active-directory-lab

This repository contains automation to provision a modular Active Directory lab with a variety of optional components for a child domain, separate administrative forest, certificate authority, Linux and Windows member servers, and SQL Server. The optional components can be enabled as needed to test various scenarios.

Overview

---
config:
    flowchart:
        nodeSpacing: 20
        inheritDir: true
        defaultRenderer: "elk"
    themeVariables:
        fontFamily: 'monospace'
        fontSize: '12px'
        lineColor: '#7a7a7a'
        edgeLabelBackground: 'transparent'
        textColor: '#000000'
---
flowchart BT
    subgraph lab["lab"]
        %% lab.test domain 
        subgraph lab_test ["lab.test"]
            %% Nodes
            ad_root_dir1@{ shape: rect, label: "dir1"}
            ad_root_dir2@{ shape: rect, label: "dir2"}
            ad_root_cs1@{ shape: rect, label: "cs1"}
            ad_root_lnx_srv@{ shape: st-rect, label: "lnx#"}
            ad_root_win_srv@{ shape: st-rect, label: "srv#"}
            ad_root_win_sql1@{ shape: cyl, label: "sql1"}

            %% Node styles
            ad_root_dir1:::dc
            ad_root_dir2:::dc
            ad_root_cs1:::cs
            ad_root_win_srv:::windows
            ad_root_lnx_srv:::linux
            ad_root_win_sql1:::sql

            %% Node links
            ad_root_cs1 --dns server--> ad_root_dir1
            ad_root_cs1 --dns server--> ad_root_dir2
            ad_root_dir1 --cert enroll--> ad_root_cs1
            ad_root_dir1 --dns server--> ad_root_dir2
            ad_root_dir2 --cert enroll--> ad_root_cs1
            ad_root_dir2 --dns server--> ad_root_dir1
            ad_root_lnx_srv --dns server--> ad_root_dir1
            ad_root_lnx_srv --dns server--> ad_root_dir2
            ad_root_win_sql1 --dns server--> ad_root_dir1
            ad_root_win_sql1 --dns server--> ad_root_dir2
            ad_root_win_srv --dns server--> ad_root_dir1
            ad_root_win_srv --dns server--> ad_root_dir2
        end

        %% child.lab.test domain
        subgraph child_lab_test ["child.lab.test"]
            %% Nodes
            ad_child_dir3@{ shape: rect, label: "dir3"}
            ad_child_dir4@{ shape: rect, label: "dir4"}

            %% Node styles
            ad_child_dir3:::dc
            ad_child_dir4:::dc

            %% Node links
            ad_child_dir3 --cert enroll--> ad_root_cs1
            ad_child_dir3 --dns server--> ad_root_dir1
            ad_child_dir3 --dns server--> ad_root_dir2
            ad_child_dir4 --cert enroll-->  ad_root_cs1
            ad_child_dir4 --dns server--> ad_root_dir1
            ad_child_dir4 --dns server--> ad_root_dir2
        end

        %% admin.local domain 
        subgraph admin_local ["admin.local"]
            %% Nodes
            ad_admin_dir5@{ shape: rect, label: "dir5"}

            %% Node styles
            ad_admin_dir5:::dc
        end
    end
    
    %% Sub-chart styles
    admin_local:::domain
    child_lab_test:::domain
    lab_test:::domain
    lab:::lab

    %% Node links
    lab_test --trust (one-way)--> admin_local
    lab_test --trust (two-way)--> child_lab_test

    %% Style classes
    classDef cs fill:#16a34a,stroke:#333333,stroke-width:1px,color:#fff
    classDef dc fill:#054165,stroke:#333333,stroke-width:1px,color:#fff
    classDef domain fill:#cedae2,stroke:#333333,stroke-width:1px,color:#333
    classDef lab fill:#e8edf3,stroke:#333333,stroke-width:1px,color:#333
    classDef linux fill:#f7bb36,stroke:#333333,stroke-width:1px,color:#422006
    classDef sql fill:#7c3aed,stroke:#333333,stroke-width:1px,color:#fff
    classDef windows fill:#2563eb,stroke:#333333,stroke-width:1px,color:#fff

Loading

Contents

folder	purpose
packer	Packer template for Ubuntu Server 24.04 and Windows Server 2025 Vagrant boxes
vagrant	Vagrantfile and Ansible playbooks for Active Directory lab

Components

Root domain (Required)

