What is DNS
DNS is the backbone of your internet navigation ! Each website you gain access to via your favorite browser has an IP address, which is the address of the web sever hosting that website. Now, what if you had to memorize every website's IP address in order to access it ? That's where DNS comes in. DNS which stands for "Domain Name System", it is the hierarchical and decentralized naming system used to identify computers, services, and other resources reachable through the Internet or other Internet Protocol networks. In our previous example, what DNS does is provide a way to map names (a website you're seeking) to numbers (the address of the website), but how does that work exactly ?
How does DNS work ?
The information mapping a server's IP and it's corresponding domain name is stored in something we call a nameserver, which is a file that stores DNS records that says “this domain” maps to “this IP address”. Nameservers are distributed all around the world and instead of storing every domain name ever, they only store the locations of the top level domains (TLDs).
DNS Hierarchy
DNS uses a hierarchy to manage its distributed database system. The DNS hierarchy, also called the domain name space, is an inverted tree structure.
The DNS tree has a single domain at the top of the structure called the root domain. A period or dot (.) is the designation for the root domain. Below the root domain are the top-level domains that divide the DNS hierarchy into segments.
Listed below are the top-level DNS domains and the types of organizations that use them. Below the top-level domains, the domain name space is further divided into subdomains representing individual organizations.
Domains and Subdomains
A domain is a label of the DNS tree. Each node on the DNS tree represents a domain. Domains under the top-level domains represent individual organizations or entities. These domains can be further divided into subdomains to ease administration of an organization's host computers.
For example, "Company A" creates a domain called "companya.com" under the .com top-level domain. Company A has separate LANs for its locations in Chicago, Washington, and Providence. Therefore, the network administrator for Company A decides to create a separate subdomain for each division, as shown in Domains and Subdomains .
Any domain in a subtree is considered part of all domains above it. Therefore, chicago.companya.com is part of the companya.com domain, and both are part of the .com domain.
Domain Names
The domain name represents an entity's position within the structure of the DNS hierarchy. A domain name is simply a list of all domains in the path from the local domain to the root. Each label in the domain name is delimited by a period. For example, the domain name for the Providence domain within Company A is providence.companya.com, as shown in Domains and Subdomains and the list above.
Note that the domain names in the figure end in a period, representing the root domain. Domain names that end in a period for root are called fully qualified domain names (FQDNs).
Each computer that uses DNS is given a DNS hostname that represents the computer's position within the DNS hierarchy. Therefore, the hostname for host1 in Figure 2 is host1.washington.companya.com.
TLDs are the two or three character extensions like ".com" at the end of a domain name. Each TLD has its own set of nameservers that store the information for who is authoritative for storing the DNS records for that domain. The authoritative nameserver is typically the DNS provider or the DNS registrar (like GoDaddy that offers both DNS registration and hosting). And here, we can find the DNS record that maps example.com to the IP 127.66.122.88.
DNS queries
Let's suppose you have a computer and a printer connected to your domain which is called yourDomain.com, and your computer’s and your printer's addresses are yourComputer.yourDomain.com and yourPrinter.yourDomain.com respectively.
When you want to print something from your computer, which has something installed in it by default called a DNS client, you send what we call a DNS query to your server yourDomain.com. which has a DNS service with a nameserver that will resolve incoming DNS queries, it will then look for the printer in it's children hosts meaning the end devices that end with yourDomain.com, in this case it's yourPrinter.yourDomain.com, the printer will be found among them and the server will respond to your computer with the printer's IP, your computer then sends the documents directly to your printer using it's IP and the printer will receive the order and will print what's needed,pretty straightforward right ?
Recursive and Iterative queries
Now let's suppose you want to visit www.wikipedia.org, your DNS server won't have a clue what address is that because it has never seen it before and it is not in it's address book.
In that case, the DNS server will respond saying that it doesn't have that, but maybe, my parent has an answer to that query, the parent being the .com domain, it will in turn ask the root domain which will in turn ask the .org domain which will surely have www.wikipedia.org among it's children. This is called a recursive query.
The other type, you guessed it, iterative query basically is the DNS server firing queries to other DNS servers in order to find the IP address of a specific domain name it's looking for, this process is called DNS resolution. Once your local domain resolves the IP of www.wikipedia.org, it will cache it, storing it for future use so that the whole search cycle won't be required again.
