Windows Virtual Lab Setup Guide
This lab will consist of Windows Server 2019 running as a Domain Controller with Active Directory Domain Services, a Windows 10 workstation, and a host network so that you can perform administrative tasks on the workstation from your Domain Controller.
This environment will serve as a testing ground where you can experiment and make mistakes without the risk of bringing your host system or your internet connection down.
In this guide I am going to cover the following topics;
- Virtualbox Installation
- Windows Server 2019 Download and Installation
- Host-Only Network Creation
- Domain and Domain Controller Creation
- Joining a Windows 10 Workstation to your Domain
Virtualbox Installation
There are 2 types of hypervisors. A Type 1 (Native) hypervisor is installed directly on top of a physical server. There is no operating system between the server and the hypervisor. This is also referred to as a bare-metal hypervisor. In this case, the hypervisor is acting as an operating system. A Type 2 (Hosted) hypervisor runs inside another operating system, such as Windows or Linux. These are less performant than the Type 1 hypervisors as there is an additional layer of software between the hardware and the virtual machines.
Typically, Type 1 hypervisors are only necessary for enterprise environments. Type 2 hypervisors are more flexible and easier to use for small deployments. There are several hypervisors to choose from, but I will be working with Oracle's virtualbox, a Type 2 hypervisor. Should you choose to use a different hypervisor, such as Hyper-V, you will still be able to set up a lab but your menus and settings will be labeled differently.
You can find the virtualbox installation packages and documentation here; https://www.virtualbox.org/wiki/Downloads
The most current version at this time is v6.1. If you are interested in software virtualization you will need v6.0. Similarly, if you want 32-bit support you will need v5.2. These features have been phased out. Versions 6.0 and 5.2 will no longer be supported after July 2020.
Choose the package most appropriate for your operating system and download it. If you are using Linux, you will need to pick the right binary for your distribution and follow the instructions provided on the download page. After you have virtualbox installed, go ahead and open it.
Windows Server 2019 Download and Installation
To get a basic lab going, you are going to need an image for Windows Server 2019, the latest versions of Windows Server. To get the Windows Server 2019 image you must visit the Microsoft Evaluation Center.
If you are using Hyper-V, you can get an unlimited evaluation. For images that can be used with other hypervisors the evaluation period is 180 days (this includes virtualbox).
Select the evaluation you would like to use and then choose ISO file type and click Continue. On the next form, enter your information and click Continue.
After you submit your information and select a language, you can download the image. Go back to your virtualbox manager and click New or press Ctrl+N. This opens the virtual machine creation window. Name your machine anything you like, and set the Version to Other Windows (64-bit).
As you go through the wizard for setting up your virtual machine, virtualbox will ask you to specify some details about the system resources you want to allocate to this machine. The amount of resources you can dedicate to this depends on how much your host system has available.
For memory size, the default suggestion of 512 MB is going to be insufficient. You will need a minimum of 1.5 GB, but I recommend using at least 2 GB.
For disk capacity configuration, I recommend selecting Create a virtual hard disk now. Leave the default hard disk file type (VDI – VirtualBox Disk Image) and click Next. You can select between a dynamically allocated disk or a fixed disk size. I prefer the fixed size because it is faster. After you have made your choice, click Next.
In the File Location and Size settings you can choose the path for your virtual disk and you can specify the size of the disk. Once you are done with this, click Create. You should now have a virtual machine in your virtualbox manager.
For memory size, the default suggestion of 512 MB is going to be insufficient. You will need a minimum of 1.5 GB, but I recommend using at least 2 GB.
For disk capacity configuration, I recommend selecting Create a virtual hard disk now. Leave the default hard disk file type (VDI – VirtualBox Disk Image) and click Next. You can select between a dynamically allocated disk or a fixed disk size. I prefer the fixed size because it is faster. After you have made your choice, click Next.
In the File Location and Size settings you can choose the path for your virtual disk and you can specify the size of the disk. Once you are done with this, click Create. You should now have a virtual machine in your virtualbox manager.
You are now ready to start your virtual machine so you can install the Windows Server 2019 image. Select the virtual machine and click Start, or double click on the machine. You will be prompted to select a medium. Click Add and find the .iso you downloaded from Microsoft.
Click Start and the Windows Server 2019 installation wizard will be launched. When you are prompted to select the operating system you want to install, choose the Windows Server 2019 Standard Evaluation (Desktop Experience) option.
After you accept the license terms, choose Custom Installation. You should see an available drive with a total size consistent with what you chose when initially creating the virtual machine. Select this drive and choose Next to begin installing Windows Server 2019.
Click Start and the Windows Server 2019 installation wizard will be launched. When you are prompted to select the operating system you want to install, choose the Windows Server 2019 Standard Evaluation (Desktop Experience) option.
After you accept the license terms, choose Custom Installation. You should see an available drive with a total size consistent with what you chose when initially creating the virtual machine. Select this drive and choose Next to begin installing Windows Server 2019.
