UH1: Université Hassan 1er de Settat, Maroc

Faculté des sciences et techniques Settat

-SETTAT-

5 art ctive directory and Do ai

joins
MST IRISTI
 In this lab we are going to install Windows Server 2016. Open Virtual Box.

Select the VM and press start.

Select the language and Keyboard method. I select English. And click next. Then install now.

Choose the Windows Server 2016 Datatcenter Evaluation (Desktop Experience). Then Click Next.
Accept the license term checkbox, and click next.

Choose the Custom: Install Windows only (advanced).

Choose the drive you want to install the

operating system on and click next. Allow the
install to complete.
Once the installation is complete you will need to type in a password. Make sure you remember the
password.

Now the system will finish the installation and you will be brought to the login screen. Login with the
credentials you just created.

We have successfully installed Windows Server 2016. In the next lesson we will be finishing up the
installation by installing things like Virtual Box Guest Additions.
 Basic Windows Server 2016 Configurations
We are going to install VirtualBox Guest Additions, setup the computer's network configuration and make sure
it can reach the internet as well as communicate with our Host computer and finally, we will change the
computer name.

Power on the VirtualMachine and press Right-Crtl+DEL and enter your login credentials. Wait for the server to
fully load then at the top of the VM window, select “Devices > Insert Guest Additions CD image…”.

Open File Explorer by clicking the folder icon on the task bar. Select “This PC” on the left side of the File
Explorer. Under Devices and Drives you should see the VirtualBox Guest Additions CD.

Double click on this CD to launch the installation. Once the welcome screen appears click next through the
prompts and select Install. During the installation process you will be asked to install device software. Click the
Install button to continue.
Once the installation is complete you will be required to reboot the server. Choose the finish button and
wait for the server to complete the reboot.

Once the computer reboots, go back into your desktop and wait for Windows to fully load. Once Windows is
fully loaded you need to open Server Manager and Command Prompt. To do this, click the windows button
in the bottom

left and choose the server manager button. I recommend that you right-click on this button, choose “More
> Pin to taskbar” as you will be using it quite often.

Once you are done with that I also recommend that you pin command prompt to the taskbar. You can
find the command prompt launcher by clicking the windows button again and searching for “cmd”.
Now we are going to setup our network connection for our Host-only network. If you are running a physical
Server or your particular environment doesn’t use VirtualBox or a Host-only network you can skip this step.
However, if you have been following all of th e steps I have done so far continue on and follow these steps.

Open command prompt and enter the commnad “ipconfig”. This command will list our computers networking
adapters and configurations. We are looking for your two ethernet adapters 1 and 2.

If you do not see the same settings I do then you likely do not have the exact same network settings that I
have on the Guest VM. Notice the first adapter has an IP address of 10.0.2.15. I have assigned adapter 1 on my
VM to be a NAT adapter and this is the IP address that was automatically configured for my VM (note that
yours could be different). If I attempt to run the command “ping google.com” for example, I can test to see if I
have internet connectivity.

I can see I am getting replies from Google.com. This tells me that I am connected to the internet. Now I need
to get the second adapter working. Notice the IP is is a 169.254.***.*** address. This means that the computer
itself was unable
to find a DHCP server on the network and instead assigned a private IP address to itself. We need to configure
an IP address the is on the same network as the Host-only network we have created in previous lessons. To do
this, we need to exit the full screen on the VM (Crtl + F) and open File > Preferences on the VirtualBox window.
Navigate to Network tab and select “Host-only Networks”. Select your Host-only network and click the “Edit
Selected” button.

Notice if you navigate to the DHCP Server tab it is turned off. This is what our VM got a 169.254.***.*** address.
Do not turn this back on however as we will be creating our own DHCP server on this VM later . We need to
give our VM’s second adapter an IP address in the range of 192.168.0.2-254. Navigate back to your Guest VM
and open the Server Manager Window. Choose the “Local Server” tab and edit the settings for “Ethernet 2” by
selecting the blue “IPv4…” text to the right.
Right click on the Ethernet 2
Adapter and choose Properties.
Uncheck the “Internet Protocol Version 6” checkbox, select “Internet Protocal Version 4” and choose
Properties. Check the “Use the following IP address:” and enter the following information.

