Active Directory Home Lab

My Active Directory Lab

This project simulates a small business network using Microsoft Azure and VirtualBox to demonstrate core Active Directory (AD) administration skills. The lab focuses on user and group management, Group Policy Object (GPO) application, and network security.

1. Lab Environment Setup

For this project, I used VirtualBox to host my personal Windows 10 machine, which acted as my administrative workstation. I then provisioned two virtual machines (VMs) in Microsoft Azure: one running Windows Server 2022 and the other running Windows 10. Using Remote Desktop, I connected to both VMs to perform all administrative tasks.

I then promoted the Windows Server 2022 VM to be the Domain Controller. To ensure communication, I configured the Azure Windows 10 VM's DNS settings to point to the private IP address of the Domain Controller. After this I successfully joined the azure Windows 10 VM to the domain. These steps were critical for enabling centralized management and policy application from the domain contoller.

2. Domain, User, and Computer Managment 

From the Domain Controller, I used Active Directory Users and Computers (ADUC) to create the organizational structure for our simulated company. I created a main Organizational Unit (OU) called "Employees" and then created sub OUs for specific departments: IT, HR, General Staff, and Interns. I also created a seperate Organizational Unit called "All Computers" and placed the employee's workstation inside it.

For user management, i created one user account for each of these sub-OUs. To streamline access control i created a security group called "All Employees" and placed it in the "Employees" OU. I also created department specific security groups (e.g., "IT Admins") within each respective department OU.

3. Implementing Security Policies (GPO)

To enforce security standards, I implemented a Group Policy Object (GPO).

• Auditing Policy: I created a GPO to audit both account logon events and logon events. This policy was applied to the "All Computers" OU. To apply the policy remotely and efficiently, I used PowerShell's Invoke-Command to run gpupdate /force on the target machine from my domain controller.

After the policy was applied, I verified its application on the client machine with the gpresult /r command. By purposely entering an incorrect password multiple times, I confirmed in the event viewer that the logon failures were being successfully logged, demonstrating the policy's effectiveness. 

• Network Drive Mapping: I created a GPO to automatically map a shared company folder to the "Employees" OU. I configured both share permissions and NTFS permissions on the folder itself to ensure only the correct security groups could access the content. I then verified that a user account from the "IT Admins" security group could successfully access the mapped drive, proving the policy and permissions were correctly configured.

4. Conclusion and Key Skills Gained

This Lab provided hands on experience in managing a full scale Active Directory environment. Key skills demonstrated include:

• Active Directory Administration: Creating and managing OUs, users, and security groups.

• Group Policy Management: Creating and applying GPOs for security and drive mapping.

• Powershell Automation: Using commands like Invoke-Command for remote administration and effeciency.

• Networking Fundamentals: Configuring DNS and verifying network connectivity.

• Troubleshooting: Using commands like gpresult and tools like Event Viewer to confirm policies and troubleshoot issues.

• Security Principles: Implementing access controls and auditing to secure resources.