Create a secure password and log in to the system when it becomes available. The Server Manager will launch automatically. There is one final step before you move on to creating the Host-Only Network for your virtual machines; install the virtualbox guest additions. To do this, click the Devices menu in your virtual machine and select Insert Guest Additions CD Image. Download this disk image and insert it.
Once the disk is inserted, open your virtual machine’s file browser and navigate to This PC. You will see a CD Drive with the virtualbox guest additions. Open this and run the VBoxWindowsAdditions application.
Once this is installed, a reboot will be required. You will need the
machine powered off to make changes for the host-only network, so just
shut it down for now.
Create a secure password and log in to the system when it becomes available. The Server Manager will launch automatically. There is one final step before you move on to creating the Host-Only Network for your virtual machines; install the virtualbox guest additions. To do this, click the Devices menu in your virtual machine and select Insert Guest Additions CD Image. Download this disk image and insert it.
Once the disk is inserted, open your virtual machine’s file browser and navigate to This PC. You will see a CD Drive with the virtualbox guest additions. Open this and run the VBoxWindowsAdditions application.
Once this is installed, a reboot will be required. You will need the
machine powered off to make changes for the host-only network, so just
shut it down for now.
Host-Only Network Creation
Creating a Host-Only Network is going to be useful because it will allow your virtual machines to talk to each other and to the host system. This will require some configuration in the virtualbox Host Network Manager and will also require some configuration inside each of your virtual machines. Press Ctrl+H to open the Host Network Manager in virtualbox. Once this is open, click Create to create a new network.
This should create a new network with a default name, IPv4 address and network mask. You can change these details if you like, but the default values will work. Whatever you decide, take note of these details.
Creating a Host-Only Network is going to be useful because it will allow your virtual machines to talk to each other and to the host system. This will require some configuration in the virtualbox Host Network Manager and will also require some configuration inside each of your virtual machines. Press Ctrl+H to open the Host Network Manager in virtualbox. Once this is open, click Create to create a new network.
This should create a new network with a default name, IPv4 address and network mask. You can change these details if you like, but the default values will work. Whatever you decide, take note of these details.
Before you can use this network, you will need to disable the DHCP Server. You can disable this by unchecking the box in the network table, or you can view the DHCP Server tab at the bottom of the menu and disable it there.
Close the Host Network Manager and go to your virtualbox manager. Power off your virtual machine if it is running and then open the settings. Create a new adapter in the Network settings. Enable Adapter 2 and attach to Host-Only Adapter. Select the network you created earlier and close the virtual machine settings.
To determine which of these adapters you need to configure, open PowerShell and inspect your IP configuration using the ipconfig command. This is going to show the details for both of your network adapters. The host-only adapter will be identifiable by it’s name; if you attached the host network to adapter 2, it will be named Ethernet 2.
Once you have identified the correct adapter, right click on it in the Network Connections menu and select Properties. Uncheck the Internet Protocol Version 6 item. Select Properties for the Internet Protocol Version 4 item. In this properties menu, configure the network adapter using the details from the host-only network you created earlier.
In my case, the host-only network’s address is 192.168.56.1. This will be used as the Default Gateway for the network adapter in the virtual machine. Make sure the network mask matches what you recorded earlier. Make sure you assign the network adapter an appropriate IP address for your default gateway and subnet mask.
For the DNS server addresses, set the preferred server to 127.0.0.1 and the alternate to 8.8.8.8. These can be updated later if and when you get proper DNS services running in your lab.
Inspect your adapters in PowerShell with ipconfig again. If your adapter properties have changed, you should now be able to ping the host from your virtual machine by targeting the default gateway IP address. However, there is one more configuration remaining in order to talk to your virtual machine from the host system and have your virtual machines talk to each other.
Go back to your Server Manager and view the Local Server properties pane again. This time, you want to click on the link for the Windows Defender Firewall and open the Advanced Settings. In the Actions menu, click Properties.
In order to allow traffic to come from other virtual machines and from the host system we must remove the host-only network adapter from the Protected Network Connections. With the Domain Profile tab selected, click Customize and uncheck the appropriate network adapter. Repeat this process for the Private Profile and Public Profile. To confirm this works, ping your virtual machine from the host system.
Before you create a domain for your network you will want to change the name of your server. Because you will be making this a domain controller, it would be a good idea to name it appropriately. Open the System Properties menu and click Change under the Computer Name tab. Reboot the system.
Domain and Domain Controller Creation
The domain's central database is known as a Domain Controller (DC). It's primary job is to handle authentication requests across the domain. In order for a Windows server to be considered a domain controller it must have the Active Directory Domain Services (AD DS) role installed.
A role is a set of programs that allow your server to provide a specific service to the domain. These roles consist of features, which are individual programs that are required to be installed as prerequisites for certain roles, but can also stand alone.
A domain can have one or many domain controllers. Having multiple domain controllers is useful because the critical information for your domain is replicated across each of the domain controllers providing you with fault tolerance in the event your primary domain controller fails.
Domain controllers have a few tools that are used to help manage the network; Active Directory Users and Computers (AD) and Group Policy Management (GP).