Even your machine is capable of caching IP addresses and their corresponding domain name so that it doesn't even have to ask the DNS server but access the IP directly.
Active Directory
In computing, a directory is a file system cataloging structure which contains references to other computer files, and possibly other directories in an alphabetical or thematic sequence. On many computers, directories are known as folders, or drawers, analogous to a workbench or the traditional office filing cabinet. (Wikipedia)
So in a similar way active directory let's companies organize all their resources very easily at one place, resources being employees, servers, files, printers and many other things, basically everything will be organized, accessed and managed very easily and in a secure way.
Active directory logical architecture
Suppose your company has a domain called companyDomain.com, now this domain is based on three locations in the world, Europe, United states and Asia. Suppose an employee joins the sales team of the US region of your company, the employee will be tagged as an "object", which is the most basic entity of an active directory and it will have it's own set of attributes (employee ID, name, email address,...).
Now suppose there are 100 employees under said sales department, we will create and OU (Organizational Unit) which is a general purpose container that helps administrators manage objects. For example, if an admin wants to assign file directory access to all the 100 members of the sales team, they can simply give the access at the OU level at it will be propagated down the 100 employees.
If you understood the DNS part, you will know that the objects, OUs and the three domains located around the world will all fall under one particular domain which is yourcompany.com.
Domain name server and active directory go hand in hand and their functioning is quite interrelated, while AD holds information about resources in the network, it uses DNS to find and resolve distinguished names into IP addresses.
Below are some basic definitions of each element of the AD structure.
Objet
Object is the basic element of Active Directory in Microsoft Windows Server family that represents something on the network, such as a user, a group, a computer, an application, a printer, or a shared folder.
Domain
An Active Directory domain is a logical group of objects (users, computers, OUs and so on) that is managed by the same administrative team and is usually located on the same physical network.
OU
Organizational Unit (OU) is a container in the Active Directory domain that can contain different objects from the same AD domain: other containers, groups, user and computer accounts. An Active Directory OU is a simple administrative unit within a domain on which an administrator can link Group Policy objects and assign permissions to other users/groups.
There are two main tasks when using OU, besides storing Active Directory objects:
- Delegation of management and administrative tasks within the domain to other administrators and users without granting them the domain administrator privileges;
- Linking Group Policies (GPO) to all objects (users and computers) in this OU.
Tree
A domain is a logical grouping of network objects such as user, computers and network devices. A tree or domain tree is a collection of domains. Moreover, a tree follows a parent domain, child domain tree structure. When a domain is under a specific domain, that domain is called the child domain while the main domain is called the parent domain.
Objects in different domains within a domain tree can communicate with each other through trusts. The trusts can be two-way or one-way trusts. For example, assume two domains. If both domains can communicate with each other, it is a two-way trust. If only one domain can communicate with the other domain, it is called one-way trust. Furthermore, all domains in the domain tree share a contiguous namespace.
Forest
A forest is a collection of trees or domain trees which provides the highest level of security boundary. It is also a complete active directory instance. Moreover, objects within the same forest can communicate with each other. If an object in one forest needs to exchange information with an object in another forest, the two forests should have forest level trust.
Setting up a home lab
First things first, before setting up a network, always use a diagram, it helps you get your plan in order and not get lost along the way. So this is our diagram.
Explaining the diagram
So the first thing we're going to do is download and install oracle virtualbox which is what we're going to use to run our virtual machines on, after that's installed we're going to download a windows 10 iso and a server 2019 iso that we're going to use to install the two operating systems on two separate virtual machines.
Next after we have everything downloaded and installed we're going to create our first virtual machine that hosts our domain controller inside active directory. We're going to give this virtual machine two network adapters : One is going to be used to connect to the outside internet and the other one that's going to be used to connect to the virtual box private network that the clients are going to connect to.
After our virtual machine is created, we're going to install windows server 2019 on it and then we're going to assign IP addressing for the internal network, the external network will automatically get IP addressing from your home router so we don't have to worry about it. After we have IP addressing setup we're going to name the server and then we're going to install active directory and create our domain then we're going to configure NAT and routing so the clients on the private network can reach the internet through the domain controller.