Each group of numbers between the dots are referred to as octets. Remember, you can use any address
between 2 – and 254 for the last octet of your IP address. The reason behind this is that the .1 address is our
network gateway, and
.255 is our broadcast address – the imporant thing to remember is that neither of these ip address are available
for use. I am going to choose .10. Choose the subnect mask and this information will be automatically prefilled.
Next, choose the “Default Gateway”. This will be the address of our network. If you remember, we set this in
VirtualBox to be the 192.168.0.1 address.

For DNS settings we are going to set the preferred DNS server to a loopback IP address which is 127.0.0.1.
This IP address points back to the local server, and although we haven’t built the DNS server yet we will be
doing that in the future. For the alternate IP address we will use Google’s DNS servers which is 8.8.8.8. Select
OK and close out of the Properties window.

Now before we can communicate between our other VMs and our Host we need to modify the firewall settings
of our local server. Go back to the Server Manager > Local Server and modify the settings for “Windows
Firewall”.

Choose Advanced settings on the left hand side of the screen and click “Windows Firewall Properties”.
We need to customize the protected network connections for Domain, Private, and Public profiles. Choose
the “Customize” button for “Protected Network Connections” and uncheck your Host-only network which
in my case is “Ethernet 2”.

Select OK and repeat these steps for the Private and Public profiles. This will allow traffic on our Host-only
network to passthrough our network adapter without being blocked or rejected.

Now we need to verify that we can communicate between our Host computer and our Guest VM. To do this we
are going to attempt to ping our Guest VM from our Host computer. Exit full-screen on the VM and on your
Host Computer open Command Prompt. Attempt to ping the VM by typing the ping command followed by
the IP address of the Server you just configured. In my case I set it to 192.168.0.10 so I will attempt to ping this
address.
Here we can see that I can successfully ping the Guest VM. Now we have a VM server that can reach the
internet as well as communicate with other VMs and the Host computer.

Next we are going to rename the server. By default the server will be named with a “WIN” prefix. To change
your server name, open the Server Manager and navigate to Local Server. Click the computer name to open the
System Properties.

Select “Change” and enter a new name. I am going to type in the name “ITFDC01”. ITF stands for my
website name, “itFlee” and DC stands for “Domain Controller”. The 01 simply means that this is the first
domain controller on this network.

Click OK and click OK again when you are notified you must restart. Select Close on the “System Properties”
and choose “Restart Now” when the window appears.

Now we are done making the basic configuration changes. See you in the next lecture!
The goal of this lab is to help you understand how you are supposed to use Windows Server 2016. We are
going to cover various key components that are commonly used by System Administrators who manage
Windows Server 2016 servers.
The primary way you manage your server is with a program that is included with all versions of Windows
Server called “Server Manager”. By default, Server manager will launch when the operating system starts, but
if it doesn’t you can start it by clicking the Windows button and selecting “Server Manager”.

Server manager allows you to manage your local server as well as other servers on your local network. From
here you can manage the computer name, IP address, firewall settings, Windows updates, view Events,
Services, and much, much more. On the left pane you will see Dashboard, Local Server, All Servers, and File and
Storage Services. The first three
items relate to the server or remote servers. The fourth is a server role called “File and Storage Services” (note
that this is installed by default). Whenever you install new server roles they will appear in this pane.
The dashboard gives a quick overview of your server and allows you to configure the server quickly. If there
are any issues with the local server or remote servers (such as a service that failed to start) you will see them
on this screen. To see errors with remote servers you need to first add them as a remotely managed server.
Errors with remove servers will be shown under the “All Servers” section.

The local server tab will give you detailed information about the server you are currently logged into. If you
need to change anything from the computer name, domain membership, firewall, network settings etc, this is
the place to do it. You will also have all of your events and services listed here. There is much more to the local
server tab, but this is the most important parts of it. The all-servers tab allows you to view the same
information on the local server and for remote servers, but you cannot change the server properties (computer
name, domain, firewall settings, etc).

The last tab is File and Storage Services. This server role includes technologies that help you set up and
manage one or more file servers, which are servers that provide central locations on your network where you
can store files and share them with users.

Let’s talk about two key terms that you must know in order to successfully work with Windows Server 2016;
Roles and Features.