AD is used to manage domain users, computers, and other resources such as printers. Each of these is considered an object. All AD objects are stored in folders called Organizational Units (OU). GP uses Group Policy Objects (GPO) to manage the settings of AD objects, OUs or the entire domain. You can create a custom setting for any user, computer, group, or domain in a very efficient manner with these tools.
Before you can consider your virtual machine to be a domain controller, you must first install the AD DS role on the system. This can be done through the Server Manager. At the top right corner, click Manage -> Add Roles and Features. Select the Role-based or feature-based installation type and the only server you can choose from.
In the Server Roles page, select the Active Directory Domain Services role. This will prompt you to install the necessary features for this role. Opt to install the required features and you can move past the Server Features page in the wizard.
Before you can consider your virtual machine to be a domain controller, you must first install the AD DS role on the system. This can be done through the Server Manager. At the top right corner, click Manage -> Add Roles and Features. Select the Role-based or feature-based installation type and the only server you can choose from.
In the Server Roles page, select the Active Directory Domain Services role. This will prompt you to install the necessary features for this role. Opt to install the required features and you can move past the Server Features page in the wizard.
On the Confirmation page, make sure you have the Active Directory Domain Services and Group Policy Management and the required features. Click Install to begin installing your selected roles and features.
After the installation is complete, check the notification flag on the top-right corner. You will need to click Promote this server to a domain controller to configure your server as a domain controller. This launches the Active Directory Domain Services Configuration Wizard.
The Deployment Configuration page gives you a few deployment operations to choose from;
- Add a domain controller to an existing domain
- Add a new domain to an existing forest
- Add a new forest
In the Active Directory hierarchy, domains are a logical group of network objects. Above the domains is the tree, defined as a collection of one or more domains. Above the tree is the forest, defined as a collection of trees that share a common logical structure, directory schema and directory configuration.
Because this is the first domain controller in the environment, no domains exist yet, and there is no forest you will need to select Add a new forest and specify a root domain name. It is important that you choose a domain name that is unique to your environment and fully qualified, consisting of one or more labels separated by a period and followed by a top-level domain. Click next; if your root domain name is acceptable you will be brought to the Domain Controller Options page.
The Deployment Configuration page gives you a few deployment operations to choose from;
- Add a domain controller to an existing domain
- Add a new domain to an existing forest
- Add a new forest
In the Active Directory hierarchy, domains are a logical group of network objects. Above the domains is the tree, defined as a collection of one or more domains. Above the tree is the forest, defined as a collection of trees that share a common logical structure, directory schema and directory configuration.
Because this is the first domain controller in the environment, no domains exist yet, and there is no forest you will need to select Add a new forest and specify a root domain name. It is important that you choose a domain name that is unique to your environment and fully qualified, consisting of one or more labels separated by a period and followed by a top-level domain. Click next; if your root domain name is acceptable you will be brought to the Domain Controller Options page.
When creating a new domain, ensure the DNS domain controller capability is enabled. Also ensure the Global Catalog capability is enabled. The Global Catalog option means the server will list all active directory objects. This is required for a primary domain controller or when creating a new forest. Do not check Read Only Domain Controller as this will make the domain controller unable to make changes to the domain. Specify your Directory Services Restore Mode password and record this somewhere safe in case you ever need it.
You now have a functional domain controller. Next, you will be creating a Windows 10 workstation to join into the domain. This will give you an opportunity to practice administrative tasks with a user.
Joining a Windows 10 Workstation to your Domain
Having Windows 10 workstations in your lab will be very useful for practicing system administration and PowerShell. The first step to creating the workstation is to obtain the Windows 10 image file. It can be found here. To get started, create a new VM in virtualbox. Select the Windows 10 64-bit type, and use the default memory allocation.
Before you start this VM and install Windows 10, go ahead and enable the second network adapter in your VM settings. Attach to host-only adapter and select the same network used with the server’s second network adapter. Once this is done, start the VM and insert the Windows 10 ISO to begin the setup wizard.
It is now time to configure the network adapter so that this system is properly placed into the host-only network. Open the Network and Sharing Center and open the properties for the correct network adapter. You can open PowerShell or command prompt to run ipconfig to see the network details for your adapters to ensure you are configuring the correct one and to confirm your changes. Open the Network and Sharing Center and open the properties menu for the host-only network adapter. Uncheck the IPv6 item and open the properties for the IPv4 item. Enter an available valid IP address based on your network details. The preferred DNS needs to be the IP address of your domain controller.
Run a test by pinging your domain controller. If you are getting a response from your domain controller you are ready to move on.
To join the workstation to your domain, you need to change the name of the computer. Open the System Properties in the Windows 10 workstation. Under the Computer Name tab, click Change. Name the computer and enter the domain name. Use the credentials for the Administrator account on your domain controller to authenticate the join.
That's it for this guide. I hope this gives you a good starting point for learning and practicing your system administration. I encourage you to add more complexity to your lab environment by setting up a secondary domain controller for fault tolerance, dedicated DNS servers, additional domains, and more workstations to practice with!