Next we're going to set up a DHCP on the domain controller so when we create our windows 10 machine it can automatically get an IP address
Last thing we do on the domain controller before we create our client virtual machine is we're going to run a powershell script that will automatically create a thousand users in active directory, this is optional but you can surely learn a thing or two doing it.
After creating the users we're going to create another virtual machine and install windows 10 on it and that virtual machine will be connected to the private virtual box network, we're going to name that machine client1 and join it to the domain and then we're going to log into it with one of our domain accounts.
Downloading and installing required software and OS
Oracle virtual box
Note that the performance of your computer might be affected depending on what hardware do you have and how much you allocate to your virtual machines.
On windows
Head out to virtual box's download page and follow the installation instruction.
On linux
Just follow this guide by Oracle. If you have dependencies issues, check out this page by the virtualbox team.
On MacOS
Much like windows, you only need to visit virtual box's download page and select the OS X hosts option, then follow the installation instruction and you're done.
Windows 10
Head to this page to get it. When you go there, click "Get started," and follow the instructions and prompts until you finally get to the download page. Choose your language and whether you want to download the 32-bit or 64-bit version. I downloaded the 64-bit version, because I installed it on a 64-bit machine. Remember where you downloaded the ISO file, because you'll need to know that later.
Windows server 2019
Same as with Windows 10,Head to this page and choose ISO file.
Creating the virtual machines
So the next thing we're going to do is we're going to create our virtual machines. Open up virtualbox, I'm using Linux Ubuntu 20.04 so your interface might look slightly different if you're running it on Windows or MacOS.
We'll go to "new" and we're going to create the server 2019 computer first, pick other windows 64-bit, also you should name it accordingly to remember which machine is which. just leave all the settings by default and simply click next, the settings should be so that you can use at least run three virtual machines at the same time depending on you computer's hardware, or you can tweak them as you please.Next, click on your newly created VM, go to Settings, Network, remember if we look at the diagram, we're creating our domain controller right now so we wanna have two NICs (Network Interface Controllers) we want one that's dedicated for the internet that's going to be running NAT and then we'll have one that's dedicated for the internal vmware network. So our first adapter is going to connect to our our house internet and be given an IP address automatically by your router's DHCP, so we want to add one more adapter, go to Settings, Network, Adapter 2 and enable it, then simply select " Internal Network " under the Attached to menu, you can name it something like "intnet", click okay and now our VM is pretty much configured
Installing Windows 2019 OS in our VM
the VM is configured but it's still empty, so next we are going to install Windows server 2019 on it. Double click it to start it, it's going to open up a window, this is where we're going to select the server 2019 iso that we downloaded earlier, we'll click "choose a virtual optical disk file" (it's the little yellow folder next the the list), click Add and you'll browse to where you put the server 2019 iso file and add it, choose it in your newly updated lists of optical drives and click OK. Start the virtual machine and it will prompt you to a classic Windows 10 window, go next and we'll say install and then we're going to select the one with desktop experience in order to have a GUI with our operating system, accept the license agreements, say custom install and click next. So server 2019 is installed, you will be prompt with the default administrator account so just give it a password and make sure to remember it. In order to log in you have to press [CONTROL] + [ALT] + [DELETE] keys to unlock, if you're having trouble logging in just go to input in the VM menus bar and choose keyboard -> Insert ctrl+alt+delete, log in with your password.
Setup server network adapters
Next let's set up our IP addressing, so remember if we look at our diagram, we have two NICs : one that's dedicated for our internet connection and then we have an internal one that's going to be used for our internal network, for the internal one we have to set it up manually.
Left click on the network looking icon down on windows taskbar then click network, change adapter options, you'll find two network interfaces, let's check out the first one. We'll go to status -> details and if you find the IP similar to 10.XX.XX.XX that should be the first NIC that we use to connect to the internet (default Virualbox IP addressing), so naturally the second will be our internal one, we will give it an IP address.
