Adding an Active Directory Forest to Our VirtualBox Lab

In this module, we will cover the steps to set up a small Active Directory forest in VirtualBox, including a domain controller and two client computers

8 months ago   •   12 min read

By 0xBEN
Table of contents

This module is a part of a larger series of building a security lab in VirtualBox. Click here to be taken back to the series landing page.

Building a Security Lab in VirtualBox
In this post, we we will take a look at an in-detail process of setting up an entry-level cybersecurity lab using VirtualBox




Active Directory Lab Overview

Note: if you don't want your AD lab to have Internet access, modify the firewall rules. I will not be showing you how to do this.

This guide will only cover the following concepts:

  • Configuring pfSense
  • Configuring the Domain Controller
  • Joining clients to the domain

The Cyber Mentor has a great ethical hacking course and part of this course covers Active Directory attacks.

Note: Some attacks require Kali to be on the same LAN as the targets. To change Kali's network configurations, do the following:

  1. Stop the VM
  2. Go to VirtualBox settings for Kali VM
  3. Change the network adapter to be on the AD_LAB LAN
  4. Start Kali again




Getting the Windows ISO Files

We will be getting the ISO files from the Microsoft Evaluation Center. Most of the ISOs you encounter here will have a lifespan of 90 -- 180 days of usage. Some say that you can extend beyond the lifespan and the VMs will still function just fine

Windows Server 2019

  • Please select your experience: ISO
  • Fill out your information (uncheck the box for additional communications)
  • Select your language and click Download

Windows 10 Enterprise

  • Please select your experience: ISO - Enterprise
  • Fill out your information (uncheck the box for additional communications)
  • Select 64bit and Select your language and click Download

Windows 7

At the time of this writing, these official Microsoft mirrors are still alive. Not sure how long that will remain the case. I'd recommend you download the ISOs and store them away.

Windows 7 Ultimate (x64) ISO
Windows 7 Ultimate (x32) ISO
Windows 7 Professional (x64) ISO
Windows 7 Professional (x32) ISO





Staging the VMs

Windows Server 2019

Click the New VM button

2048 MB is the minimum. 4096 is preferred.

Choose VDI > Choose Dynamically Sized > Go with the default of 50 GB

Right-click on the VM and go to settings. Now, go to Storage.

Choose a disk file

Choose: 17763.737.190906-2324.rs5_release_svc_refresh_SERVER_EVAL_x64FRE_en-us_1.iso – or whatever your .iso file name is.

Choose Network settings

Put the VM on the AD Lab network

Save the settings. Don't start the VM yet!





Windows 10 Enterprise VM 1

Create a new VM

2048 MB is the minimum. 4096 MB is preferred.

Choose VDI > Choose Dynamically Sized > Go with the default of 50 GB

Right-click on the VM and go to settings. Now, go to Storage.

Choose a disk file

Choose: 19043.928.210409-1212.21h1_release_svc_refresh_CLIENTENTERPRISEEVAL_OEMRET_x64FRE_en-us.iso – or whatever your .iso file name is.

Choose Network settings

Put it on the AD Lab network

Save the settings. Don't start the VM yet!





Configuring pfSense

Give the Domain Controller a Static DHCP Address

Open the Windows Server 2019 VM’s settings in VirtualBox. Do not start the VM! Make a note of the VM’s MAC Address.

Login to pfSense and go to Services > DHCP Server

Choose AD_LAB and scroll down to the bottom. Click Add.

Fill out the fields with your VM's MAC address. Enter 10.80.80.2 as the IP address.

Click Save and Apply Changes.





Configure the DHCP Settings on AD_LAB

In pfSense go to Services > DHCP Server

Choose AD_LAB and fill out the fields as shown here:

Click Save and Apply Changes.





Install the Operating Systems

Windows Server 2019

Start the VM

Choose your language

Click Install Now

Choose Windows Server 2019 Standard Evaluation (Desktop Experience)

Click Next and accept the terms and conditions.

Click Next and wait for the installation to finish.

Press CTRL + ALT + DEL. Enter a local administrator password and save it to a password vault.





Rename the Server

Click the Start Menu and click Settings

Enter a name for your domain controller

Choose Restart Now. If a reason is required, choose Other (planned).





Installing the Domain Controller

Click Manage > Add Roles and Features

Click Next > Next > Next until you reach Server Roles. Check the following bokes:

  • Active Directory Domain Services
  • DNS Server (so we can resolve the domain controller by DNS name)
Click Add Features
Click Add Features
Ignore this message. We already set a static DHCP reservation. Click Continue.