Roles
A server role is a set of software programs that allow a server to provide a specific service to its network. An
example of a role would be adding the DHCP role to our server. This will allow the server to act as a DHCP
server
Features
Features are individual software programs that are sometimes required to be installed by roles, although
they can be independently installed without roles as well.
You can add or remove roles and features by selected the Manage button at the top right hand corner of
the Server Manager window and selecting either “Add” or “Remove Roles and Features”

The windows for adding and removing roles are nearly identical. One allowing you to check checkboxes for
roles and the other allowing you to uncheck role checkboxes. If you open the “Add Roles and Features”
window you will be presented with the “Before You Begin” tab. This tab has no functionality and is simply
informational so I recommend that you
check the “Skip this page by default” checkbox and click next.

The Installation Type tab gives you two options. The first option is the most common and is for installing
roles and features on a single server. The second option is for installing roles onto a virtual machine (not
related to VirtualBox). Choose the first option and click next.
If you have added remote servers to manage then they will be listed here. You can also choose to install the
roles on a virtual hard disk. Unless you are using Hyper-V (we are using VirtualBox), you likely won’t use this
second option. Click next.

On the Server Roles tab, you can choose any of the roles you would like to add to the server. If you only want
to install features, you do not have to check any of these checkboxes. For this lecture, we are going to install
and uninstall roles and features so you understand how it works. Choose the “Fax Server” check box. You will
get a popup stating that you need to add required features in order to install this role. Click “Add Features”,
and then click Next.
The Features tab looks very similar to Server Roles tab. If we had not selected any roles to install, we would
not be able to progress past this screen. It is important for you to know that you do not have to install roles,
but you must at least install features in order to complete this wizard. The features required by the Fax Server
role are already checked for installation, so simply click next to continue.

The next screen will prompt us about the new Fax Server role we are installing. Generally, when you add a new
server role, you will have some type of informational tabs added to the wizard. Click Next through the
prompts. When you are brought to the Role Services tab, you can check additional services if you would like
them. Since this role is temporary and just an example, I am not going to include any of these optional role
services. Click Next.

Now we are brought to the Confirmation tab. If you would like you can check the “restart the destination
server…” checkbox but I am going to leave it unchecked since I plan to uninstall the role immediately. As a
general rule, it is a good idea to check this checkbox.

Click Install and you will be brought to the results window.

Note that you may close this wizard at any time, and the installation will still continue. Once the window is
closed, you may view the progress by clicking on the flag icon on the top right-hand corner of Server
Manager.

Once the installation is complete, refresh Server Manager by either pressing F5 or by pressing the refresh

button next to the notifications button.

On the notifications button you will see new notification stating that you must complete the post-
deployment configurations.

Just about every role you install will require some type of post-deployment configuration – since we are
about to uninstall this role, we do not need to complete this. Now, let’s uninstall the newly installed Server
Role. Click Manage >
“Remove Server Roles and Features.” Click next through the prompts, choosing the same settings we did
when adding the Server Role. When you get to the Server Roles tab, uncheck the “Fax Server” checkbox.

You will get the popup stating that you can remove the features that were required by the server role. Notice
that this list is not exactly the same as the features we were required to install. This is because we will need to
uninstall additional roles as well. Click the Remove Features button and uncheck the “Print and Document
Services” checkbox. Again, you will be prompted to remove features that require the role. Click the Remove
Features button.

Click Next until you reach the confirmation Window. This time, check the “Restart the Destination Server
Automatically
if required” checkbox. Select Yes when you receive the warning message about the reboot. Click the Remove
button and wait for the uninstall to finish and the Server to reboot.
In this lecture we are going to create a Domain Controller by installing the Active Directory Domain Services (AD
DS) role. Remember that any server running the AD DS role is considered a domain controller. We are going to
add this role to our server and create a new domain called for example “itflee”. if you would like you can create
any domain name you want. You won’t break any “real” websites since there are no internet DNS servers
pointing to the domain that we are about to create. Finally, once we add the AD DS role we will promote the
server as a Domain Controller.

You should already know how to install a server role on the server you are currently logged in to but I am going
to cover the steps again. Open Server Manager and select Manage > Add Roles and Features

On the Installation Type Screen leave the default option “Role-based or feature-based…” checkbox check and
click next.

