Introduction※
Setting up an Active Directory environment in a non-production setting can be a great way to experiment and learn, especially using Proxmox. The platform offers quite a few useful features like backups, snapshots, and cloning, which make it very good for home labs. In this walkthrough, I will show you how to set up an Active Directory environment in Proxmox.
To begin, you’ll need a Windows Server 2019 VM, along with a few Windows 10 VMs. Make sure the Windows 10 VMs are running versions that support domain joining, such as Windows 10 Professional, Enterprise, or Education.
I have templates for both Windows Server 2019 and Windows 10 set up in my Proxmox server, using the evaluation editions provided by Microsoft.
Creating the Network Bridge※
First of all, you have to create a bridge in Proxmox so that the VMs can communicate with each other. To do so, go to the Proxmox web interface, click on your node, and go to System > Network.
Create a new Linux Bridge Click Create > Linux Bridge Name the bridge so that you can easily identify it as the one to be used for your Active Directory lab. I named my bridge vmbr1. Once the Active Directory lab is set up you can add a network adapter to connect physical Windows devices to the domain.
Cloning the Windows Server 2019 Template※
Now that the network bridge has been set up, it’s time to clone the template for Windows Server 2019. Right-click the template and select Clone. Set the mode to Full Clone, enter a VM ID (I used 200) and give it a name I used dc01-wse2019. Click Clone to create the VM.
Do the same thing for the Windows 10 template. I named my Windows 10 VM adclient01-01-w10l with a VM ID (I used 201). Be sure to select Full Clone before clicking Clone.
The cloning process can take some time depending on your hardware configuration.
Configuring Network Settings for VMs※
Now it is time to configure the networking of each of our VMs. The Windows Server 2019 VM (VM ID 200) will function as a default gateway and thus needs to have two network devices. So add a new network device, then select the Linux Bridge created previously vmbr1, make sure to use the model to VirtIO (Paravirtualized), the second Network device should now link to bridge having access to internet.
For the Windows 10 VM (VM ID 201), change the network device to use bridge vmbr1. This will make it so that the Windows 10 VM can talk to the Windows Server 2019 instance using vmbr1.
Setting Up Windows Server 2019※
Setup your VMs: Once the VMs are installed, you can boot up the Windows Server 2019 VM. The installation wizard will be pretty much the same as any normal install of Windows. Set your local Administrator password and log in. When prompted for discoverability, choose Yes.
Rename the Windows Server first: go to Settings > System > About, and click Rename this PC. I named my server DC01 and chose Restart Later.
Before rebooting, rename the network adapters: Go to Control Panel > Network and Internet > Network and Sharing Center, and click Change adapter settings. Double-click each to find out which one has the internet connection.
Rename one to be Internet and the other Internal, and then reboot the VM.
Configuring IP Address for the AD Network※
Once the VM has rebooted, we need to set a private IP range for the Active Directory network. Open Control Panel > Network and Internet > Network and Sharing Center, and select Change adapter settings. Double-click the Internal network device, then click Properties, and select Internet Protocol Version 4 (TCP/IPv4).
In the properties window, select a private IP address range. In my setup, I used 192.168.0.1/16. This makes the IP address of the domain controller 192.168.0.1. Since the server will be the default gateway, there is no need to specify a gateway. I also assigned the DNS server to the localhost address that is, 127.0.0.1 since the server will act as the DNS server.
Click OK to save changes and close the window.
Installing Active Directory Domain Services※
Now that the server is configured, let’s install Active Directory Domain Services. From Server Manager, choose Add roles and features, then just go through the defaults until you get to the Server Roles area. Under Server Roles, choose Active Directory Domain Services. At the prompt to add the Features, choose Add Features and continue through the defaults until you can choose Install. After installing, choose Close.
Next, promote the server to a domain controller: Click the Notification icon in Server Manager, then select Promote this server to a domain controller. On this step select, Add a new forest option enter your desired name for your domain, for example, mydomain.com.
You will also be prompted to set a password for Directory Services Restore Mode. Then for all the following screens, just click Next and let it use all the defaults; some warnings might come up throughout, but these can be ignored in a lab setup. The server automatically restarts when the promotion completes.
Creating Domain Administrator Account※
Once the server reboots, log in using the default Administrator account. From the Start menu, open Active Directory Users and Computers (under Administrative Tools).
In the Active Directory Users and Computers window, expand the domain section (mydomain.com), right-click on it, and choose New > Organizational Unit (OU). I created two OUs: _IT Staff and _Staff.
To create a domain administrator account, right-click on the _IT Staff OU, go to New > User, and fill in the username and password for the domain admin account. I added the prefix admin- to the username in order to distinguish administrative accounts.
Now, add this user to the Domain Admins group. Right-click the user, go to Properties, go to the Member of tab, and click Add. Search for Domain Admins and click OK.
Once added, log out of the Administrator account and back in with your newly created domain administrator account.
Installing RAS/NAT※
To enable internet access for the AD clients through the domain controller, we need to install RAS/NAT. In Server Manager, select Add roles and features, then proceed with the default settings until you reach the Server Roles section. Choose Remote Access to install NAT and click Add Features when prompted. In the Role Services section, enable Routing, then click Next until you can click Install.
Once installed, go to Tools > Routing and Remote Access. Right-click on the domain controller name (DC01) and select Configure and Enable Routing and Remote Access. Choose Network Address Translation (NAT) and select the Internet network adapter for internet access.
Click Finish to complete the configuration, and refresh if necessary.
Setting Up DHCP※
Next, we will install a DHCP server. In Server Manager, go to Add roles and features, then follow the defaults through until you reach the Server Roles section; there, put a check mark next to DHCP Server, and when prompted to do so, click Add Features. Follow the defaults through until you reach the end of the install and click Install.
To configure the DHCP server, in Server Manager, select the flag icon and then select Complete DHCP Configuration. Sign in using the credentials of the domain account you created in the preceding steps.
Now go to Tools > DHCP. Select options and right-click on IPv4 to create a new scope. Define the IP range for example, it could be between 192.168.0.2 and 192.168.255.254. Exclude any addresses you want to reserve, and set the default gateway to 192.168.0.1.
Activate the scope and finalize the configuration.
Using a Script to Create Multiple Users※
If you have to create a bunch of users in a hurry, you can use a PowerShell script. The one written by Josh Madakor does the job very nicely.
https://github.com/joshmadakor1/AD_PS/archive/master.zip
Download and extract the script, then run it in PowerShell ISE as an administrator. Set the execution policy so the script can be run:
Set-ExecutionPolicy UnrestrictedModify the script to point to your user list and specify the desired OU. After running the script, refresh Active Directory Users and Computers to see the new users.
Configuring Windows 10※
Now let’s move on to the Windows 10 VM. Start it up and go through the initial setup. When prompted to sign in, select Sign-in options, then enter the username and password for the local administrator.
After setup, disable telemetry options. Once logged in, check the IP configuration by running ipconfig in a command prompt to ensure that the Windows 10 VM has a valid IP address.
To join the domain, go to Settings > Accounts > Access work or school, and select Connect. Select Join this device to a local Active Directory domain and enter the name of the domain (for example, mydomain.com). Log in with the credentials of an account you created earlier.
You should now be able to log in to the domain after reboot by selecting Other User at the login screen.
Conclusion※
Now, you should have a running Active Directory home lab at this point. That gives you a pretty solid starting point. By hosting the Windows Server on Proxmox, you can take advantage of features such as backups, snapshots, and easy VM restoration this is one of the best ways to test and learn about Active Directory in a non-production environment.