Introduction

This guide aims to help you setup a learning “lab” environment for Windows Server 2016 and Active Directory Domain Services from scratch presuming only basic knowledge of virtual machines, networking and OS installation.

By the end of this guide you will have:

• Windows Server 2016 installed in a VM
• pfSense installed in a VM to isolate your lab network
• Active Directory Domain Services, DHCP and other required services running
• A Windows 10 VM on the domain

Active Directory is a group of services used to manage groups of users and computers under a domain. For this guide I’ll be using the rather creative name of “fishy.corp” as the domain. A forest is a collection of domains and a domain will always be part of a forest even if it’s the only domain. The server running Active Directory will generally be referred to as the Domain Controller.

While it isn’t a requirement it’s a good idea to install the DHCP services along with active directory, so we’ll be doing that too.

Prerequisites

You will need:

• A computer with at least 8GB ram (16GB+ recommended)
• Windows Server 2016, Windows 10 and pfSense ISOs
• A Hypervisor of your choice (VirtualBox, ESXi, HyperV, XEN, KVM, bhyve etc)

Lab Network Setup

For your lab network you’ll want something separate from your main network as we’ll be setting up the DHCP services on Windows Server 2016. For this we’ll setup pfSense as a router and have it’s WAN connection receive a DHCP lease from your main network.

This is a quick video showing the creation, installation and setup of the pfSense VM I’ll be using in ESXi.

Once you have it installed make sure, like I did in the video, you turn off DHCP on the LAN interface by typing going to the option “2) Set interface(s) IP address”. You can also set the subnet here based on what IP you assign the interface (so in this screen shot, it’ll have a subnet of 192.168.64.0).

Install Windows Server 2016 and Setup Active Directory Domain Services

There is nothing special about installing Windows Server compared to Windows 7, 8.1 or 10. It’s very much the same deal but you’ll want to make sure you select the “Desktop Experience” option when presented with it.

After the install process completes, you’ve entered a password and logged in you may want to install VMware or VirtualBox tools if you’re using either hypervisor. Next we can set a static IP address for the server. I’m using 192.168.64.2.

We’re now ready to install the Active Directory Role. In the Server Manager, click “Manage” in the top right and then “Add Roles and Features”. Click “Next” a few times until you’re presented with this screen and tick these 3 options. When you tick these options you’ll get another popup box, simply click “Add Features”.

Click next though the following pages and then install. Once that is complete you’ll have an option to “Promote this server to a domain controller”. Click this.

In the window that pops up, click “Add a new forest” and type your Domain name in to the box and click Next.

Type in a password for the DSRM and click Next again for the following pages (unless you want to set something specific, the defaults are fine). Once you’re on the Prerequisites Check You’ll need to click Install. There will be a warning about the server automatically rebooting on this page too. After it’s finished it’ll automatically reboot Windows, this can take a while!

Once the server has booted, you’ll have a working Domain Controller! However it could use some DHCP goodness and a client windows computer.

DHCP Setup

The next step is configuring DHCP. In the Server Management dashboard click the yellow notification and then “Complete DHCP configuration”.

Click “Next”, “Commit”, “Close” and you’re done. Now go “Tools” and “DHCP”, expand the tree where the servers name is and right click on IPv4 and click “New Scope”.

Create a name for the scope then set a range for DHCP to use. I set this to 192.168.64.100-192.168.64.254. The subnet area should auto fill.

In the next window you can set a range for it NOT to use however I left this blank.

After that is the DHCP lease duration. The default of 8 days is fine for LAB use so L’ll be leaving it set to that. A situation where you would need a short lease time is if you have WiFi networks where many people are connecting different devices and the leases would get used up fast.

Keep clicking next and make sure “Yes, I want to configure these options now” is selected. The page after that is called “Router (Default Gateway)“, this is where we tell clients the IP address of the pfSense router. If you’re using the game address as i have been, set it to 192.168.64.1 and click add.

On the “Domain Name and DNS Services” page the first entry should be the Windows Server itself, followed by the pfSense router.

Click though the following pages and select “Yes, I want to activate this scope now“, then “Finish” and now we’re done. Working DHCP!

pfSense Setup Wizard

For this we’ll just go through the initial Setup Wizard and setup only what we need to. Open up the web browser and type in the LAN address of pfSense (192.168.64.1 in my case). You’ll be presented with a page saying “There is a problem with this website’s security certificate.“, Click on “Continue to this website (not recommended).” and login to pfSense with the default Username “admin” and Password “pfsense“.

In the wizard set a host name of your choice, enter your domain name (my example is fishy.corp). Leaving the DNS blank is fine as it’ll be set by DHCP on the WAN interface.

Select your time zone from the drop down list.

On the WAN and LAN configuration pages you can click next as they have been configured on pfSense directly. Set a password, click “reload” and you’re done!

Adding a Windows 10 Client to the domain and Creating the first User

Now that we have the network setup and Windows Server 2016 configured we can add a Windows 10 client to the domain. I won’t go through the setup process of installing Windows 10 so I’ll presume you have a standard install of Windows 10 Pro with a local account created on the same network.

Adding the computer to the domain is very simple. Open the control panel, view by small icons and click on “System“. Next, under “Computer name, domain, and workgroup settings” click “Change settings” and click “Change…” in the windows that pops up.

In the “Member of” section click domain and type in the first part of your domain (in my example, it’s “fishy”). Enter the administrator details for the server as it’s the only account with permission to add computers to Active Directory at the moment and click “OK“.

Windows 10 will need to reboot after joining the domain.

Back on Windows Server 2016 go to the Server Manager and go to “Tools” then “Active Directory Users and Computers“. Right click on the domain, go “New” and click “Organizational Unit“. Name it and go “OK“. Right click inside it and go “New” then “User“. Fill in some random information and pick a login name and password that you can remember.

On the Windows 10 Client click “Other user” in the bottom left of the screen and type in the new username and password you set in Server 2016. You may need to set a new password and then it will login and you’ll be able to use the computer!