On the Server Selection screen choose the server we built earlier called “ITFDC01” and click next.

In the server roles list choose the “Active Directory Domain Services” role . You
will see a popup window stating you cannot install AD DS unless certain role services or features are also
installed:
Click the Add Features button and then click Next to proceed to the Features screen. We do not need
any additional features as all the required features were already added. Again click Next. Now you will be
brought to the AD DS screen. It tells us that we will also need install the DNS role if we do not already have it
set up.

Click Next and continue on to the Confirmation screen. Here we can see the roles and features we are about
to install. Click Install and wait for the installation to finish. Once the installation is complete you will have
post-deployment configuration steps to complete as well:
Click the notification flag next to manage and choose “Promote this server to a domain controller”.
The AD DS configuration wizard will appear giving us three options:

The first option, “Add a Domain Controller to an existing domain” is for adding additional domain
controllers to a domain you have already created. This option is not suitable for us now because we have
not created a domain yet.

I am going to enter itflee and click next. It will take a second before the Domain Controller Options screen will
appear to just be patient while it processes. The first two options Forest Functional Level and Domain
Functional Level specify which operating system the DC will use. You need to specify the OS you are using (in
this case it is Windows Server 2016).

There is a bug with the latest version of Server 2016 where the developers did not configure this screen to
show the latest version as “Server 2016” but instead show it as the “Windows Server Technical Preview” so I
have to choose this options.
Make sure the Domain name System (DNS) server checkbox is checked. If you remember, when we installed the
AD DS role it said that we had to install this in order for the DC to function properly. The Global Catalog option
means that the server will list all active directory objects. This is a requirement for a primary domain controller
or when we are creating a new domain forest.

If you choose the Read Only Domain Controller option, then the domain controller will not be able to make
changes to the domain. We will want to make changes to our domain so do not check this checkbox. Type in a
DSRM password and make sure that you either write it down or memorize it.

The DSRM (Directory Services Restore Mode) password allows an administrator to take an instance of AD
offline for reasons like maintenance or troubleshooting. This is not a commonly used password but you will
want to keep “just in case”. Click next to proceed on to the DNS options.

On the DNS Options screen you will see a warning about the DNS delegation.

This warning means that people on the internet will not be able to resolve local DNS names on your local
DNS server (names like itflee.com or ITFDC01 etc). This is fine because we don’t want people on the internet
to be able to access our server for security reasons. Click next and proceed on to the Additional Options.

The NetBIOS domain name is populated for us as ITFLEE. The NetBIOS name is an abbreviate of the Fully
Qualified Domain Name (FQDN) which is itflee.com. I am going to leave this at the default of ITFLEE and
click continue.

On the Paths screen we can see the default paths chosen for the folders that are required by AD DS. If you
would like to choose an alternate drive you can do so by clicking the “…” button and choosing the alternate
path. I recommend that you leave them at the default setting and click next.
We are brought to the Review Options screen where we can see all of the options we have chosen so far. If you
would like you can click the “View script” button and you will be presented with a powershell
script that you can save in order to later execute and quickly complete the wizard with the same settings we
just used. Close the powershell script and click next.

Now we are brought to the “Prequisites Check” window. The wizard is going to go verify that the server is
ready to be promoted as a DC. This will take a few minutes before it is ready so just be patient wait for it to
complete the checks. Once the checks complete at the top you will see that all prerequisite checks have
passed:

If you have errors, you can address the errors (Google is your friend) and click the rerun prerequisite checks text:

Under the view results window we can see there are various warnings. None of these are critical but it is worth
reading through them. We can see that the first one is a security setting stating that anything with
crypography not compatible with Windows NT 4.0 will be blocked. This is not an issue for us because we are
not using old servers or old technology.

The second is in regards to our first networking adapter not having a static IP address. This is because the first
adapter is connected to our NAT adapter and will not be used for our local domain. This can be ignored.

The third warning is about the DNS delegation. Again we do not care if people on the internet can resolve
our DNS records within our network.
Click the install button and wait for the installation to complete and the server to reboot. This can take a good
while depending on the speed of your server so you will need to be patient while it works. I am going to speed
up this video so you don’t need to sit and watch the entire installation.

