Back to Posts

DC Setup

Posted in Linux & Sysadmin

 Checkout SlayerLabs.com!
Networks Engineered to Exploit.
- Windows/UNIX - Domains/Subnets - Initial/Post/Lateral - Low Cost VPN Ranges -


Create a Windows Server 2012 Domain Controller

This post follows the basic steps in order to add a Windows Server 2012 as a Domain Controller in a new Forest. I’m organizing this post from notes I’ve created when spinning up new DC’s in a lab environment. Before beginning, make sure you’re working with a fresh install of Windows Server 2012.


Set Admin Password

First thing once installed, booted up and logged in is to set the Administrators password. This will need to be done in order to promote Server 2012 to a Domain Controller. Open a command prompt as admin and run the netuser command. Make the password complex!

C:\>net user administrator P@ssw0rd!


Change Server Name

Change the computer name to fit into your labs naming convention. Changing the name once it’s promoted to a Domain Controller will be a hassle.

Run Command » systempropertiesadvanced

Select the Computer Name tab » Change » Enter in new name - Keep as WORKGROUP for now, this will automatically update once the server has been promoted to a DC.


Set as static IP

A Domain Controller is also a DNS Server (in most cases), so we’ll need to update to a static IP address.

Run ncpa.cpl » TCPv4 » Properties

alt text

Set your IP based on the Domains network - in a small lab the Default Gateway isn’t necessary.

Since you’re making a new DC forest, you’ll need to set your Primary DNS to yourself. Make sure to use your actual static IP address and NOT 127.0.0.1. See Microsoft’s write-up on this subject.


Add AD Domain Services Role

Open up Server Manager if it isn’t already and go through the process of adding AD. Make sure to Select Active Directory Domain Services. Selecting this role will also automatically add DNS configurations during setup, so no need to add the DNS Server role.

alt text


It’s Time for a Promotion

Now we’ll want to promote this server to a Domain Controller. In Server Manager, click the yellow caution mark and Promote this server to a domain controller.

Note: The dcpromo option from prior Windows versions has been depreciated in Server 2012

alt text

Go through the options and “Add a new forest”. Since this is a basic setup, set your new Domain name (example.com, leet.local, etc) and go through the Defaults clicking next.

You’ll probably run into a DNS Options caution prompt of “A delegation for this DNS server cannot be..”. In our case, this is information only, so click OK and next until your Prerequisites pass. If they don’t make sure to fix the issues.

Once it’s done installing and configuring the services, it will automcatically restart. Once booted back poke around by opening AD Users and Computers ( dsa.msc ), DNS Manager, etc.


One more tip

One last thing I’d recommend is verifying ping or ICMP echo is turned ON. By default Server 2012R2 has it disabled. This can be a nuisance since you’ve just setup a new Forest and will be adding more devices to the domain - having ping enabled for basic troubleshooting seems like a no-brainer.

Open cmd as admin and use netshell to add a quick firewall rule:

C:\>netsh firewall set icmpsetting type=ALL mode=enable


You’re all set., enjoy.

Custom Cyber Ranges >>

https://slayerlabs.com

Read Next

FI Cyberspace Scan