Adding an Active Directory Forest to Our Proxmox Lab

In this module, we will cover the steps to set up a small Active Directory forest in Proxmox, including a domain controller and two client computers

8 months ago   •   16 min read

By 0xBEN
Table of contents

This page is part of the larger series of converting an old laptop into a bare metal home lab server. Click the link to be taken back to the original post.

Proxmox VE 7: Converting a Laptop into a Bare Metal Server
In this post, we will take a look at an in-detail process of setting up a Proxmox home lab on a bare metal server.




The nature of this section is to help you get the following components added and connected to form a small Active Directory (AD) forest:

  • Domain Controller (DC)
  • 2 Windows 10 Enterprise hosts

This is not intended to be an exhaustive resource on AD.





Warning: Additional Compute Resources Required

Windows is a very demanding operating system. If your Proxmox node is running out of resources as you have been building out your lab, you have the following options:

  • Upgrade any hardware components where possible
  • Power off some other VMs or containers and see if you can free up resources
    • Keep the Windows hosts off whenever you do not need them
    • Remember, you will need the resources available whenever you want to run the Windows hosts
  • Add another Proxmox server and build out your lab over there
    • This option will require you to rebuild a pfSense lab with Open vSwitch and any desired VLANs. It won’t need to be an exact copy of the one we already set up




Getting the ISO Files

Refer back to this page for links to download Windows ISOs.

Running Windows Guests on Proxmox
In this module, we will look at the optimal way to run Windows guests in our Proxmox home lab

Once the ISOs are downloaded, be sure to transfer them to your Proxmox node.





Staging the Network

Adding a VLAN

I am not going to walk you through creating the VLAN. We've already learned this exercise. Please reference the link below if you need a refresher on adding new VLANs, interfaces, and subnets to your cyber range.

Create a pfSense VM for Security Infrastructure
In this module, we will look at setting up a pfSense firewall in VM to segment our home lab network

You need to add this VLAN to your cyber range:

  • VLAN ID Number: 80
  • VLAN Network ID: 10.80.80.1/24
  • Interface Name: AD_LAB




Creating an AD Lab the Insecure Way

Typically you should not put your domain controllers (DC) on the same subnet as the clients. You create a separate /29 subnet and put your DCs there. Then, create a separate subnet for your clients and make them routable.

While it would be good to adhere to best practices, this is a learning environment. Therefore, you will be creating a flat AD lab network, and putting all of the infrastructure on the same broadcast domain. That way you can leverage as many attacks as possible.

Kali and the AD infrastructure are all in the same broadcast domain




Getting Kali on the AD VLAN

We started out by putting Kali on the native LAN. We need to move Kali to the AD VLAN in order to learn about as many attacks as possible. It's easy to make the change.

  1. In Proxmox, change the Kali VM's network interface so that it is on VLAN 80
  2. In Kali, run these commands:

Replace <interface-name> with your Kali VM's interface

sudo ip link set <interface-name> down
sudo ip link set <interface-name> up




Putting Kali Back on the Native VLAN

If you want to move Kali back to the native VLAN, just reverse your steps:

  1. In Proxmox, change the Kali VM's network interface so that there is no VLAN ID
  2. In Kali, run these commands:

Replace <interface-name> with your Kali VM's interface

sudo ip link set <interface-name> down
sudo ip link set <interface-name> up




Running Windows Guests on Proxmox

Refer back here for a refresher on general best practices when running Windows guests on Proxmox.

Running Windows Guests on Proxmox
In this module, we will look at the optimal way to run Windows guests in our Proxmox home lab




Windows Server 2019: The Domain Controller

Installation and Initial Setup

This is your template when creating the VM in Proxmox.

General

OS

System

Hard Disk

CPU

Memory

Network

Drivers Disc

Add another CD/DVD drive to your VM and load the VirtIO drivers disc.

Don't start the VM yet!





Setting a Static DHCP Reservation

Get the Windows Server 2019 VM's MAC address and copy it to your clipboard.

Log into your pfSense VM at https://pfsense-ip-address. Go to Services > DHCP Server > AD_LAB.

Scroll down to the bottom of the screen and click the Add button.

