To properly experiment you need a good Active Directory VM lab setup. An environment where you can test the kinds of tests you want to do and it is OK if the environment breaks. So the environment needs to be easy to rebuild or move back to a functional point in time. This post will guide you through the setup that environment step by step.
Why install Active Directory in VMs?
This kind of environment is easiest achieved with VMs (virtual machines). On your normal computer, the host computer, you can create virtual machines running another operating system. A Linux VM or a Windows VM. The software that manages your VMs is called a hypervisor. Two of the most popular type 2 hypervisors are VMware and VirtualBox. A type 2 hypervisor is an application running inside an operating system. A type 1 hypervisor would be “bare metal” – there is no underlying OS below the hypervisor – the hypervisor controls the components of the computer.
Snapshots
A must have feature for a good type 2 hypervisor, that will be your best friend in labs is the snapshot function. Being able to take a snapshot of the VM at any point in time and being able to roll back to that exact state whenever you want.
This functionality is shipped with VirtualBox for free, but you need the paid version of VMware for this.
Why an Active Directory VM lab setup?
Because most companies are running Active Directory. This is the environment in which you will work. The type of environment attackers will attack and the environment you need to defend.
This is a phenomenal lab environment to have to be able to test active directory specific things. Also just Windows things in general. Having actually installed and configured a domain controller and a client will also improve your general knowledge about the environment you are operating in as a security employee.
Learning through practice! It does make a lot of sense if you can actually try out different settings in a non-production environment. Test out different attacks and possible detections.
Do not forget to subscribe to the Substack to get updates when new labs are published!
Installing Active Directory VMs
To create the Windows client you can download a Windows 11 evaluation ISO:
https://www.microsoft.com/en-us/evalcenter/download-windows-11-enterprise
To create the Windows server you can download a Windows 2022 server evaluation ISO:
https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-2022
Requirements
The presets when installing the VMs
| Device | RAM | CPU | Disk space |
| Server | 2 GB | 1 | 50GB |
| Client | 4 GB | 2 | 80GB |
You could probably get away with 2 GB of RAM and 1 CPU for the client as well, but that might be slow. After finishing the install and configuration the server takes up around 20 GB and the client 16 GB of drive space. So depending on what kind of stuff you expect to throw into the VMs, less disk space can be allocated as well.
Install the Windows server VM
Starting with the server, open VirtualBox and create a new machine
Then just click next leaving all defaults.
- Select language
- Click Install now
- Select “Windows Server 2022 Standard Evaluation (Desktop Experience)”
- Custom install
- next
- Set a password for the mandatory Administrator account
- Login
- Server Manager should auto start after a little while
- Create your first snapshot – before starting messing with settings. This way you can avoid the installation process but still reset the machine to a clean slate.
You can view and manage your snapshots from the VirtualBox application
Change computer name on the Windows Server
If you do not want your domain controller to be called something like WIN-1QGC14CQ7F like mine you can change the name to something more friendly.
- Right click “This PC” and select properties
- Rename this PC
And restart the server.
Promoting the server to domain controller.
From the open Server Manager Dashboard (If nothing is mentioned, the default options are selected and next is clicked).
- Add roles and features
- “Role-based or feature-based installation”
- Select this computer
- check “Active Directory Domain Services”
- click “Add Features”
You should now have gotten a yellow warning triangle up top, like this:
Where the server can be promoted to domain controller. Do that.
- Add a new forest and name your domain to something
- Set a DSRM password
- Click next
- Next -> Next -> Install (forces a reboot)
Add users to the Active Directory domain
- Open up the Active Directory Users and Computers
- Add a user
-
- Keeping up with my great naming convention
- Set the password to never expire to save yourself some trouble.
- As you can see, the users tab is bloated with security groups
- To avoid seeing these all the time we can add an organizational unit and put them in there
-
- Right click all the groups under the user folder and click “move” and select your newly added organizational unit.
- Create a second user, right click the new user and select add to group
Take a snapshot here to save your progress.
Install Windows client VM
- Add a new machine in VirtualBox
- Check “Skip Unattended Installation”
- Default hardware of 4096 MB RAM and 2 CPU’s chosen
- Default disk size of 80 GB accepted
- Click finish.
- Start the machine
- Install Windows from the ISO, which is attached as a CD/DVD:
- Select language
- Click “Install Now”
- Select Custom Install
- Next
- Wait while it installs – select language again and let it update
- Click “Sign-in options”
- Select “Domain join instead”
- Random name. This will be a local account on the computer.
- Keep or deselect privacy options as desired. You can uncheck all of them.
- Change computer name – same as in the server, right click this PC
- Restart computer and take snapshot “after install before domain”
If you want to test a scenario with two clients and one DC – cloning this snapshot into a second client would be a good idea to save time.
Join Active Directory domain with client VM
- Make sure both the DC and the client is powered off
- Add a second adapter on both the DC and the client. Make it a Host-only adapter and choose the same # for both computers.
- Start both VMs
- On the client: open Settings
- Network & Internet
- Ethernet 2
- Edit DNS settings
- Set your DC’s IP as DNS server
- Settings -> Accounts
- Add a work or school account
- “Join this device to a local Active Directory domain”
- enter your domain name: fishtank.local
- use a valid domain account: fish1
- Go ahead and make the account a local administrator
- Network & Internet
- Restart the computer and verify login with the domain account
- For fun also verify running a command that only works if domain connected:
- Take snapshot “AD connected”
Now you can run commands that require a domain connection.
You can test attack techniques that revolve around Active Directory, like lateral movement.
You have a local administrator on a client, you have a domain administrator. What are possible scenarios on how the normal user can get domain administrator privileges? Get the most out of your Active Directory VM lab setup and start experimenting right away!
You can for example use this environment to Analyze Nmap traffic with Wireshark