Once the installation completes and the server reboots, press ctrl+alt+del to log in. The first thing you will notice
is the NetBIOS name of our domain preceeds the user account we are logging into (in this case,
“ITFLEE\Administrator”). This is in the format of [Domain Name]\[Domain Username].

If we had multiple domain names, we could specify a different domain name by typing the name of the domain
we want to use followed by a backslash and the name of the user account you want to log into. Type in the
password you used to create the administrator account when you installed the server and log in. Under the
server manager you will see the new server roles of AD DS and DNS.
We have successfully built a Domain Controller.

In this lab also, we are going to download a Windows 10 ISO installation file from Microsoft. An ISO file is a
disc image file that can emulate a CD or DVD. This file cannot be natively opened on Windows, but VirtualBox
will be able to read the ISO and get the Windows installation files from the ISO. It’s important for you to know
that we are going to complete this lecture from our Host computer and not from a Virtual Machine.
To download Windows 10, open your preferred web-browser on your Host computer and navigate to
google.com. In the search bar type in “Windows 10 Download Tool”. The first result with be Microsofts software
downloads page that allows us to download the Windows 10 Media Creation Tool. Click the Download tool
now button and wait for the download to complete.
Once the download is complete, launch the installer file.

Once the installation has begun, accept the license terms and on the following screen you want to
select Create installation media for another PC and click Next.
On the next screen you can leave the default settings or if you want you could customize them by
unchecking the Use the recommended options for this PC checkbox. I am going to leave them at the
default setting and click Next.

On the next screen choose the ISO file checkbox. This option allows us to download an ISO file that we can
later mount to a VM and use to install Windows 10.
Click Next and choose where you want to save the new ISO file. I recommend that you change the name
from Windows.iso to Windows10.iso. We don’t want to be confused between this ISO and Windows
Server ISO later on down the road.

Click Save and now we simply need to wait for the download to finish.
we are going now to create a new VM and install Windows 10. The reason why we are doing this is so we can
later join the new computer to our Windows Domain and learn how to manage a client computer from a DC.
To get started, the first thing we need to do is create a new Virtual Machine. Open VirtualBox and click on the
New button.

The Create Virtual Machine window will appear. If you see the Expert button at the bottom of the Window,
go ahead and switch over to that mode.

I am going to name my VM “Windows 10 VM”. Once I input that name it automatically selects the Type,
Version and Memory Size. Make sure you check the Create a virtual hard disk now checkbox and click
Create.

The Create Virtual Hard Disk window will appear. Leave the file location at the default setting. Specify the
HDD size you want in gigabytes. I am going to use 80 GB. Make sure Dynamically Allocated is checked and
click Create.
Now we need to mount the Windows 10 ISO we downloaded earlier. To mount an ISO means to virtually
insert the disc into the computer (or VM). Right-click on the VM and select Settings. Navigate to the Storage
tab.

Select the empty disc icon and under Attributes on the right side of the window click the disc icon and
select Choose Virtual Optical Disk File…
Browse to and open the Windows 10 ISO we downloaded earlier with the Microsoft Media Creation Tool.
Now you should see “Windows10.iso” in the CD icon under the Storage Tree.

The last thing we need to do is put our VM on the Host-only network we previously created for our domain
controller. Click on the Network tab and choose Adapter 2. Check the Enable Network Adapter checkbox
and change the Attached to dropdown list from NAT to Host-only Adapter. Make sure that the same
network you’re using for your DC is listed under Name.

Click OK to close the settings Window. We are now ready to begin the installation of Windows 10. Right-click
on the VM and choose Start > Normal Start. The VM will begin to power on an it will load the Windows
installation files.
Once the initial loading is complete you will be prompted to enter your language, time settings and keyboard
method. Make sure you select the correct Keyboard method as this can making using the OS nearly impossible
if it is wrong. Mine is configured correctly by default so I am just going to click Next. On the next screen click
Install now. The following screen will prompt you to enter your license key. If you have one you may enter it
now otherwise click the I don’t have a product key button at the bottom of the screen.

The next screen will ask you what version you want to install. Select the appropriate version you would like to
install and click Next.

You now need to accept the license terms and click Next. Since we do not already have an OS installed
that we are upgrading, we need to choose Custom: Install Windows only (advanced).
The next screen asks us to choose the HDD we want to install the OS on. The default options are fine so I
am going to click Next. Now the installation will begin. This will take about 20 minutes to complete so I am
going to speed up this video. You can pause this lecture until your installation is complete and we will
complete the installation.