Right click on it, select properties and double click on Internet Protocol version 4 and select "use the following IP address". If you want to learn more about IP addressing, check out this link that basically explains it, for now we will proceed assuming you have the knowledge. Enter this IP 172.16.0.1 and then the mask 255.255.255.0, under "Preferred DNS server" enter 172.16.0.1 and click OK, we're not going to use a default gateway because the domain controller itself is going to serve as the default gateway since it has two NICs, one for the internet and one on the inside so this particular NIC is not going to use the default gateway, and then for the DNS server, when we install active directory it automatically installs DNS so this server is going to actually use itself as the DNS server that's why we entered the same IP address as the first one, alternatively, you can enter the loopback address 127.0.0.1 which will have point to the machine itself.
Install Active Directory Domain Services
Next thing we're going to do is we're going to install active directory domain services, go ahead and open Server Manger, click on Add roles and features, click Next, select Role-based and continue, this is where you pick the server where you want to install the thing that you're going to install which is active directory domain services, we only have one server so we're just going to select the server we're going to use and then we're going to choose "active directory domain services" in the list, click next to all the setup, and then install.
Promote Domain Controller
Now that it has been installed you'll notice there's this a little flag in the upper right menu of your server manager, go ahead and click that, we have to do our post deployment configuration, we installed the software for active directory domain services but we didn't actually create the domain yet so we'll click Promote this server to a domain controller. In the deployment operation we will select "Add a new forest" and you can name your domain something like "mydomain.com", next enter your password and confirm it, click next, there's no need to create a DNS delegation so just click next again and again until install, you'll be logged out so just log in again.
Create domain admin account
Now we're going to create our own dedicated domain admin account instead of using the built-in administrator account, so we can do that by going to "start" and then "administrative tools" and then "active directory users and computers". See mydomain.com on the right side panel, this is our newly created domain, let's create an organizational unit to put our admin account in. We'll name it something like _ADMIN and uncheck "Protect this container from accidental deletion". This will be annoying when you try to delete it later. Now that you have create a domain admin account, right click on it on the right panel and select New -> User and name it like whatever your name is and enter create a password. Uncheck "user must change password next login" and check "password never expires", this is a basic password policy but you should definitely use your own organization's policy for more security. you'll notice your account has appeared, but it's not an admin yet, so right click it and go to "properties" -> "Member of" -> "Add" and under "Enter the object names to select" write "Domain Admins" apply and exit. Go ahead and log out of the domain controller and instead of logging into the administrator , go to "Other User" and use your domain admin account you created, and now you you know how to create an admin account in Active directory.
Install and configure RAS/NAT (Remote Access Server/Network Address Translation)
The purpose of this is to allow our windows 10 client to be on our private virtual network but still be able to access the internet through the domain controller so we're going to install.
Remember how we installed Active Directory Domain Services ? Do the same only this time select "Remote Access" in the list of Roles, next select "Routing" (DirectAccess and VPN is automatically selected), click next to the other setup steps and install.
Selecting the interface to connect to the internet
After the installation is finished, go to "tools" in the server manager menus and then go to "routing and remote access", right click on your machine's name on the left panel and select "configure and enable routing and remote access", click next, select the second option which is NAT to allow internal clients to connect to the internet using one address .Next an you're supposed to be able to see your internal and external interface under "use this public interface to connect to the internet", go ahead and select the one we're using to connect to the internet, if you can't remember which one is which just go back to your network adapters settings and simply rename them accordingly, click next and then finish. Now your clients will have access to the internet.
Install and configure DHCP
Setting up a DHCP server on our domain controller is essential in order for your windows 10 clients to get an IP address that will let them get on the internet they're on this kind of private internal network just like in your office or school.
By now you know how to add roles and features on your domain controller, go ahead and select DHCP this time from the roles list and simply install it following the default settings.
