Introduction※
Setting up an Active Directory environment in a non-production setting can be a great way to experiment and learn, especially when using Proxmox. The platform offers several useful features like backups, snapshots, and cloning, making it an ideal choice for home labs. In this guide, I will walk you through the process of setting up an Active Directory environment in Proxmox.
To begin, you’ll need a Windows Server 2019 VM, along with a few Windows 10 VMs. Make sure the Windows 10 VMs are running versions that support domain joining, such as Windows 10 Professional, Enterprise, or Education.
I have templates for both Windows Server 2019 and Windows 10 set up in my Proxmox server, using the evaluation editions provided by Microsoft.
Creating the Network Bridge※
The first thing you need to do is set up a bridge in Proxmox so the VMs can communicate with one another. To do this, navigate to the Proxmox web interface, click on your node, then go to System > Network.
Create a new Linux Bridge by clicking Create > Linux Bridge. Label the bridge so you can easily identify it as the one used for your Active Directory lab. I’ve named my bridge vmbr1. After setting up the Active Directory lab, you’ll be able to add a network adapter to connect physical Windows devices to the domain.
Cloning the Windows Server 2019 Template※
With the network bridge in place, it’s time to clone the Windows Server 2019 template. Right-click the template and select Clone. Set the mode to Full Clone, assign a VM ID (I used 200), and give it a name (e.g., dc01-wse2019). Click Clone to create the VM.
Next, repeat this process for the Windows 10 template. I named my Windows 10 VM adclient01-01-w10l and gave it a VM ID of 201. Make sure you select Full Clone before clicking Clone.
The cloning process may take some time depending on your hardware configuration.
Configuring Network Settings for VMs※
Now we need to adjust the network settings for each VM. The Windows Server 2019 VM (VM ID 200) will act as the default gateway, so it requires two network devices. Add a second network device and choose the Linux Bridge we created earlier (vmbr1). Ensure the device model is set to VirtIO (Paravirtualized). The second network device should be connected to a bridge with internet access.
For the Windows 10 VM, modify the network device’s bridge to vmbr1 (the one we set up earlier). This will allow the Windows 10 VM to communicate with the Windows Server 2019 instance through vmbr1.
Setting Up Windows Server 2019※
Once the VMs are set up, you can start the Windows Server 2019 VM. The setup process will be similar to any standard Windows installation. Set the local administrator password, and log in. When prompted about discoverability, select Yes.
The first step is to rename the Windows Server. Navigate to Settings > System > About and click Rename this PC. I named my server DC01 and chose Restart Later.
Before restarting, rename the network adapters. Go to Control Panel > Network and Internet > Network and Sharing Center, then select Change adapter settings. Identify the adapter with internet access by double-clicking each and checking for connectivity.
Rename one adapter to Internet and the other to Internal, then restart the VM.
Configuring IP Address for the AD Network※
Once the VM has restarted, we need to set a private IP range for the Active Directory network. To do this, go to Control Panel > Network and Internet > Network and Sharing Center, and select Change adapter settings. Double-click the Internal network device, then click Properties, and select Internet Protocol Version 4 (TCP/IPv4).
In the properties window, choose a private IP address range. For my setup, I used 192.168.0.1/16. The domain controller’s IP address is set to 192.168.0.1, and since the server will act as the default gateway, no gateway is needed. I also set the DNS server to the localhost address (127.0.0.1) since the server will serve as the DNS server.
Click OK to apply the settings and close the window.
Installing Active Directory Domain Services※
Now that the server is configured, let’s install Active Directory Domain Services. In Server Manager, click on Add roles and features, then proceed with the default settings until you reach the Server Roles section. Select Active Directory Domain Services, click Add Features when prompted, and continue with the default settings until you can click Install. Once installation is complete, select Close.
Next, promote the server to a domain controller. Click the notification icon in Server Manager and select Promote this server to a domain controller. Choose the Add a new forest option, and enter the domain name (e.g., mydomain.com).
You’ll need to set a password for Directory Services Restore Mode. Afterward, accept the default settings for the rest of the prompts and proceed. Some warnings may appear during the process, but they are safe to ignore in a lab environment. The server will restart automatically once the promotion is complete.
Creating Domain Administrator Account※
Once the server restarts, log in with the built-in Administrator account. Open Active Directory Users and Computers from the Start menu (under Administrative Tools).
Expand the domain section (mydomain.com) and right-click on it, then select New > Organizational Unit (OU). I created two OUs: _IT Staff and _Staff.
To create a domain administrator account, right-click on the _IT Staff OU, select New > User, and enter the username and password for the domain admin account. I added the prefix admin- to the username to distinguish administrative accounts.
Next, add this user to the Domain Admins group. Right-click the user, select Properties, go to the Member of tab, and click Add. Search for Domain Admins and click OK.
Once added, log out of the Administrator account and log in with your newly created domain administrator account.
Installing RAS/NAT※
To enable internet access for the AD clients through the domain controller, we need to install RAS/NAT. In Server Manager, select Add roles and features, then proceed with the default settings until you reach the Server Roles section. Choose Remote Access to install NAT and click Add Features when prompted. In the Role Services section, enable Routing, then click Next until you can click Install.
Once installed, go to Tools > Routing and Remote Access. Right-click on the domain controller name (DC01) and select Configure and Enable Routing and Remote Access. Choose Network Address Translation (NAT) and select the Internet network adapter for internet access.
Click Finish to complete the configuration, and refresh if necessary.
Setting Up DHCP※
Next, we will set up the DHCP server. In Server Manager, go to Add roles and features, then proceed with the default settings until you reach the Server Roles section. Choose DHCP Server and click Add Features when prompted. Continue with the default settings until the install finishes, then click Install.
To configure the DHCP server, click the notification icon in Server Manager and select Complete DHCP Configuration. Enter the credentials for the domain account you created earlier.
Once complete, go to Tools > DHCP. Expand the options, right-click on IPv4, and create a new scope. Define the IP range (e.g., 192.168.0.2 to 192.168.255.254), exclude any addresses you want to reserve, and set the default gateway to 192.168.0.1.
Activate the scope and finalize the configuration.
Using a Script to Create Multiple Users※
If you need to create multiple users quickly, you can use a PowerShell script. The one made by Josh Madakor works quite well for this.
https://github.com/joshmadakor1/AD_PS/archive/master.zip
After downloading and extracting the script, run it in PowerShell ISE with administrative privileges. Set the execution policy to allow the script to run:
Set-ExecutionPolicy UnrestrictedModify the script to point to your user list and specify the desired OU. After running the script, refresh Active Directory Users and Computers to see the new users.
Configuring Windows 10※
Now, let’s move on to the Windows 10 VM. Start it up and go through the initial setup. When prompted to sign in, choose Sign-in options, then enter the username and password for the local administrator.
After setup, disable telemetry options. Once logged in, check the IP configuration by running ipconfig in a command prompt to ensure the Windows 10 VM has a valid IP address.
To join the domain, go to Settings > Accounts > Access work or school, and click Connect. Select Join this device to a local Active Directory domain, then enter the domain name (e.g., mydomain.com). Log in using the credentials for an account you created earlier.
After rebooting, you can log in to the domain by selecting Other User at the login screen.
Conclusion※
At this point, your Active Directory home lab is up and running. this guide gives you a solid foundation. Hosting the Windows Server in Proxmox allows you to take advantage of features like backups, snapshots, and easy VM restoration, making it an excellent option for testing and learning about Active Directory in a non-production environment.