• Stars
    star
    130
  • Rank 277,575 (Top 6 %)
  • Language
    PowerShell
  • Created over 8 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Example Windows Domain Controller

About

This is an example on how to create a Windows Domain Controller using Vagrant and PowerShell.

This also shows how to add a Computer to an existing domain using PowerShell.

This will create an example.com Active Directory Domain Forest.

This will also install a Certification Authority with a GPO to automatically enroll computers with a certificate signed by the trusted domain CA, Remote Desktop users will therefore see and use trusted certificates.

This will also set the user photo with a GPO.

This will also set the Remote Desktop Users group with a GPO.

This will also setup the whoami group Managed Service Account (gMSA).

This setup will use the following static IP addresses:

IP Hostname Description
192.168.56.2 dc.example.com Domain Controller Computer
192.168.56.3 windows.example.com Test Windows Computer
192.168.56.4 ubuntu.example.com Test Ubuntu Computer

NB these are hardcoded in several files. Find then with grep -r 192.168.56. ..

Usage

Install the Windows 2022 base box.

Install the Ubuntu 22.04 base box.

Install the required Vagrant plugins:

vagrant plugin install vagrant-windows-sysprep
vagrant plugin install vagrant-reload

Start by launching the Domain Controller environment:

# or --provider=hyperv (first see the Hyper-V Usage section bellow).
# or --provider=virtualbox
vagrant up --provider=libvirt

Launch the test nodes:

cd test-nodes
# or --provider=hyperv
# or --provider=virtualbox
vagrant up --provider=libvirt

Sign-in on the test nodes with one of the following accounts:

  • Username john.doe and password HeyH0Password.
    • This account is also a Domain Administrator.
  • Username jane.doe and password HeyH0Password.
  • Username Administrator and password HeyH0Password.
    • This account is also a Domain Administrator.
  • Username .\vagrant and password password.
    • NB you MUST use the local vagrant account. because the domain also has a vagrant account, and that will mess-up the local one...

You can login at the machine console.

You can login with remote desktop, e.g.:

xfreerdp \
  /v:dc.example.com \
  /u:john.doe \
  /p:HeyH0Password \
  /size:1440x900 \
  /dynamic-resolution \
  +clipboard

NB For an headless RDP example see the winps repository.

You can login with ssh, e.g.:

Active Directory LDAP

You can use a normal LDAP client for accessing the Active Directory.

It accepts the following Bind DN formats:

  • <userPrincipalName>@<DNS domain>, e.g. [email protected]
  • <sAMAccountName>@<NETBIOS domain>, e.g. jane.doe@EXAMPLE
  • <NETBIOS domain>\<sAMAccountName>, e.g. EXAMPLE\jane.doe
  • <DN for an entry with a userPassword attribute>, e.g. CN=jane.doe,CN=Users,DC=example,DC=com

NB sAMAccountName MUST HAVE AT MOST 20 characters.

Some attributes are available in environment variables:

Attribute Environment variable Example
sAMAccountName USERNAME jane.doe
sAMAccountName USERPROFILE C:\Users\jane.doe
NETBIOS domain USERDOMAIN EXAMPLE
DNS domain USERDNSDOMAIN EXAMPLE.COM

You can list all of the active users using ldapsearch as:

ldapsearch \
  -H ldap://dc.example.com \
  -D [email protected] \
  -w HeyH0Password \
  -x -LLL \
  -b CN=Users,DC=example,DC=com \
  '(&(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))' \
  sAMAccountName userPrincipalName userAccountControl displayName cn mail

NB To have ldapsearch you can install the msys2 mingw-w64-openldap package with pacman -Sy mingw-w64-x86_64-openldap.

