Skip to content

Instantly share code, notes, and snippets.

@dmpe
Last active May 28, 2023 12:37
Show Gist options
  • Save dmpe/ec57cdd7c52352cb383d871599c93f11 to your computer and use it in GitHub Desktop.
Save dmpe/ec57cdd7c52352cb383d871599c93f11 to your computer and use it in GitHub Desktop.
Active Directory Lab on VMware Workstation (2 Servers)

Setup

  • VMware Workstation
  • 2 Windows Servers VM (Core - w/o GUI and one with GUI) - Networking NAT
  • Install Forest on the Core Server
Install-ADDSForest `
  -DomainName "wintest.local" `
  -CreateDnsDelegation:$false `
  -DatabasePath "C:\Windows\NTDS" `
  -DomainMode "7" `
  -ForestMode "7" `
  -InstallDns:$true `
  -LogPath "C:\Windows\NTDS" `
  -NoRebootOnCompletion:$True `
  -SysvolPath "C:\Windows\SYSVOL" `
  -Force:$true
  • Add local admin user to the different Admin Groups
Add-ADGroupMember -Identity "Domain Admins" -Members john
Add-ADGroupMember -Identity "Enterprise Admins" -Members john
Add-ADGroupMember -Identity "Administrators" -Members john
  • Reboot

  • If later needed, deactivate local firewall

netsh advfirewall set allprofiles state off
  • On the 2. VM, change DNS address to the IP address of the Core VM

  • Set also a proper name for Server

  • Join such server & Reboot

  • Enable gMSA on Core

New-ADGroup -Name "WebApp01 Authorized Hosts" -SamAccountName "WebApp01Hosts" -GroupScope DomainLocal
New-ADServiceAccount -Name "WebApp01" -DnsHostName "WebApp01.wintest.local" -ServicePrincipalNames "HOST/MYVM,HOST/myVM.wintest.local" -PrincipalsAllowedToRetrieveManagedPassword "WebApp01Hosts"

# Add your container hosts to the security group
Add-ADGroupMember -Identity "WebApp01Hosts" -Members "MYVM$"
  • Reboot non-Core Server again
  • Test
docker run --security-opt "credentialspec=file://wintest_webapp01.json" --hostname WebApp01 -it mcr.microsoft.com/windows/servercore:ltsc2022 powershell
nltest /sc_verify:contoso.com
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment