Please enable JavaScript.
Coggle requires JavaScript to display documents.
Domain, DC (DHCP, Internet
NIC(INTERNET), NIC(INTERNAL)
internal Netwrok…
Domain
OU0
-
-
OU1
Users, Group, Workstation
DC
-
-
NIC(INTERNAL)
internal Netwrok:intnet
Network Configs
- NetworkConnection > Properties > Ipv4 DNS > Localhost
-
-
Network Configs
- CP > Network&Internet > NetworkConnection
-
-
Group Policies Applied to Users, Groups or Organized units
-
-
-
-
-
-
-
Essentially, everything being managed (users, printers, servers etc.) is considered to be an object within the AD store and has associated attributes (following the fundamental LDAP protocol model).
user object will have attributes such as first and middle name. The power of the logical layer comes from the ability to organize objects into hierarchies and groups, and to allocate classes or types.
-
Order
- setup network adapters and network configs
- Install AD DC (Server Roles)
- Promote The server into DC
create new forest (domain name)
- Create Domain Admin Account
Create OU (Start >Windows Administrative Tools > Active Directory Users and Computers)(_ADMINS)
Create User of _ADMINS OU
make it member of the Domain Admins(User < properties > Member of > Add > Domain Admins )
relogon with created domain admin
- Install and configure RAS/NAT
Install RAS (Server Manager > Add roles and features > click next until you reach “Select server roles” and tick “Remote Access”. > Click next until you reach “Select role services”, tick “Routing” and add the feature , now continue through the rest of the installation. )
Server manager > Tools > Routing and Remote Access.
Enable RAS on DC (DOMAINCONTROLLER and click “Configure and Enable Routing and Remote Access” > NAT > “Use this public interface to connect to the Internet:” > and select/highlight the “Internet” interface then click next and complete the configuration. )
- Install and Configure DHCP
INstall DHCP server (Server Manager < add riles and features < DHCP Server <
Configure DHCP Server (Server Manager > Tools > DHCP > Right click IPv4 > New Scope… > Name:172.16.0.1:200 / range 100-200 / Router address used by clients 172.16.0.1 )
- Enable Browsing and Download PowerShell Scripts
Server Manager > Configure this local server > Turn “IE Enhanced Security Configuration” Off.
Download powershell scripts (https://github.com/joshmadakor1/AD_PS/archive/master.zip)
create set of users examples with script
- After Clinet Node initial Config
- Check for client
(Domain Controller > Server Manager > Tools > DHCP > IPv4 > Scope > Address Leases and check whether your client lease is showing up.)
(Active Directory Users and Computers > mydomain.com > Computers)
Node Configs
- Setup network configs and connection
- Tests
ping Google
ping our Domain Controller.
- seup computer name/domain
(menu > System > Scroll down and click “Rename this PC (advanced)” > Client1/Memeber of DC Domain Name)
- After Checking our computer is listed and part of the AD
- login with other users that we created before in the AD DC
whoami > As you can see the user is a part of the “mydomain” domain
-
Ldap Configs
Administration » Settings > Advanced < Sucurity > Ldap Settings > Ldqp Connections > A list of all configured connections > Create new Connection
-
-
Kerberos Authentication
- Client > authentication server (AS).
When a client wants to verify himself to the KDC, he first connects with the AS. He presents to the AS his User ID, and requests a ticket to the targeted server. This request is partially encrypted with his password’s secret key (so that a plain password won’t be sent over an insecure network). The AS uses the client’s password to decrypt his request. This is how the AS verifies the user.
After verifying the client, the AS sends the client a Ticket Granting Ticket (TGT). The TGT is encrypted with a different secret key.
- Ticket Granting Server (TGS).
After the client gets the TGT, he sends it to the TGS along with his request to access the target server. When the TGS receives the TGT, it decrypts it with a secret key that he shares with the AS. The TGS issues a token for the client, that it encrypts with another key. This third key is shared between the TGS and the targeted server.
- Client > Target Server
Finally, the client sends the token to the client-server. The targeted server will decrypt the token with the TGS shared key. Now the client can use the targeted server for a limited time (which is set by the token).