For TLS, use -H ldaps://dc.example.com, after creating the ldaprc file with:

openssl x509 -inform der -in tmp/ExampleEnterpriseRootCA.der -out tmp/ExampleEnterpriseRootCA.pem
cat >ldaprc <<'EOF'
TLS_CACERT tmp/ExampleEnterpriseRootCA.pem
TLS_REQCERT demand
EOF

Troubleshoot TLS with:

# see the TLS certificate validation result:
echo | openssl s_client -connect dc.example.com:636 -servername dc.example.com -CAfile tmp/ExampleEnterpriseRootCA.pem
# see the TLS certificate being returned by the server:
echo | openssl s_client -connect dc.example.com:636 -servername dc.example.com | openssl x509 -noout -text -in -

Active Directory DNS

You can update the DNS zone using the computer principal credentials, e.g.:

kinit --keytab=/etc/sssd/sssd.keytab 'ubuntu$'
nsupdate -g <<'EOF'
server dc.example.com
zone example.com.
update delete ubuntu.example.com. in A
update add ubuntu.example.com. 60 in A 192.168.56.4
update delete ubuntu.example.com. in TXT
update add ubuntu.example.com. 60 in TXT "hello world"
send
EOF
kdestroy

Hyper-V Usage

Follow the rgl/windows-vagrant Hyper-V Usage section.

Create the required virtual switches:

PowerShell -NoLogo -NoProfile -ExecutionPolicy Bypass <<'EOF'
@(
  @{Name='windows-domain-controller'; IpAddress='192.168.56.1'}
) | ForEach-Object {
  $switchName = $_.Name
  $switchIpAddress = $_.IpAddress
  $networkAdapterName = "vEthernet ($switchName)"
  $networkAdapterIpAddress = $switchIpAddress
  $networkAdapterIpPrefixLength = 24

  # create the vSwitch.
  Hyper-V\New-VMSwitch -Name $switchName -SwitchType Internal | Out-Null

  # assign it an host IP address.
  $networkAdapter = Get-NetAdapter $networkAdapterName
  $networkAdapter | New-NetIPAddress `
    -IPAddress $networkAdapterIpAddress `
    -PrefixLength $networkAdapterIpPrefixLength `
    | Out-Null
}

# remove all virtual switches from the windows firewall.
Set-NetFirewallProfile `
  -DisabledInterfaceAliases (
        Get-NetAdapter -name "vEthernet*" | Where-Object {$_.ifIndex}
    ).InterfaceAlias
EOF

More Repositories

1

windows-vagrant

Windows 10/11/2019/2022 Base Vagrant Box (https://app.vagrantup.com/rgl)
PowerShell
298
star
2

packer-plugin-windows-update

Packer plugin for installing Windows updates
PowerShell
266
star
3

proxmox-ve

Proxmox VE Vagrant Base Box
Shell
82
star
4

elasticsearch-setup

elasticsearch oss installer for windows.
PowerShell
76
star
5

terraform-provider-vultr

This is a terraform provider for the Vultr cloud
Go
66
star
6

pxe-vagrant

a Preboot Execution Environment (PXE) gateway
Shell
51
star
7

k3s-vagrant

k3s k8s cluster playground
Shell
48
star
8

ovftool-binaries

VMware OVF Tool binaries archived for posterity
45
star
9

jenkins-vagrant

Vagrant Environment for a Jenkins Continuous Integration server
Shell
41
star
10

ubuntu-vagrant

Ubuntu Linux Vagrant Base Box (https://app.vagrantup.com/rgl)
Shell
33
star
11

terraform-libvirt-talos

example Talos Linux Kubernetes cluster in libvirt QEMU/KVM Virtual Machines using terraform
HCL
32
star
12

uup-dump-get-windows-iso

Create an iso file with the latest Windows available from the Unified Update Platform (UUP)
PowerShell
32
star
13

visual-studio-community-vagrant

Vagrant Environment for Visual Studio Community
PowerShell
30
star
14

gitlab-vagrant

Basic GitLab Vagrant Environment
Shell
30
star
15

alpine-vagrant

This builds an up-to-date Vagrant Alpine Linux Base Box
Shell
29
star
16

proxmox-ve-cluster-vagrant

a 3-node proxmox-ve cluster wrapped in a vagrant environment
Shell
28
star
17

minimal-cocoa-app

Minimal code needed to create a Cocoa Application from scratch; no Xcode used.
Objective-C
23
star
18

