Setting Up Active Directory Server

First, a virtual machine was created, running Windows Server with light compute components for demonstration only.

Next step was to connect to the server to set up and install the Active Directory. First, Bastion was also added to the subnet to allow ease of access through Azure. Then a connection was established.

Next, the "Add roles and features" was selected, and setup was performed.

The Active Directory Domain Services (AD DS) was selected in the "server roles" section.

The menu is then closed, at the top right corner

you can see there is a flag with an alert. This flag is then selected to "Promote this server to a domain controller"

This then brings up a new pop-up for more setup. Here, the root domain name is added after selecting "Add a new forest." The rest of the setup is completed, then finally installed.

After the installation, a restart was required. Once signed back in, approximately 2 minutes passed on the loading screen of "Waiting for Group Policy Client."

Once signed in, at the top right corner of the Server Manager, "Tools" is selected, then "Active Directory Users and Computers" is selected. A menu will pop up with the directory name entered for the root domain.

The domain "cybercorks.com" is then right-clicked, pulling up a small menu. Click New > Organizational Unit > then name it something, such as ADuser.

The new unit is made, which is also right-clicked > New > User, then named, in this case, Samuel C.

Next, review some information as well as possible policies that can be enabled.

In this case, only the change password at sign-in was enabled. This will be used to show the policy in effect.

Now, with this setup, Group Policy management is necessary to ensure good practices with clients on the network.

Computer Configuration > Policies > Windows Settings > Security Settings > Account Policies > Password Policy.

Only the minimum password length is modified in this policy.

Next, a client Virtual Machine (VM) needs to be created and set up to join the network and point to the Domain Controller.

With the new VM signed up and under the same virtual network as the Domain Controller, the DNS needs to be pointed to the Domain Controller for them to be connected.

To do this, the new VM networking settings must be navigated in Azure to find the network interface location. Once on the network interface, the DNS may be chosen. We set a custom DNS IP to be that of the Domain Controller.

An issue occurred, as the domain was not joined before trying to join with the new user account. It had blocked the user from being able to join. Therefore, it had to either change the settings for changing the password at sign-in or sign in with the administrator of the domain controller. For this test lab, the domain controller admin credentials were used to get to the next step.

This had to be done in the computer settings due to restrictions with the user account setup.

The computer was then reset after joining the Active Directory.

This resulted in a pop-up to reset the password as set by the original settings for the account setup. After the reset, the PC was signed in again as SamuelC with the new password successfully.