It’s time to create the internal LAN network starting with a domain controller and Active Directory domain. I am going to install Active Directory on server core using PowerShell. I will start by cloning the template from the previous post.

Creating the Domain Controller

Prerequisite: Streamline and Simplify Installs: Create a Windows Server Template

Cloning a template saves significant time on new server creation. To clone the Windows server template, I just right click the template and select clone. I am going to create a full clone and call it AD.

Specify the name as AD and mode as full clone.
Naming the new server and selecting the mode

After running that I have to wait for the clone to finish creating. In Proxmox it has a lock symbol over the name until its done.

Lock symbol over the name showing it is still creating the server.
Proxmox is still creating the clone

After clone creation, I just start it and then I have to reset the Administrator account password. Sysprep removed all existing user accounts so I have to reset the password again.

Resetting the administrator account password on initial login.
Reset the administrator account password

Next I used SConfig to set a static IP address aligned to my network diagram, and configured the DNS server to use the Pi-hole in my DMZ. After that my server is ready for the Active Directory install.

Using SConfig to set a static IP address.
Setting a static IP address and DNS server using SConfig

Install Active Directory on Server Core

To install Active Directory on server core, I am going to use PowerShell. From PowerShell I run this command. After running I will see the progress on a bar at the top of the window.

PS C:\Users\Administrator> Install-WindowsFeature AD-Domain-Services -IncludeManagementTools -Verbose
Install Active Directory on Server Core using PowerShell

After the feature installation finished, I need to install the forest for my domain. The domain name I am using is corp.globomantics.local because I am using this lab for Pluralsight courses. The command to install the forest is:

PS C:\Users\Administrator> Install-ADDSForest -DomainName corp.globomantics.local

Once that runs I just need to set the Safe Mode Administrator Password and confirm that the server will be a domain controller after completion. After confirming, the servers creates the domain and becomes a domain controller.

Set safe mode administrator password and confirm that server is a domain controller
Confirm that the server will be a domain controller
Install-ADDSForest command running

After the install finishes the server reboots and then I need to login, check services, and configure DNS. I ran a dcdiag command to check the server and made sure it passed all the tests. Success! My domain is up and running.

Example output of dcdiag command
Check AD functionality by running dcdiag

Configure DNS for the internal domain

The next step is configuring DNS for our internal domain. The first check is making sure the DNS forwarders are set correctly to my Pi-hole in the DMZ.

PS C:\Users\Administrator> Get-DNSServerForwarder
Output of Get-DNSServerForwarder command
Check DNS forwarders and confirm they are correct

Next I had to configure the DMZ Pi-hole to allow requests from outside of the DMZ network. While the warning says potentially dangerous, since this server is not directly connected to the Internet it meets the home setup criteria.

Change Pi-hole Interface settings to permit all origins
Permit all origins set in Pi-hole to enable queries from outside of the DMZ

Now I can confirm that DNS is resolving correctly by pinging an external host and the internal domain.

Ping results showing that DNS is resolving correctly.

The last step for DNS configuration is adding a reverse lookup zone using PowerShell. I can add the zone using the command below and check it using the Get-DNSServerZone command.

PS C:\Users\Administrator> Add-DnsServerPrimaryZone -NetworkID "10.0.1.0/24" -ReplicationScope "Domain"
Example output showing Reverse lookup zone creation in PowerShell

Now that DNS is working correctly, I need to change the DHCP scope from pfsense to use the new server.

Changing pfsense DHCP to use the new server's IP address
Changing the DHCP settings in pfsense

Add Active Directory Users in Server Core

The last step I am taking is creating a new user to act as Globomantics domain administrator, Bob. I am going to create a user account and separate admin account called Bob User and Bob Admin. I can use PowerShell to create the accounts with these commands.

PS C:\Users\Administrator> New-ADUser -Name "Bob User" -GivenName "Bob" -Surname "User" -SamAccountName "BUser" -UserPrincipalName "Buser@corp.globomantics.local" -AccountPassword(Read-Host -AsSecureString "Input Password") -Enabled $true

PS C:\Users\Administrator> New-ADUser -Name "Bob Admin" -GivenName "Bob" -Surname "Admin" -SamAccountName "BAdmin" -UserPrincipalName "BAdmin@corp.globomantics.local" -AccountPassword(Read-Host -AsSecureString "Input Password") -Enabled $true

Adding the Bob Admin account to domain admins is another quick command.

PS C:\Users\Administrator> Add-ADGroupMember -Identity "Domain Admins" -Members BAdmin

That’s it, we have a domain, domain controller, DNS server, and domain admin. Globomantics internal network is ready for new users and computers. The first computer I am going to add is a Windows 10 machine that my user Bob Admin will use. I will install the Remote Server Administration Tools (RSAT) to enable remote administration of the servers.

Next: Creating the Windows 10 Template
Previous: Create a Windows Server Template