Don't start the VM yet!





Change the AD_LAB DHCP Settings

We want the AD VLAN to have a specific DNS hierarchy.

  • DNS Server 1: Domain Controller
  • DNS Server 2: Default Gateway

All DNS requests will initially go to the domain controller. Anything the DC is unable to resolve will go to the default gateway.

We also want to add all AD VLAN hosts to a different domain name. The reason for this is that when you set up a domain controller, you are going to define a domain name. In my lab, I have defined my AD domain as ad.lab.

We want the domain name to be different from the domain name used by pfSense. That way there won't be any collision when trying to look up hosts joined to the domain.

Additionally, we still want the hosts to be able to search for other hosts on cyber.range domain.





Verify the Boot Order

Ensure the VirtIO drivers disc is unchecked.





Installing Windows Server 2019

Power on the VM and open a NoVNC console.

Choose your language and click Next.

Choose Install Now and choose Windows Server 2019 Standard Evaluation (Desktop Experience)

Click Next. Accept the terms and conditions. Choose Custom: Install Windows Only.





Load the SCSI Driver

Choose Load Driver > OK

Click Browse and expand this disk

Go to vioscsi > 2k19 > amd64

Choose this driver

Click Next and wait for it to finish loading.





Load the Network Driver

Choose Load Driver > OK

Click Browse and expand this disk

Go to NetKVM> 2k19 > amd64

Choose this driver

Click Next and wait for it to finish loading.





Finish the Installation

Click Next and wait for the installation to finish.

Once the installation is finished, set the local administrator password and save it. You could put it in a password manager, or you can put it in the Notes field of the VM.

Click on your VM and go to Summary. Double click here to save a note.




Rename the Server

Open the Start Menu and click the Settings icon.

Enter a name for your server

Choose Restart Now. Enter Other (planned) for the reason.





Installing the Domain Controller Services

Click Manage > Add Roles and Features

Click Next > Next > Next until you reach Server Roles. Check the boxes for:

  • Active Directory Domain Services
  • DNS Server
Click Add Features
Click Add Features

Ignore this message. You already set a static DHCP reservation for the server earlier.

Click Next > Next > Next > Next > Install. Wait for the installation to finish and click Close.





Take a Snapshot of the VM

In Proxmox, click on your Windows Server 2019 VM and go to Snapshots. Click Take Snapshot. Set the following values:

  • Name: WinServer2k19_PreDomain
  • Include RAM: yes
  • Description: Windows Server 2019 Active Directory Domain Services installed. Pre-domain-controller configuration.

Now, we can restore this snapshot any time if we want to roll back to a pre-domain install.





Configure Domain Services

Log back into the server as local administrator and wait for Server Manager to load. Click the alert icon.

Click Promote this server to a domain controller

Choose Add a new forest and specify a root domain name. I chose ad.lab as my domain name, but you can choose any other local TLD.

TLDs such as .com, .org, .net will work as a local domain, it just can't be the name of a registered public domain, as that will surely cause DNS issues.

Also, best not to use .local either, because that can interfere with multicast traffic

Click Next. Use the default options here.

Specify a restore password. You can use the local admin password r something different.

Ignore this. Click Next.

The NetBIOS name should not match the host name from before.

Click Next. The default options here are fine.

Click Next. Looks good. Click Install and wait for it to complete.

The server will automatically reboot. Be patient. It's going to take a while.





Add a Domain Administrator Account

Go the Start Menu. Search for Active Directory Users and Computers and open the app.

Add a new user
Fill out the properties
Set a password

Click on Users and choose Domain Admins

Click on Members > Add. Enter the username, click Check Names. Click OK > OK.

Log out of the local administrator account.





Add Some Users to the Lab

Log in as the domain administrator.

Go the Start Menu. Search for Active Directory Users and Computers and open the app.

Right click your domain. Choose New > User





John Doe

Set the account details
Set a password and password options




Jane Doe

Set the account details
Set a password and password options




Add a Group Policy Object to Disable Protections on Client Machines

Open the Start Menu and search for Group Policy

Expand your forest until you see your domain

Right-click your domain name and choose Create a GPO...