MailBounceDetector

Detects whether a MailKit email Message is a bounce message
C#
22
star
19

nexus-vagrant

Vagrant Environment for a Nexus Repository OSS service
Shell
22
star
20

windows-evaluation-isos-scraper

Scrapes the Windows Evaluation ISO addresses into a JSON data file
PowerShell
22
star
21

terraform-proxmox-talos

An example Talos Linux Kubernetes cluster in Proxmox QEMU/KVM Virtual Machines using terraform
HCL
21
star
22

talos-vagrant

Vagrant Environment for playing with Talos
Shell
19
star
23

ansible-collection-tp-link-easy-smart-switch

Manage TP-Link Easy Smart Switches with Ansible
Python
19
star
24

tinkerbell-vagrant

Vagrant Environment for playing with Tinkerbell for provisioning AMD64 and ARM64 machines
Shell
18
star
25

frp-github-actions-reverse-shell

open a reverse-shell in a GitHub Actions job
Shell
18
star
26

PowerShellExporter

Exports the results of PowerShell cmdlets as Prometheus Gauge Metrics
C#
17
star
27

my-windows-ansible-playbooks

My Windows Ansible Playbooks Playground
PowerShell
17
star
28

intel-amt-notes

notes about intel amt
17
star
29

windows-pe-vagrant

An example Windows PE (WinPE) iso built in a vagrant environment
PowerShell
15
star
30

vagrant-windows-update

Vagrant plugin for installing Windows updates
Ruby
14
star
31

sql-server-vagrant

SQL Server Express Vagrant environment
PowerShell
13
star
32

mail-vagrant

A Mail Server in a Vagrant sandbox
Shell
13
star
33

esxi-vagrant

ESXi running in QEMU/KVM/libvirt/ESXi wrapped in a vagrant environment
Shell
13
star
34

rpi4-uefi-ipxe

UEFI iPXE for the Raspberry Pi 4 ARM64
Shell
13
star
35

my-ubuntu-ansible-playbooks

My Ubuntu Ansible Playbooks Playground
Shell
12
star
36

docker-ce-windows-binaries-vagrant

Vagrant Environment for building the static moby (upstream of docker-ce) Windows binaries
Shell
12
star
37

debian-live-builder-vagrant

Vagrant Environment for creating custom Debian Live ISO images
Shell
10
star
38

vagrant-windows-sysprep

Vagrant plugin to run Windows sysprep as a provisioning step
Ruby
10
star
39

seeedstudio-odyssey-x86j4105-notes

notes about the seeedstudio odyssey x86j4105 mini-computer
10
star
40

macos-vagrant

Vagrant Environment for creating a macOS Base Box
Makefile
10
star
41

try-puppeteer-in-bun

try puppeteer in bun
JavaScript
9
star
42

terraform-libvirt-windows-example

HCL
9
star
43

terraform-vsphere-ubuntu-example

HCL
9
star
44

raspberrypi-uefi-edk2-vagrant

Raspberry Pi 4 UEFI EDK2 build environment inside a vagrant box
Shell
9
star
45

prometheus-vagrant

Prometheus and Grafana playground
PowerShell
9
star
46

kubernetes-ubuntu-vagrant

kubeadm created kubernetes playground wrapped in a vagrant environment
Shell
9
star
47

apt-cache-vagrant

Vagrant Environment for an APT Caching Proxy
Shell
8
star
48

gitlab-source-link-proxy

GitLab Source Link Proxy
Go
8
star
49

awx-vagrant

My Ansible AWX playground
Shell
8
star
50

debian-vagrant

This builds an up-to-date Vagrant Debian Base Box
Shell
8
star
51

sonarqube-vagrant

Vagrant Environment for a SonarQube based Source Code Analysis service
Shell
8
star
52

rke2-vagrant

A rke2 kubernetes cluster playground wrapped in a Vagrant environment
Shell
7
star
53

docker-swarm-cluster-ubuntu-vagrant

a 3-node docker swarm cluster wrapped in a vagrant environment
Shell
7
star
54

make_dmg

This lets you create a OS X dmg file. Normally used to install applications.
Perl
7
star
55

linuxkit-vagrant

Vagrant environment for playing with LinuxKit
Shell
7
star
56

ovmf-secure-boot-vagrant

ovmf secure boot playground
Shell
7
star
57

ResourceExtractor

This lists and extract the resources embedded inside an executable file (.exe, .dll, etc.)
C#
7
star
58

docker-windows-core-insider-2016-vagrant

a Docker on Windows Server Core Insider 2016 Vagrant environment for playing with Windows containers
PowerShell
7
star
59

terramate-aws-ecr-example

an example private container image repository hosted in the AWS Elastic Container Registry (ECR) of your AWS Account using terramate with terraform
Shell
7
star
60