Once the installation completes you will be brought to the Get going fast screen. Click Use Express settings to
continue.
On the next screen you will need to specify who owns the PC. Since we are going to join this computer to a
domain you will want to select My work or school owns it and click Next.

On the next screen we want to choose Join a local Active Directory domain and click Next.
Now we need to create our local user account for this machine. I am going to use the username paul.hill.local
and I will create a password and a hint. Click Next. Now we need to decide if we want to use Cortana or not. I
am going to choose Not now because I don’t want the computer slowed down unnecessarily by Cortana.

Now the desktop will load and we are done install Windows 10.
In this lecture we are going to join our newly created Windows 10 VM to our itflee domain. The first thing we
will need to do is manually configure our TCP/IP settings so we can communicate with our DC then we can
rename the computer and join it to our Domain. We will also switch over to our Domain Controller and see
where our new computer was automatically placed in Active Directory. In order to complete this lecture, we will
need our Domain Controller running so we can join our new Windows 10 VM to the domain.

Open your Windows 10 VM and if you still have the “VirtualBox Guest Additions CD Image” mounted we can
unmount it by selecting Devices > Optical Drives > Remove Disk from optical drive. Now we need to log
into the VM. Press right- crtl+del and type in your user credentials that you created when you installed the OS.
Once you are logged in and Windows has fully loaded, click the Start button and search for “Network”. Click
Network and Sharing Center when it appears.

Select the Ethernet 2 text on the right hand side of the screen.

Choose the Properties button. Uncheck IPv6 since we are not going to be using this internet protocol.
Select IPv4 and choose Properties.

Select the Use the following IP address checkbox and for the IP address enter 192.168.0.50 - we could use
any unused IP address ending with 2 – 254 but I am going to use .50. Press the tab key and the Subnet mask
will be automatically populated as 255.255.255.0 which is correct. Now under the Default gateway enter
192.168.0.1 which is the same address as the host only network we created in VirtualBox. For the Preferred
DNS server we want to enter the IP of our DC which is 192.168.0.10.
Click OK and close out of the IPv4 Properties and Ethernet 2 Status windows. Now we want to verify that we
can communicate with our DC by attempting to ping it. A ping command sends a message to a target
computer and asks for a response. If we get a response, we know that we can communicate with the target
computer. To ping a computer, we need to open Command Prompt. Press the start button and type “CMD” in
the search box. You will see Command Prompt show up in the results.

Start Command Prompt and enter the command ping “192.168.0.10”.

We can see that we are getting responses back from our DC. Now that we know we are able to communicate
with the DC we need to rename this computer and join it to our Windows Domain. Press the Windows
button again and search for “System”. Click the Control Panel System that appears in the search results.

You will see a section called “Computer name, domain, and workgroup settings”. Click the Change settings
text to the right of this.

The System Properties window will appear. Click the Change… button in the middle of the screen. Enter a
computer name. I am going to use “ITFWS001” for ITFLEE WORKSTATION 001. Check the Domain checkbox
and enter the name of the domain you want to join. In my case it is “itflee”
Click OK. Now we will be prompted to enter our domain administrative credentials so we can join this
computer to the domain. We can use the “Administrator” account we used to create our Domain Controller.
Enter the username
“Administrator” and the password you used when creating your domain controller VM.

Click OK. In a moment you will see the “Welcome to the itflee domain” message appear. Click OK and you will
then be notified that you must restart the computer. Click OK and Close the computer settings window.

Now you will be asked to reboot your computer. Click Restart Now and wait for your computer to reboot.
Now while the computer is rebooting let’s switch over to our Domain Controller. If you are in full screen
mode on the Windows 10 VM press right-crtl+F to exit full screen mode and switch over to our Domain
Controller. Log in to your DC and once Windows fully loads open Server Manager and select Tools > Active
Directory Users and Computers.

Navigate to itflee > Computers. Notice we can see our new workstation has been added to built-in OU
called Computers.

Now our Windows 10 workstation is on the same network as our Domain Controller and we have successfully
joined it to the Windows Domain that we created earlier.
FIN.