Overview
This document provides a step-by-step guide for setting up an Active Directory (AD) lab environment in a virtualized environment using Proxmox. The lab includes a Windows Server 2019 Domain Controller (DC), multiple Windows 10/11 clients, and integration with pfSense for network segmentation.
Lab Infrastructure
Hardware Requirements
- Dell R730 Server with 256GB RAM
- 4 x 1.2TB HDDs (RAID 5) and a 2TB NVMe for storage
- Proxmox VE as the hypervisor
Virtual Machines
- pfSense Firewall – Handles network segmentation
- Windows Server 2019 – Configured as Domain Controller (DC)
- Windows 10/11 Clients – Joined to the domain
- Kali Linux (optional) – Used for penetration testing and monitoring
Step 1: Configuring Proxmox
1.1 Install Proxmox VE
- Boot from the Proxmox ISO and follow installation prompts
- Configure a static IP for Proxmox
- Create storage pools for VM storage
1.2 Networking Configuration
- Create VLANs for segmenting the lab (e.g., Admin, Clients, Attacker)
- Configure a virtual bridge in Proxmox to allow VMs to communicate
Step 2: Setting Up pfSense Firewall
- Create a pfSense VM with 2 network interfaces (WAN and LAN)
- Assign a static IP to pfSense LAN and configure DHCP for client VMs
- Set up rules for network traffic isolation
- Configure DNS forwarding to ensure domain resolution
Step 3: Deploying Windows Server 2019 as a Domain Controller
3.1 Install Windows Server 2019
- Create a new VM in Proxmox with 4 vCPUs, 8GB RAM, and 100GB storage
- Install Windows Server 2019
- Assign a static IP and configure network settings
3.2 Install Active Directory Domain Services (AD DS)
- Open Server Manager → Add Roles and Features
- Select Active Directory Domain Services (AD DS) and install
- Promote the server to a Domain Controller
- Create a new forest (e.g.,
lab.local) - Set up DNS and DHCP roles (optional)
- Restart the server and verify domain functionality
3.3 Create Organizational Units (OUs) and User Groups
- Open Active Directory Users and Computers (ADUC)
- Create the following OUs:
- Lab Users – For standard domain users
- Lab Computers – For joined workstations
- Admins – For privileged accounts
- Service Accounts – For system services
Step 4: Adding Windows 10/11 Clients to the Domain
4.1 Deploy Windows 10/11 Clients
- Create VMs for Windows clients with 2 vCPUs, 4GB RAM, and 50GB storage
- Install Windows 10/11 and apply updates
4.2 Join Clients to the Domain
- Change network settings to use DC as DNS server
- Open System Properties → Change settings → Join the domain (
lab.local) - Restart and log in with domain credentials
Step 5: Implementing Group Policies (GPOs)
- Open Group Policy Management Console (GPMC)
- Create and apply GPOs for:
- Password policies (e.g., minimum length, complexity requirements)
- User restrictions (disable USB access, block unnecessary services)
- Drive mappings and printer deployments
- Use gpupdate /force to apply policies immediately
Step 6: Configuring Logging & Monitoring
- Enable Windows Event Logging for security and system events
- Set up Wazuh SIEM or Splunk to monitor AD activity
- Enable audit policies for logins, failed authentication attempts, and privilege escalations
Step 7: Testing and Validating the Setup
- Verify domain join and authentication for client machines
- Test GPO application using
gpresult /r - Ensure firewall rules allow proper communication
- Run basic PowerShell commands to query AD objects:
Get-ADUser -Filter * | Select-Object Name, SamAccountName
Get-ADComputer -Filter * | Select-Object Name, OperatingSystemConclusion
This Active Directory lab setup provides a controlled environment for testing security policies, monitoring domain activity, and learning AD administration. With proper logging, firewall segmentation, and GPO enforcement, this lab is an excellent platform for cybersecurity and system administration practice.