Skip to main content

Active Directory Server

We have another chicken and egg problem. We need to build a server to host ADDS. We also need a Server 2019 Base VM. We are going to attempt to do both. Cloning is not yet an option because we don't have vcenter installed. The plan will be to fully build, update and sysprep a windows server. We will take a syprepped and powered off snapshot called Base and later extract that snapshot as a reusable standalone Base VM using PowerCLI.

Go ahead and follow Server 2019 Base VM Instructions and we will pick up here after you are done.

Example Server Configuration

  • hostname: dc1

  • domain name: range.local

  • static IP: 192.168.1.230

  • Install Active Directory Domain Services

  • Promote the Server to DC in a new Forest

  • After Reboot, Login as DA and

  • Install Active Directory Certificate Services

    • Create an Enterprise Root CA (this will be needed for ldaps integration with vcenter later)

  • enable RDP

DNS Records

  • Create A and PTR records for

  • your esxi boxes

  • your future vcenter box

  • your NAS

    image-20221209114420621

OUs and Groups

To get started, create an OU structure with a few default security groups that allows us to differentiate from the default domain OUs. Here's an example. We will populate users as we go on.

image-20221215172040679

Users

OpenRange uses vsphere roles as well as active directory security groups to restrict access to student virtual machine and network folders. For this reason, a realistic set of domain users should be created. For purposes of the reference architecture, The following users will be created.

  • albus.dumbledore-adm(member of the vcenter-administrators group)
  • severus.snape (range-instructors OU and a member of the instructors group)
  • minerva.mcgonagall (range-instructors OU and a member of the instructors group)
  • hermione.granger (member of the range-users OU and students group)
  • ronald.weasely (member of the range-users OU and students group)
  • draco.malfoy (member of the range-users OU and students group)

Groups

  • instructors

  • users (range participants, trainees, students)

  • vsphere-users (contains the instructors and users groups), this is used for course level ACLs to things like the COURSE-WAN

  • vcenter-administrators