".
Add jane_admin to the Domain Admins Security Group.
Log out/close the Remote Desktop connection to DC-1 and log back in as “avyaktrout.com\jane_admin”. Use jane_admin as your admin account from now on.
From the Azure Portal, set Client-1's DNS settings to the DC's Private IP address.
From the Azure Portal restart Client-1. Login to Client-1 as the original local admin (labuser) and join it to the domain. The computer will restart.
Login to the Domain Controller and verify Client-1 shows up in Active Directory Users and Computers inside the "Computers" container on the root of the domain. Create a new Organizational Unit named _CLIENTS and drag Client-1 into there.
Log into Client-1 as avyaktrout.com\jane_admin and open system properties. Click Remote Desktop. Allow "domain users" access to remote desktop. You can now log into Client-1 as a normal, non-administrative user now. Normally you'd want to do this with Group Policy that allows you to change MANY systems at once (maybe a future lab).
Login to DC-1 as jane_admin. Open PowerShell_ise as an administrator. Create a new File and paste the contents of this script (https://github.com/joshmadakor1/AD_PS/blob/master/Generate-Names-Create-Users.ps1) into it.
Run the script and observe the account being created.
When finished, open Active Directory Users and Computers and observe the accounts in the appropriate OU and attempt to log into Client-1 with one of the accounts (take note of the password in the script).
And now that we're done don't forget to clean up your Azure environment so that you don't incur unnecessary charges.