k0s-vagrant

a k0s kubernetes cluster wrapped in a vagrant environment
Shell
6
star
61

gitlab-ci-vagrant

GitLab-CI runner nodes
PowerShell
6
star
62

terraform-libvirt-ubuntu-example

example on how to launch a ubuntu vm using terraform-libvirt
HCL
6
star
63

OpenHardwareMonitorExporter

Open Hardware Monitor Prometheus Exporter
C#
6
star
64

terraform-libvirt-ansible-windows-example

HCL
5
star
65

lxd-github-actions-runner

Execute a self-hosted GitHub Actions Runner in a ephemeral LXD container
Go
5
star
66

terraform-libvirt-rke-example

an example RKE cluster in libvirt QEMU/KVM Virtual Machines using terraform
HCL
5
star
67

docker-windows-2019-vagrant

docker on windows playground
PowerShell
5
star
68

terraform-vsphere-windows-example

HCL
5
star
69

sidero-vagrant

Vagrant Environment for a playing with Sidero.
Shell
5
star
70

tls-dump-clienthello

this dumps the TLS ClientHello message to stdout. this might be useful when testing your TLS client settings.
PowerShell
5
star
71

infra-toolbox

a toolbox for launching infrastructure wrapped in a vagrant environment
Shell
5
star
72

nginx-rtmp-module-vagrant

HTTP Live Streaming (HLS) server based on the nginx-rtmp-module, ffmpeg and the html video element
Shell
5
star
73

gitlab-ci-validate-jwt

Validate a GitLab CI JWT using the keys available at its jwks endpoint
Go
5
star
74

openssh-server-windows-vagrant

vagrant environment to test PowerShell/Win32-OpenSSH
PowerShell
4
star
75

spire-vagrant

SPIFFE/SPIRE playground
Shell
4
star
76

python-wazero-poc

This will try to create a single-file binary to execute an embedded Python script
Go
4
star
77

xfce-desktop-vagrant

Shell
4
star
78

intel-amt-toggle-power-example

toggles the power of a remote system using the intel amt remote api
JavaScript
4
star
79

dig-setup

Have the dig command on your Windows machine!
Inno Setup
4
star
80

example-aws-aad-sso

This integrates the AWS IAM Identity Center with the Azure AD as a SSO solution.
HCL
4
star
81

terraform-vsphere-talos

example Talos Linux Kubernetes cluster in vSphere Virtual Machines using terraform
HCL
4
star
82

squid-cache-vagrant

Vagrant Environment for a Intercepting and Caching Web Proxy using Squid Cache
PowerShell
4
star
83

customize-windows-vagrant

Programmatically customize Windows through PowerShell
PowerShell
4
star
84

openwrt-vagrant

This creates a OpenWrt base virtual machine image
Shell
4
star
85

incus-playground

My Incus playground
Shell
4
star
86

tpm-go-attestation-vagrant

tpm go-attestation playground
Go
3
star
87

get-iso-info

Outputs the Primary Volume Descriptor Creation Date of a ISO 9660 file
C#
3
star
88

loki-grafana-vagrant

example loki vagrant environment
Shell
3
star
89

centos-vagrant

Vagrant CentOS Base Box
Shell
3
star
90

cur2png

Convert cursor files (.cur) into .png files so we can use them in screenshots or web pages
C#
3
star
91

go-nmea

NMEA 0183 parser to parse the output of a GPS module
Go
3
star
92

packer-qemu-ansible-windows-example

provision a VM image using Ansible from a Packer template
HCL
3
star
93

windows-deployment-services-vagrant

Example Windows Deployment Services (WDS) vagrant environment
PowerShell
3
star
94

vault-vagrant

vault playground
Shell
3
star
95

swtpm-vagrant

a vagrant environment to play with swtpm
Shell
3
star
96

selenium-server-windows-vagrant

Selenium Server running on Windows with Vagrant
PowerShell
3
star
97

usb-hdmi-video-capture

information about cheap usb hdmi video capture dongle
3
star
98

wip-secure-boot

3
star
99

raspberrypi-kernel-iscsi-initrd

This contains the initrd binaries needed to boot a rpi from iSCSI
Shell
3
star
100

example-dotnet-source-link

example nuget library and application that uses source link and embedded portable pdbs to be able to step into a nuget package source code
PowerShell
3
star