Post

Creating an Azure Active Directory Homelab

Posted Updated
Preview Image
By Ryan Kuczer 2 min read

Objectives

I made this lab during the summer of 2023 in my time preparing for more advanced roles beyond my current IT Support role at the time. It taught me a lot about the basics of Windows networking as well as Active Directory (now Entra ID).

Active Directory Structure

What is Active Directory

If you’ve ever had the chance to look inside a corporate business network, you will almost always see Active Directory being used to provision and manage all the workstations on the network. Active Directory is what makes Windows Servers so critical to large-scale business environments. With its easy-to-use management console and Single Sign-On (SSO) functionalities, Active Directory is a vital service used by most large organizations.

Active Directory is a server service designed to set security controls and permissions in a Windows environment. Given the vast number of workstations, services, and devices on a corporate network, there needs to be a way to centrally manage these devices while allowing for specific permissions on each one. Active Directory provides the means to achieve this.

In simpler terms, it’s what allows you to sign in on any workstation in an enterprise setting, even if you’ve never logged into that machine before.

Tools & Software Needed

  • VirtualBox
  • Windows 10 ISO File
  • Windows Server 2019 ISO File

Steps I Took

  1. Download and install VirtualBox
  2. Download Windows 10 and Server 2019 ISO File
  3. Create Domain controller VM with two network adapters that will house the AD itself. One adapter will be the outside internet and the other will be Virtual Box private network. IP addresses will then be setup on the corresponding NIC's.
  4. Install active directory and create a domain with NAT routing so the clients can reach the internet from the Domain Controller.
  5. Run a script to create 1000 fake active directory users.
  6. Create another VM to connect to the private virtual box network "Client1".

Scripts

The script to create the names of the users, keep in mind this is simplified for the purpose of this post.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

$PASSWORD_FOR_USERS   = "Password1"
$USER_FIRST_LAST_LIST = Get-Content .\names.txt
# ------------------------------------------------------ #

$password = ConvertTo-SecureString $PASSWORD_FOR_USERS -AsPlainText -Force
New-ADOrganizationalUnit -Name _USERS -ProtectedFromAccidentalDeletion $false

foreach ($n in $USER_FIRST_LAST_LIST) {
    $first = $n.Split(" ")[0].ToLower()
    $last = $n.Split(" ")[1].ToLower()
    $username = "$($first.Substring(0,1))$($last)".ToLower()
    Write-Host "Creating user: $($username)" -BackgroundColor Black -ForegroundColor Cyan
    
    New-AdUser -AccountPassword $password `
               -GivenName $first `
               -Surname $last `
               -DisplayName $username `
               -Name $username `
               -EmployeeID $username `
               -PasswordNeverExpires $true `
               -Path "ou=_USERS,$(([ADSI]`"").distinguishedName)" `
               -Enabled $true
}

Within this lab I was able to create a “mini corporate network” and demonstrate loggging in on a corporate machine with inherited permissions from the Domain Controller itself.

azure, ad
cloud it
This post is licensed under CC BY 4.0 by the author.