Setting up the scope
From the tools menu, select DHCP so we can set up our scope, DHCP' purpose is to allow devices on the network like client computers to automatically get their IP addresses so looking back at our diagram we defined a scope that will give the IP addresses in this range 172.16.0.100 with this subnet mask 255.255.255.0
In the DHCP configuration tool, you'll find on the left side panel under your_machine_name.mydomain.com something called IPv4, right click it and select "new scope", click next and name the scope, for the range put 172.16.0.100 through 200 (put 172.16.0.200 in the second one) because that's the range we're going to use. Again,if you're unfamiliar with notions such as IP addressing and IPv4 i strongly advice that you learn more about them in order to gain a better understanding of what we are doing here. Under "configuration settings that propagate to DHCP clients" set the length as 24. Next if you want to add exlusion, meaning IP addresses that you don't want given to hosts, this is where you do it, otherwise click next. For the lease duration, it depends on your use cases, it basically means how long does your host keep his IP address and it won't change each time he connects until the lease has expired. Next, you'll be asked if you want to configure DHCP options, that means we want to tell the clients which server to use for DNS, which server to use for the gateway and we do want to configure those things because we want them to be able to get on the internet so we're going to say yes, you'll have to add an ip address for a router used by clients, following our diagram we see that we configured NAT on the domain controller and the domain controller has routing configured as well so one of its jobs is to forward traffic from the clients to the internet so because of this the clients are going to use the internal NIC of the domain controller as their default gateway/router so going back to our DHCP configuration we're just going to enter the domain controller's IP address here (172.16.0.1) and click add.
Next you'll be asked what do you want to use for your DNS server, again when you install active directory on the domain controller it automatically installs DNS and so because of that we're going to use the domain controller as our DNS server, so just click next. For WINS Servers, we don't really need that in our setup so just click next and say yes to activating the scope and finish. Last step, right click the DHCP server up and say authorize then right click one more time and say refresh and you'll notice that IPv4 has turned green and just like that DHCP is set up.
Adding users using a PowerShell script (Optional)
You can easily skip this step and only create one user in order to test our windows 10 client, but the purpose of using a script is to show you that you can add users programmatically faster and without using an interface, if you remember while installing our windows server 2019 VM we had the choice to install the server without an interface, the commands you'll see in this script are a small example of what you'll be working with if your AD server machine doesn't have an interface.
In order to create our clients and join them to the domain we're going to use a powershell script to create a whole bunch of users in active directory so we can have sample users and we don't have to manually create them.
# ----- Edit these Variables for your own Use Case ----- #
$PASSWORD_FOR_USERS = "Password1"
$USER_FIRST_LAST_LIST = Get-Content .\names.txt
# ------------------------------------------------------ #
$password = ConvertTo-SecureString $PASSWORD_FOR_USERS -AsPlainText -Force
New-ADOrganizationalUnit -Name _USERS -ProtectedFromAccidentalDeletion $false
foreach ($n in $USER_FIRST_LAST_LIST) {
$first = $n.Split(" ")[0].ToLower()
$last = $n.Split(" ")[1].ToLower()
$username = "$($first.Substring(0,1))$($last)".ToLower()
Write-Host "Creating user: $($username)"
New-AdUser -AccountPassword $password `
-GivenName $first `
-Surname $last `
-DisplayName $username `
-Name $username `
-EmployeeID $username `
-PasswordNeverExpires $true `
-Path
"ou=_USERS,$(([ADSI]`"").distinguishedName)" `
-Enabled $true
}
```
###Breaking up the script
Obviously, every user has his own unique password, but in this case and for simplicity's sake, we're gonna create the users in the list of names with one password, so we create a variable with it's value the shared password.
```powershell
$PASSWORD_FOR_USERS = "Password1"
```
In order to get the names from our .txt file, we use the "Get-Content" command with as an argument the filepath of the .txt file containing the names, the commands gets the content of the file and store each line in an array, we'll store the array in a variable.
```powershell
$USER_FIRST_LAST_LIST = Get-Content .\names.txt
```
The "ConvertTo-SecureString" cmdlet converts plain text to secure strings, we do this in order to use it for the function that sets the new user's password upon creation, the function in question requires a parameter of type "SecureString"
```powershell
$password = ConvertTo-SecureString $PASSWORD_FOR_USERS -AsPlainText -Force
```
This one is self explanatory, we are simply creating a new OU called _USERS and setting the protection from accidental deletion to false.
```powershell
New-ADOrganizationalUnit -Name _USERS
-ProtectedFromAccidentalDeletion $false
```
```powershell
foreach ($n in $USER_FIRST_LAST_LIST) {
$first = $n.Split(" ")[0].ToLower()
$last = $n.Split(" ")[1].ToLower()
$username = "$($first.Substring(0,1))$($last)".ToLower()
Write-Host "Creating user: $($username)"
```
Remember the parameters we set when we created a new user ? This is the exact same thing done with powershell commands. If you're having trouble understanding a line, simply search it on [microsoft's powershell documentation](docs.microsoft.com/en-us/powershell) for more details.
