# Domain Controller Setup
## VM Setup
1. General
2. OS (including VirtIO)
3. System
4. Disks
5. CPU
6. [Memory](https://youtu.be/mdBVJbzkoqo?si=nsa09rkJXtXf0wtW&t=44)
7. Network
Before I even start this up I am going to convert this to a template and then work on a clone instead (**Future Tushar: Do NOT do this just yet, maybe wait till you're done with the next section and also disabling the Windows Licensing Monitoring service bastard thing, then create a clone 🤬**).
## Install
1. Language, Timezone/Region, Keyboard
2. OS Type
3. The thing we all say we read but never read.
4. Custom install
5. This is where we load the necessary drivers from VirtIO. And we have to load them 1 by 1. Amazing *(Sarcastic)*.
- Ballooning memory driver
- NIC Driver
- SCSI Driver
- I am not too sure about the compatibility of this last driver, but it hasn't posed problems so far
6. We wait for this installation to complete
7. Set a password for the local administrator account (don't get too attached to this account - it doesn't make it to the end of the movie.)
8. Log in
## Network Interface Configuration - 0xBEN & DerronC
1. Click the network interface
- Network & Internet Settings
- Change Adapter Options
2. Ethernet > Properties
3. Disable IPv6, then double-click on IPv4
4. Use the following settings
- Recall that in the VLAN zone we are in (tag 999), and that the Network address for this zone is 192.168.99.0/24
- Set a static IP Address: 192.168.99.2
- Set the network mask
- Set the default gateway to be the IP address of pfSense within this network: 192.168.99.1
- Set the preferred DNS server to the address of this machine, we can also use the loopback address 127.0.0.1
> - For the DNS servers, the following will happen:
- First, check with the DNS server running on the domain controller (we will install this a bit later)
- If the DNS server doesn't know the answer, it will forward the DNS query to the default gateway and pfSense will resolve it
5. Say yes to this:
## Optional Steps - 0xBEN
6. (Optional) Rename the machine
- I later renamed the machine again because DomainController1 was simply too long. It is now DC01
7. Restart now > Other(Unplanned)
8. Take a snapshot of the server before we promote it to a DC - Is this necessary? No. Will it potentially make your life a hell of a lot easier in the future? Absolutely!
- Taking snapshots is a great habit.
- Snapshot management is a good skill to have.
### Bloody Windows Server Keeps Shutting Down
Sometimes, we end up running into issues only after the whole install has been done - the benefit of keeping notes like this is that I can come back and put this section in here before the rest of the page as if I haven't already gone through the rest of the steps and am troubleshooting this issue in the middle of actually trying to practice attacking this damn AD set.
So it turns out that due to not entering a license key and having it as a standard evaluation, the server will constantly initiate shut down
Stop this unecessay behaviour - something to do before creating a template next time.
Get network connectivity (I do this by adding a NIC and giving it access to the internet)
Download and unzip PStools
psexec.exe -L -s cmd
Since the other above two commands are meant to allow us access to the local administrator's rights, we potentially don't have to do them if we haven't promoted the machine to Domain Controller. Hence, I am putting these notes here.
Well this exited with error code 1073741502 - and yay, that means I don't have enough permission
Phenomenal - this means I need to solve this issue in less than savoury ways...
And somehow, when I restarted the machine it seemed to work.
## Active Directory Domain Services - 0xBEN
### Install
1. Manage > Add Roles and Features
2. Installation Type: Role-based or feature-based installation
3. Server Selection
4. Server Roles
5. Features > Use defaults
6. AD DS > click next
7. Confirmation > Install
### Promote to Domain Controller - 0xBen & DerronC
1. Promote
2. Deployment Configuration
3. Domain Controller Options
4. DNS Options - we can ignore this and click Next
5. Additional Options: NetBIOS verification - Accept default and click next
6. Paths - Accept default
7. Review options - Next
8. Prerequisite Checks -> Install
9. You will be signed out as the Server is restarted
- And the local Administrator account has been shifted to a domain admin role.
- Local accounts will not be able to sign in anymore
## Configure GPO to stop Automatic Updates - DerronC
1. Tools > Group Policy Management
2. Forest:oscp.lab > Domains > oscp.lab - right-click, create a GPO...
3. Name it
4. Edit policy (right-click policy and select 'Edit')
5. Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Update
6. Double-click Configure Automatic Updates
7. Disable
## Configure GPO to Disable Real-Time (Bypassing Antivirus is not within scope of OSCP, but within scope of OSCE) - DerronC
1. Computer Configuration > Policies > Administrative Templates > Windows Components > Microsoft Defender Antivirus (Previously Windows Defender Antivirus) > Real-Time Protection
2. Enable "Turn off real-time protection"
## Configure Active Directory Certificate Services - 0xBEN
> Active Directory Certificate Services will be installed to enable LDAPS.
### Installation
1. Manage > Add Roles and Features
2. Installation Type: Role-based or feature-based installation
3. Server Selection
4. Active Directory Certificate Services
5. AD CS > Next
6. Role Services: Certificate Authority
7. Confirmation: Restart automatically if required, then Install
### Post-Deployment Configuration
1. Click the alert and select the option
2. Credentials > next
3. Role Services
- Select Certificate Authority
- Next
4. Setup Type: Enterprise CA
5. CA Type - Default
6. Private Key - Default
7. Cryptography - Default
8. CA Name - Default
9. Validity period - Default
10. Certificate Database - Default
11. Confirmation - Configure
12. Complete
## Configure DNS Forwarders - 0xBEN
> The DNS server running on the domain controller will act as a resolver for the ad.lab domain (or whichever local domain you chose). We need a forwarder for any DNS query for which the DNS server does not know the answer.
>>
> We can use the pfSense default gateway as a downstream DNS server that the domain controller can pass queries to for any unknown hostnames.
1. Look for DNS in Start Menu
2. Edit Forwarders
3. Input Local IP address of pfSense
- It won't be able to resolve, but that's okay
## Add and Configure DHCP Server - 0xBEN
### Installation
1. Manage > Add Roles and Features
2. Installation Type: Role-based or feature-based installation
3. Server Selection
4. Server Roles: DHCP Server
5. Features - Default
6. DHCP Server - Next
7. Confirmation - Install
### Post-Install Configuration
1. Complete DHCP Configuration
2. Description
3. Authorisation
4. Commit
5. Summary
6. Start Menu > DHCP
7. IPv4 > New Scope
8. Start WIzard, Next, Name Scope
9. Provide Scope parameters
10. Set Lease Duration for 1 year
11. Yes, Configure Now
12. Add default gateway address (pfSense)
13. Domain Name and DNS Servers - Default
14. WINS Servers - none present so just click next
15. Yes, I want to activate this scope now
Sign in with Wallet
Connect another wallet