• VMs
  • VM name: ad-root-dir1
    • Hostname: dir1
    • Virtual hardware
      • 2 vCPU
      • 4 GB RAM
    • Synced folder(s)
      • vagrant/files/ mounted to c:\vagrant
    • Provisioners
      • vagrant/files/common/windows/os/main.yml: Base OS configuration
      • vagrant/files/ad-root/main.yml: Create root domain, configure DNS server and logging, create sample users

Child domain (Optional)

Administrative domain (Optional)

Certificate authority (Optional)

Servers - Linux (Optional)

Servers - Windows (Optional)

Servers - SQL (Optional)

Requirements

• Physical host
  • Hardware
    • 4+ vCPU
    • 32+ GB RAM
    • 15+ GB available storage
      • The VirtualBox VMs are provisioned as linked clones to conserve disk space.
  • Operating system
    • Ubuntu Linux 22.04+
  • Software
    • Ansible 2.16+
    • VirtualBox 7+
    • Packer 1.14+
    • Vagrant 2.x
      • vagrant-disksize plugin
      • vagrant-reload plugin
      • vagrant-vbguest plugin

Usage

Packer

The packer directory contains a Packer template to build VirtualBox Vagrant boxes for Ubuntu Server 24.04 LTS and Windows Server 2025.

ubuntu-server-24.04

The Vagrant box build takes approximately 15 minutes, but may vary depending on your hardware and internet connection.

The box file is output to packer/ubuntu-server-24.04/ubuntu-server-24.04.box and is approximately 2.5 GBs.

1. Build the Vagrant box:

   # Set working directory
   cd packer/ubuntu-server-24.04/
   
   # Build the box
   packer build .

The Vagrant box build takes approximately 15 minutes, but may vary depending on your hardware and internet connection.

The box file is output to packer/ubuntu-server-24.04/ubuntu-server-24.04.box and is approximately 2.5 GBs.

windows-server-2025

The Vagrant box build takes approximately 45 minutes, but may vary depending on your hardware and internet connection.

The box file is output to packer/windows-server-2025/windows-server-2025.box and is approximately 14 GBs.

1. Download Windows Server 2025 evaluation ISO

2. Place the ISO at packer/windows-server-2025/windows-server-2025.iso.

3. Build the Vagrant box:

   # Set working directory
   cd packer/windows-server-2025/
   
   # Build the box
   packer build .

vagrant

The vagrant directory contains the Vagrantfile to build the Active Directory lab environment. To build the environment:

1. Review the settings variables in vagrant/settings.yml and update as necessary. This file contains the variable switches to enable the optional components of the lab environment. The following settings variables are available:

   Variable name	Default value	Purpose
   ad_admin_domain_deploy	false	Switch to enable Administrative domain deployment
   ad_admin_domain_name	admin.local	Administrative domain name
   ad_admin_dir5_ip	10.0.3.10	Administrative domain Domain Controller IP
   ad_child_domain_deploy	false	Switch to enable child domain deployment
   ad_child_domain_name	child.lab.test	Child domain name
   ad_child_dir3_ip	10.0.3.101	Child domain Domain Controller IP
   ad_child_dir4_ip	10.0.3.102	Child domain Domain Controller IP
   ad_cs_deploy	false	Switch to enable Active Directory Certificate Services deployment
   ad_cs1_ip	10.0.3.25	Active Directory Certificate Services IP address
   ad_root_domain_name	lab.test	Root domain name
   ad_root_dir1_ip	10.0.3.21	Root domain Domain Controller IP
   ad_root_dir2_ip	10.0.3.22	Root domain Domain Controller IP
   ad_server_windows_sql_deploy	false	Switch to deploy SQL server
   ad_server_windows_sql_ip	10.0.3.60	SQL server IP address
   ad_servers_linux_deploy	false	Switch to deploy Linux server(s)
   ad_servers_linux_count	1	Number of Linux servers to deploy
   ad_servers_linux_start_ip	10.0.3.40	Starting IP address for Linux servers
   ad_servers_windows_deploy	false	Switch to deploy Windows server(s)
   ad_servers_windows_count	1	Number of Windows servers to deploy
   ad_servers_windows_start_ip	10.0.3.30	Starting IP address for Windows servers
   gateway_ip	10.0.3.1	Network gateway address
   host_adapter_bridge	enp12s0	Host network adapter for bridge network

2. Provision the environment:

   # Set working directory
   cd vagrant
   
   # Provision
   vagrant up

3. Play

4. When finished, destroy the environment:

   # Set working directory
   cd vagrant
   
   # Destroy
   vagrant destroy --force