This lab shows how to install, configure, and secure a Windows Server 2022 instance with Active Directory Domain Services (AD DS). It was built using QEMU and Virt-Manager on a Linux host machine. I completed all steps manually to mimic a real-world environment. Screenshots and configuration samples are included for verification and documentation.
- Overview
- System Requirements
- Installation Guide
- Domain Setup and Promotion
- Active Directory Configuration
- Security Hardening
- Key PowerShell Commands
- Screenshots
- Skills Demonstrated
- Directory Structure
- Credits and Context
This project outlines the entire process of setting up a Windows Server 2022 virtual machine as a domain controller. It simulates a real-world Active Directory environment and includes important security steps for junior system administrators and entry-level cybersecurity professionals.
- Host OS: Pop!_OS 22.04 LTS
- Virtualization stack: QEMU/KVM with Virt-Manager
- Guest OS: Windows Server 2022 Evaluation
- Minimum VM specs: 2 vCPUs, 4 GB RAM, 60 GB storage
- Launch
virt-managerand create a new VM using the Windows Server 2022 ISO. - Manually partition the virtual disk:
- Primary Partition: 50 GB for
C:\(NTFS) - Recovery/System Reserved: Auto-generated by installer
- Screenshot:
screenshots/01_partition_layout.png
- Primary Partition: 50 GB for
- Proceed with standard installation steps.
- Create an administrative account.
- Screenshot:
screenshots/02_curtin_install_log.png - Reboot and complete out-of-box experience.
-
Set hostname:
- Screenshot:
screenshots/07_hostname_set.png
- Screenshot:
-
Assign static IP:
- Screenshot:
screenshots/08_static_ip_config.png
- Screenshot:
-
Install Active Directory Domain Services:
Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools
-
Promote the server to a Domain Controller:
- Used Server Manager to configure domain promotion
- Domain Name: lab.local
- Forest and Domain Functional Level: Windows Server 2022
- DNS and Global Catalog selected
- Screenshot: screenshots/10_domain_promotion.png
-
Verify domain configuration: Run the following PowerShell commands to confirm setup: Get-ADDomain Get-ADForest
- Screenshot: screenshots/11_get_addomain.png
- Screenshot: screenshots/12_get_adforest.png
-
Create top-level OU structure:
- OUs created:
- DomainUsers
- DomainAdmins
- Workstations
- Screenshot: screenshots/13_create_ou_structure.png
- OUs created:
-
Create a test user in DomainUsers:
- Username: testuser
- Assigned to DomainUsers OU
- Screenshot: screenshots/14_create_test_user.png
-
Disable Guest account:
- Screenshot: screenshots/15_hardening_disable_guest_account.png
-
Enable all Windows Firewall profiles:
- Screenshot: screenshots/16_hardening_enable_windows_firewall_profiles.png
-
Set a strong Administrator password:
- Password met complexity and length requirements
- Screenshot: screenshots/17_hardening_set_strong_password.png
-
Rename default Administrator account:
- New name: SysAdmin
- Screenshot: screenshots/18_hardening_rename_admin.png
-
Configure password policy via local security settings:
- File: secconfig.cfg
- Values confirmed: MinimumPasswordAge = 1 MaximumPasswordAge = 30 MinimumPasswordLength = 14 PasswordComplexity = 1 PasswordHistorySize = 5
- Screenshot: screenshots/19_hardening_password_policy.png
Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools
Install-ADDSForest -DomainName "lab.local" -DomainNetbiosName "LAB"
Get-ADDomain
Get-ADForest
New-ADOrganizationalUnit -Name "DomainUsers" -Path "DC=lab,DC=local"
New-ADOrganizationalUnit -Name "DomainAdmins" -Path "DC=lab,DC=local"
New-ADOrganizationalUnit -Name "Workstations" -Path "DC=lab,DC=local"
New-ADUser -Name "testuser" -GivenName "Test" -Surname "User" -SamAccountName "testuser" -AccountPassword (ConvertTo-SecureString "P@ssw0rd123" -AsPlainText -Force) -Enabled $true -Path "OU=DomainUsers,DC=lab,DC=local"
01_download_windows_server2022.png 02_vm_setup01.png 02_vm_setup02.png 02_vm_setup03.png 02_vm_setup04.png 02_vm_setup05.png 02_vm_setup06.png 03_start_install.png 04_select_edition.png 05_disk_layout.png 06_first_login.png 07_hostname_set.png 08_static_ip_config.png 09_add_ad_ds_role.png 10_domain_promotion.png 11_get_addomain.png 12_get_adforest.png 13_create_ou_structure.png 14_create_test_user.png 15_hardening_disable_guest_account.png 16_hardening_enable_windows_firewall_profiles.png 17_hardening_set_strong_password.png 18_hardening_rename_admin.png 19_hardening_password_policy.png
This lab exercise shows the following practical sysadmin and blue team skills:
- Manual Windows Server installation and configuration
- Custom virtual machine setup using QEMU and Virt-Manager
- Hostname configuration and static IP assignment
- Installing Windows features through PowerShell
- Promoting a Domain Controller and setting up an Active Directory Forest
- Planning Organizational Units (OUs) and creating their structure
- Creating secure user accounts and enforcing credential policies
- Managing guest accounts and firewall profiles
- Hardening local accounts with password policies and renaming administrators
- Exporting and reviewing local security policy settings
- Documenting with screenshots and ensuring lab reproducibility
Charlesx0101 Focused on security, infrastructure, and clean system design.