BUILD IT & BREAK IT LAB
Configure Energetic Listing Area Companies and Automate Area Customers Creation with PowerShell
A website controller is a server chargeable for managing community entry, verifying consumer credentials, and implementing safety insurance policies. It consists of a number of key parts that allow operating the Home windows area atmosphere, resembling Energetic Listing, LDAP, DNS, Certificates Companies, Kerberos, Group Coverage, and Community Time Protocol (NTP).
Energetic Listing is a database that shops and manages details about community sources, together with customers, computer systems, and units. It permits directors to handle entry to those sources and implement safety insurance policies throughout the community.
Customers and sources are represented within the Energetic Listing as objects. Every object has a singular identifier referred to as a safety identifier (SID) and is related to a set of attributes that describe the article’s traits, resembling its title, handle, and safety permissions.
On this submit, we’ll configure the Energetic Listing providers on the server we arrange in Half 1 of this collection and learn to rapidly automate the method of making 200 area customers with PowerShell, representing a small enterprise group.
Let’s begin …
Energetic Listing Setup
We are going to begin putting in the Energetic Listing providers and create the forest root area referred to as “R3dbuck3t.org”. To start the setup course of, we click on on the “Add roles and options” choice within the server’s dashboard so as to add the AD position.
The distinction between roles and options is that the position refers back to the server’s perform on the community; like on this lab, the server will perform as a site controller with the Energetic Listing position. And options seek advice from the capabilities that include the position, resembling AD administration instruments, AD DS instruments, Group Coverage Administration, and so on.
Within the Setup Wizard, select the “Position-based or feature-based” set up choice for the reason that position is added bodily to the digital machine and never remotely by means of a Virtual Desktop Infrastructure (VDI).
Subsequent, choose the server from the Server Pool checklist; in our case, “DC01” and click on “Subsequent”.
Within the Server Roles part, examine the “Energetic Listing Area Companies” field and click on on “Add Options” to put in the extra capabilities that include the position.
For the “Options” and “AD DS” sections, we don’t want to alter something; simply click on “Subsequent” for each of them till the “Affirmation” part. Once you get there, click on on the “Set up” button to start the service set up.
After the set up is full, a brand new notification will present for the Submit-deployment Configuration to ask if we wish to promote the server to a site controller.
Click on on it to start out the Area Controller configuration, and choose “Add a brand new forest”; we’ll name the lab forest “R3dbuck3t.org”.
💡A forest is a giant container that holds all objects and configurations within the Energetic Listing construction ( ex: little one domains, customers, computer systems, teams, insurance policies, schemas, and so on.)
A forest additionally is taken into account a safety boundary, which means that objects in numerous Energetic Listing forests can not work together with one another until the belief is established between the specified forests.
Subsequent, we make sure the “Useful Forest degree” is on Home windows 2016, which is the best degree accessible, and select a password for the “Listing Companies Restore Mode (DSRM)”.
For the “DNS Choices”, we’ll go away the “Create DNS Delegation” field unchecked and click on “Subsequent”.
💡 The useful degree is the capabilities that Energetic Listing helps, and it additionally determines which Home windows Server working techniques you may run on area controllers within the forest. The Home windows 2016 useful degree helps operating Home windows 2022 on the DC.
💡 Listing Companies Restore Mode (DSRM) is a particular boot mode solely accessible on the area controller that enables the area directors to log into the area controller utilizing the DSRM password when the Energetic Listing fails. It’s the native administrator account for the area controller server.
The protected mode permits the DAs to entry the Energetic Listing database to revive or restore objects.
Confirm the NetBIOS area title is identical because the forest title; in our case, it’s“R3dbuck3t”. If all is nice, click on “Subsequent” to maneuver to the “Paths” part.
The trail places are for the Energetic Listing database (NTDS), the Log information, and the SYSVOL folder. It’s endorsed to not change the default paths in order that it gained’t break something later; we’ll preserve the default paths and click on “Subsequent.”
💡 NTDS is a database that shops Energetic Listing information, together with details about customers, computer systems, teams, and community useful resource objects.
💡 SYSVOL folder is positioned regionally on the area controller. It consists of public information, folders resembling Group Coverage Objects (GPOs), and scripts used to handle the area customers and computer systems within the forest.
