A beginner-friendly home lab that teaches the fundamentals of Active Directory by building a real Windows Server Domain Controller, configuring DNS + routing, deploying DHCP, creating users/OUs with PowerShell, and joining a Windows 10 client to the domain.
VirtualBox • Server 2019 ISO • Windows 10 ISO
⬇️ Download Repo (ZIP) • ⬇️ Direct Download (Codeload)
- What this lab is
- What you’ll learn
- Tools & environments
- Lab overview
- Network layout (simple diagram)
- Step-by-step walkthrough
- 1) Downloads
- 2) Create the Server VM
- 3) Configure networking (NAT + Internal)
- 4) Install Windows Server 2019 (Desktop Experience)
- 5) Install VirtualBox Guest Additions
- 6) Assign a static IP to the Domain Controller
- 7) Install AD DS and promote to Domain Controller
- 8) Create OU and user, then add to Domain Admins
- 9) Configure RRAS (NAT)
- 10) Install DHCP + Create a Scope
- 11) Create bulk users with PowerShell
- 12) Create the Windows 10 Client VM
- 13) Join the Client to the Domain
- Scripts (click to view)
- Project structure
- Troubleshooting
- Roadmap / Next steps
- Disclaimer
This project simulates a real business network using VirtualBox:
- A Windows Server 2019 VM becomes the Domain Controller (DC)
- The DC provides Active Directory Domain Services (AD DS) and DNS
- The DC uses two network adapters:
- Adapter 1 (NAT): internet access for the server
- Adapter 2 (Internal Network): isolated lab network for domain traffic
- A Windows 10 VM is created and joined to the domain
- What a Domain Controller is and why organizations use it
- How DNS enables domain authentication and service discovery
- How to create OUs, users, and admin groups
- How RRAS (NAT) routes internal traffic to the internet
- How DHCP assigns IP addresses automatically to clients
- How to run beginner-friendly PowerShell scripts to bulk-create users
- PowerShell (used for bulk user creation)
- Windows Server 2019
- Windows 10 (21H2)
- Oracle VirtualBox
You’re building a “mini company network” on your computer:
- Create a Server VM
- Install Windows Server
- Assign a static IP on the internal network
- Install AD DS and promote to a Domain Controller
- Create OUs + users (manual + PowerShell)
- Configure RRAS/NAT
- Install DHCP and create a scope
- Create a Windows 10 client and join it to the domain
Why two adapters? NAT gives internet. Internal Network keeps the lab isolated and realistic.
(Internet)
|
[NAT Adapter]
|
+---------------------------+ | Windows Server 2019 DC | | AD DS + DNS + RRAS + DHCP| | Internal IP: 172.16.0.1 | +---------------------------+ | [Internal Network] | +---------------------------+ | Windows 10 Client | | Gets IP from DHCP scope | | Joins mydomain.com | +---------------------------+
Create a new VM for Windows Server 2019.
Tip: RAM and CPU can be increased based on your computer’s resources.
- Adapter 1: NAT (internet access)
- Adapter 2: Internal Network (private lab network)
Start the VM:
Mount the Server 2019 ISO:
✅ Important: Select Desktop Experience (GUI).
Choose Custom: Install Windows only (Advanced):
After restart: don’t press keys—let it boot into Windows.
Set the local Administrator password:
Send Ctrl+Alt+Del via VirtualBox:
Log in:
Devices → Insert Guest Additions CD Image:
Open This PC → CD Drive (D) VirtualBox Guest Additions:
Run the amd64 installer, then reboot the VM:
Open network settings → Change adapter options:
Rename adapters:
- Ethernet (NAT) → Internet
- Ethernet (Internal) → X_Internal_X
Set IPv4 on X_Internal_X:
Example lab settings:
- IP: 172.16.0.1
- Subnet: 255.255.255.0
- DNS: 127.0.0.1
Server Manager → Add roles and features:
Select Active Directory Domain Services:
Server Manager flag → Promote this server to a domain controller:
Create a new forest (example mydomain.com):
Set DSRM password and install:
Login format becomes DOMAIN\Administrator:
- Create OU and user, then add to Domain Admins
Open Active Directory Users and Computers:
Create OU _ADMINS:
Create user inside _ADMINS:
Example naming:
a-firstinitiallastname (example: a-paraujo)
Set password options:
Add to Domain Admins:
Sign out and log in as the new domain user:
Server Manager → Add roles → Remote Access:
Select Routing:
Tools → Routing and Remote Access:
Configure and enable:
Choose NAT:
Select Use this public interface to connect to the Internet → choose Internet → Next
If the box is grayed out, close the wizard and repeat the RRAS steps.
Green arrow confirms RRAS is running:
Server Manager → Add roles → DHCP Server → Install.
Tools → DHCP → create scope under IPv4.
Right click IPv4 → New Scope:
Example scope name:
Example scope range:
- Start: 172.16.0.100
- End: 172.16.0.200
- Mask: 255.255.255.0
Lease duration explanation:
Router (Default Gateway): 172.16.0.1 → click Add → Finish.
Then Authorize the DHCP server and Refresh.
Download the repo ZIP:
Open the extracted folder and edit names.txt (add first + last names), then save:
Run PowerShell ISE as Administrator:
Open 1_CREATE_USERS.ps1:
For lab use only (don’t do this on a real production machine):
powershell
Set-ExecutionPolicy Unrestricted
Change directory to your extracted script folder (example): cd C:\Users<your-username>\Desktop\AD_PS-master
Run the script:
Verify _USERS OU is created and populated:
Create a new VM named Client 1 (Windows 10 64-bit):
Set network to Internal Network:
Mount Windows 10 ISO (not Server ISO):
Install steps:
Offline setup:
Open System settings:
Rename this PC (advanced):
Change → rename Client 1 and join your domain (example mydomain.com):
When prompted, sign in with a domain user created earlier.
In this lab script, the password is set to
Password1for learning purposes.
While restarting, verify the DHCP lease (Scope → Address Leases):
Log in to the client using Other user and your domain credentials:
Success:
⚠️ If this README is inside theactive-directory-lab-scriptsfolder, keep these links as-is. If your README is at the repo root, update the links to:./active-directory-lab-scripts/scripts/
- Scripts folder: Open here
- Example script: Create Users
Tip: You can open any
.ps1file on GitHub and click Raw to download it.
ActiveDirectoryLab/ ├── active-directory-lab-scripts/ │ ├── scripts/ │ ├── data/ │ └── docs/ └── README.md
1) Client can’t find the domain
- Confirm Client NIC is Internal Network
- Confirm Client DNS points to 172.16.0.1
- Confirm DC internal adapter is set to 172.16.0.1/24
2) Client gets no IP
- Confirm DHCP server is Authorized
- Confirm scope is Active
- Confirm client is on the same internal network
3) No internet
- DC Adapter 1 must be NAT
- RRAS must be configured with Internet as the public interface
- Add OUs:
_WORKSTATIONS,_SERVERS - Add basic GPOs (password policy, mapped drive, wallpaper)
- Add file server share + NTFS permissions
- Add CSV-based user provisioning with PowerShell
- Add a simple diagram image (draw.io) to replace the ASCII diagram
This lab is for learning/testing in a controlled environment. Do not expose these VMs directly to the public internet.