Click OK. Right-click on your new group policy object and click Edit…

Expand down into Computer Configuration > Policies > Administrative Templates > Windows Components

Click on Windows Defender Antivirus

Set it to Enabled and click OK

Click on Real-time Protection

Double-click Turn off real-time protection

Set it to Enabled and click OK

Now, go to Network > Network Connections > Windows Defender Firewall > Domain Profile

Double-click Windows Defender Firewall: Protect all network connections

Set it to Disabled and click OK

Right-click the group policy object

Turn on the Enforced option




Force Update the Group Policy Settings on the Domain Controller

Right-click the Start Menu and open Windows PowerShell (Admin)

Run this command





Windows 10 Enterprise Clients

Preparing a Template VM

General

OS

System

Hard Disk

CPU

Memory

Network

Drivers Disc

Add another CD/DVD drive to your VM and load the VirtIO drivers disc.

Don't start the VM yet!





Verify the Boot Order





Installation and Initial Setup

Choose your language and click Next.

Click Next. Accept the terms and conditions. Choose Custom: Install Windows Only.





Load the SCSI Driver

Choose Load Driver > OK

Click Browse and expand this disk

Go to vioscsi > 2k19 > amd64

Choose this driver

Click Next and wait for it to finish loading.





Load the Network Driver

Choose Load Driver > OK

Click Browse and expand this disk

Go to NetKVM> 2k19 > amd64

Choose this driver

Click Next and wait for it to finish loading.





Finish the Installation

Click Next and wait for the installation to finish.

Select your regional and language settings. Then, choose Domain join instead.

Enter Template and click Next.

Enter a password and set security questions. I recommend saving them somewhere. You can use the Notes field of the VM in Proxmox.

Turn off all the services.

Choose Not now for Cortana





Convert the VM to a Template

Shutdown the VM. Go to Proxmox and right-click the Windows 10 Enterprise VM. Then, choose Convert to template.

We will use this template any time we want to create a new Windows 10 Enterprise VM, rather than go through this build process every time.





Create the Domain Computers

In Proxmox, you can identify a template by its icon.

Example template

Right-click the template and choose clone

Use a full clone

Create one more clone

Use a full clone

Start up both VMs.





Joining the Computers to the Domain

I am only going to demonstrate this process on one of the VMs.

Log into one of the VMs using the template credentials we created earlier. Go to the Start Menu > Search This PC > Right-click > choose Properties.

Go to Advanced System Settings

Click on Computer Name

Click Change

Click More

Set the DNS suffix to match your domain forest. Uncheck the box.

Change the  computer name to anything you'd like

Choose Member of domain and set it to your domain forest

You will get a prompt. Enter the domain admin credentials.

Success!

Reboot the VM. You can now login to the computer as john.doe@ad.lab or jane.doe@ad.lab.

Repeat this process on the other Windows 10 Enterprise VM.





You Now Have a Small AD Forest

Congratulations! You now have a domain controller and two Windows 10 Enterprise clients joined to the domain controller.

If the VMs seem a little sluggish, you should probably increase the RAM on the VMs. Other than that, you are now ready for the next phase of your adventures.

I encourage you to do some research on some courses that demonstrate some common Active Directory attacks. The Cyber Mentor has a great ethical hacking course and part of this course covers Active Directory attacks.

REMEMBER: You enabled the DNS service on the Domain Controller. It is now the Start of Authority (SOA) for the ad.lab local domain.

If you are having trouble resolving computer hostnames to IP addresses, compare what is in DNS with what is in the pfSense DHCP pool.

  • Open the Start Menu and type DNS. Right-click and run as administrator.
  • Go to Forward Lookup Zones > Double-click local.domain
  • You should see the following A records
  • Make sure the IP addresses for your domain computers match their DHCP leases IP addresses in pfSense.




Next Step: Creating a Windows 7 Buffer Overflow VM

Creating a Windows 7 Buffer Overflow Practice VM in Proxmox
In this module, we will look at creating a vulnerable Windows 7 VM in Proxmox that will run some applications which are vulnerable to 32-bit stack-based buffer overflows

Spread the word

Keep reading