Now that we’ve got configured all the pieces we want for the Energetic Listing, we are able to start the set up course of by clicking on “Set up” within the “Pre-requisite Examine” part. The method will take just a few seconds, and you will want to reboot the machine when it ends.
After the machine restarts, we are able to go to the server dashboard and examine the newly created area “r3dbuck3t.org”.
Now we’ve got put in Energetic Listing, take a snapshot of the present state earlier than including area customers.
We are able to add area customers both manually or utilizing a PowerShell script just like the CREATE_USERS.ps1 by JonCyberGuy to create a bulk of area customers.
We’re going to go over each the guide and automatic methods.
Methodology #1 Creating Area Customers Manually
So as to add a brand new area consumer, go to the Server Dashboard, click on on “Instruments” and “Energetic Listing Customers and Computer systems.”
Within the ADUC window, right-click on the area title “r3dbuck3t.org” and choose “New” -> “Person”
Subsequent, fill out the consumer info and create a password for it. Within the real-world instance, the “Person should change password at logon” field is left checked as it’s, so the consumer can change their very own password once they entry their account from their workstation for the primary time.
Nonetheless, I’ll uncheck the field for the lab and examine the “Password by no means expires” field to maintain issues straightforward to handle. It’s endorsed to maintain all of the lab passwords in a Password Supervisor or spreadsheet 🤯.
Methodology #2 Automating Area Customers Creation With PowerShell
The “Create Customers” PowerShell script that we’re going to use creates numerous area customers with a default password of “Password1”, then provides them to a brand new Organizational Unit referred to as “_Users”. The area customers are created based mostly on the checklist of names you present to the script. Within the GitHub report, Jon makes use of an inventory of 1000 customers within the names.txt file to create the area accounts.
For the dimensions of our lab, I’ll modify the script to create six (6) commonplace Organizational Items (Advertising, Finance, Operations, Human Assets, Authorized, and IT) and 200 area customers.
We are going to begin with downloading the zip file from the GitHub repo (hyperlink); earlier than extracting it, disable the Actual-Time Monitoring and set the PowerShell Execution Coverage to “Unrestricted.”
#Disable Actual-Time MonitoringSet-MpPreference -DisableRealtimeMonitoring $true -Verbose
#PowerShell Execution Coverage
Set-ExecutionPolicy -Unrestricted
Open the PowerShell script with a Notepad or PowerShell Home windows ISE as Administrator. Then, for the $USER_FIRST_LAST_LIST variable, move the file title for the consumer’s checklist. For instance, I’ve divided my 200 area customers into completely different information based mostly on the Organizational Items going to create for every of them.
I began with the Advertising division, handed the $USER_FIRST_LAST_LIST variable the marking customers’ checklist, changed the New-ADOrganizationalUnit from _Users to Advertising to create the Advertising OU, and altered the -Path the place customers are going to be added to the ou=Advertising.
After the modification, save the script and run it. It’ll create the area customers and add them to the required OU.
Undergo the method of making extra OUs if you would like on your lab and add customers to them; I’ve already created the six(6) OUs and added the 200 area customers.
After operating the script, return to ADUC window, the place you will notice all of the newly created OUs and area customers.
Now that we’ve got sufficient customers, I’ll decide one within the IT OU to be the area Admin; I’ll in all probability add two (2) extra admins later after we want them for the assault situations.
🚩 I didn’t go over the naming schema for area objects to maintain this submit brief; I might need a separate submit sooner or later about it.
To assign a Person to a bunch like “Area Admins”, choose the specified consumer like “Kcrist”, right-click on their title, and choose “Properties”.
Go to the “Member of” tab, click on on “Add”, then sort the title of the specified group within the “Enter the article names” field. Since we’re including the consumer to the “Area Admins” group, we’ll sort “Area Admins”, click on “Examine Names” to make sure the title you entered exists, then click on on Okay to finish the method.
When the consumer is added to a brand new group, it is going to be seen within the “Member of” checklist.
With this, we conclude Half 2 of the Energetic Listing Lab. Immediately, we went over establishing the Energetic Listing Area Companies and automatic creating bigger numbers of area customers with a PowerShell Script.
Within the subsequent submit, we’ll cowl establishing the DNS and DHCP providers to permit area purchasers to assign dynamic IPs from the DHCP pool.
Thanks for studying!!!
Take a look at the Energetic Listing Pentesting Methodology at R3dbuck3t Notion