```powershell
New-AdUser -AccountPassword $password `
-GivenName $first `
-Surname $last `
-DisplayName $username `
-Name $username `
-EmployeeID $username `
-PasswordNeverExpires $true `
-Path "ou=_USERS,$(([ADSI]`"").distinguishedName)" `
-Enabled $true
Installing Windows 10 Client on a VM machine
By now, you should be able to install a new machine on a oracle's virtualbox machine, if you can't remember the exact steps, go back to the Windows server 2019 installation instructions and follow those steps again only this time, you won't need two NICs, just one configured as internal network in order to connect to our domain controller. You might be asked more simple user oriented questions during the installation concerning privacy and ads, you can configure them as you wish as it doesn't affect our lab. Also, when you're prompted with "Let's connect you to a network" during the installation, it's preferred that you choose "I don't have internet", we will add a network manually for a more real-life situation where you're not always adding users as a newly installed Windows 10 OS.
After the installation process is finished, open up a command line prompt by going to "Start" and look for "cmd", there's no need to open it as an admin. run the following command
ipconfig /all
look for the lines that specify the DHCP server, DNS, Default gateway and the machine's IPv4 IP address, notice that they all match our configuration for the domain controller,
you can even try to access the internet or simply ping 8.8.8.8 in the command line to see if packets are being forwarded. Additionally, try to ping mydomain.com which will work naturally because you are on the same network. If it works, this means that all is in order, if you have different results, make sure you didn't forget any of the steps in our AD domain controller configuration.
Now for adding the computer to the newly created domain, right click the start menu button on the bottom left of your windows 10 and choose "System", then look for "Rename this PC (advanced)" button, then you'll see "to rename this computer or change it's domain or workgroup, click change" go ahead and click change, you can change the computer's name into Client1to match our diagram if you want, but it's not necessary. Under "member of" click domain and type on the field "mydomain.com" and click OK. Here you can add a user previously created in the domain controller, remember you added your own name to the list of names we added using the powershell script? Simply enter your name and as password "password1" if you left it unchanged in the provided script. Click OK and congratulations you are a member of the active directory. If you want to checkout the changes that happened in the domain controller following adding a machine to the domain, you go to the server manager, Tools, DHCP, on the left side panel expand the scope list and double click on "Address leases", we can see in here that we have one lease from our client computer, so when we created our client computer and joined it to the network reached out to the DHCP server automatically and requested an address and then the DHCP server gave it an address and now we have this lease in here, when a client gets an IP, it'll show up in here.
Another thing to check out, go to "Windows Administration", "Active directory users and computers", on the left side panel click on "Computers", there you'll find the computer's name we just added to the domain, you can manage that user from this menu, for example, if you delete it, he won't be able to log in with his credentials.
Going back the Windows 10 client, in the log in interface, you'll find "Other user" has appeared in the bottom left corner of you screen, click it and you'll notice that it says "Sign in to : MYDOMAIN.COM", enter your credentials and you can log in. Actually, you can use any other user from the list of names we added but you can configure your domain controller to make sure a certain user only logs in from a certain computer, i'll let look for that.
When logged in, open a command line and write "whoami", you'll see "mydomain\username", this again means that you are a member of the domain.
Final thoughts
You have now learned :
- How does DNS work.
- HOW to created virtual machines and configure them in Oracle's Virtualbox.
- How to setup Active Directory, create a domain controller, configure DNS and DHCP, create users and admins.
- How to join a client computer to the Active Directory. You have mastered the basics of DNS and Active Directory, but there's much more to learn ! Active Directory is a powerful tool and we only scratch to surface, i very much advise you to learn more about it's many features and the protocols it uses. If you ran into any problem while doing this lab, you can troubleshoot either by looking at the documentation or looking in forums.
Credit where credit's due,
- This post was inspired by Josh Madakor's youtube video, check out his youtube channel for cyber security related content.
Top comments (1)
Thanks for your help!