Click Next > Next > Next > Next > Install. Wait for the install to finish and click Close.





Configure the Domain Services

Log back into the domain controller as the local administrator and wait for the Server Manager app to load.

Click Promote this server to a domain controller

Choose Add a new forest and specify a root domain name. I chose ad.lab as my domain name, but you can choose any other local TLD.

TLDs such as .com, .org, .net will work as a local domain. Also, best not to use .local either, because that can interfere with multicast traffic.

Click Next. The default options are fine. Specify a restore password. You can use the same password as the local admin or something different. It doesn’t matter. Click Next.

Ignore this message

Click Next and continue with the defaults.

Looks good. Click Install and wait for it to complete.

The server will automatically reboot.

This process will take a while. Be patient.




Adding a Domain Administrator Account

Go the Start Menu. Search for Active Directory Users and Computers and open the app.

Right click the domain name and click New > User
Fill out the fields with the user details
Set the password and password options
Click Users
Click Domain Admins
Enter the domain administrator username and click Check Names. Click OK > OK.
Sign out of the local administrator account




Add Some Users to the Lab

Log in as the new domain administrator.

Go the Start Menu. Search for Active Directory Users and Computers and open the app.

Right click your domain and choose New > User.





John Doe





Jane Doe





Add a Group Policy Object to Disable Protections on Client Machines

Open the Start Menu and search for Group Policy.

Expand your forest until you see your domain

Right-click your domain name and choose Create a GPO...

Click OK. Right-click on your new group policy object and click Edit…

Expand down into Computer Configuration > Policies > Administrative Templates > Windows Components

Click on Windows Defender Antivirus. Double-click Turn off Windows Defender Antivirus.

Set it to Enabled and click OK. Click on Real-time Protection.

Double-click Turn off real-time protection

Set it to Enabled and click OK. Now, go to Network > Network Connections > Windows Defender Firewall > Domain Profile.

Double-click Windows Defender Firewall: Protect all network connections

Set it to Disabled and click OK. Right-click the group policy object and set it to Enforced.





Force Update the Group Policy Settings on the Domain Controller

Right-click the Start Menu and open Windows PowerShell (Admin)

Run gpupdate /force





Windows 10 Enterprise VM 1

Power on the VM.

Choose your language and click Next

Choose Install Now and accept the terms and conditions. Choose Custom: Install Windows Only.

Click Next. Wait for the installation to finish.

Select your regional and language settings. Choose Domain join instead.

Enter the username Template, as this is going to be our template VM.

Enter a password and set security questions. Save the information in a password vault. Turn off all the services here.

Choose Not now for Cortana.





Windows 10 Enterprise VM 2

Right click the Windows 10 Enterprise Client 1 VM and choose Clone.

You can name yours whatever your want. The other options are most important.

Click Clone and wait for process to complete.





Joining the Computers to the Domain

I am only going to demonstrate this process on one of the VMs.

Follow along and repeat this process on any other clients you want to join to the domain.

Windows 10 Ent VM 1

Start up and login to Win10Ent1 using the template credentials. Go to the Start Menu > Search This PC > Right-click > choose Properties

Go to Advanced system settings
Click Computer Name
Click Change
Click More
Enter your local DNS suffix for your AD domain
Name your computer whatever you like
Enter your AD local domain
Enter the domain administrator credentials
Success!
You can now login as one of your domain users
Output from the whoami command




You Now Have a Small AD Forest

Congratulations! You now have a domain controller and two Windows 10 Enterprise clients joined to the domain controller.

If the VMs seem a little sluggish, you should probably increase the RAM on the VMs. Other than that, you are now ready for the next phase of your adventures.

I encourage you to do some research on some courses that demonstrate some common Active Directory attacks. The Cyber Mentor has a great ethical hacking course and part of this course covers Active Directory attacks.

REMEMBER! You enabled the DNS service on the Domain Controller. It is now the Start of Authority (SOA) for the ad.lab local domain. If you are having trouble resolving computer hostnames to IP addresses, compare what is in DNS with what is in the pfSense DHCP pool.

  • Open the Start Menu and type DNS. Right-click and run as administrator.
  • Go to Forward Lookup Zones > Double-click [local.domain] (in my case ad.lab)
  • You should see the following A records
  • Make sure the IP addresses for your domain computers match their DHCP leases IP addresses in pfSense.




Next Step: Troubleshooting Your Lab

Troubleshooting Your VirtualBox Lab
In this module, we will take a look at some common problems you may experience in your VirtualBox lab and how to begin fixing them.

Spread the word

Keep reading