Abdullah’s Active Directory Home Lab is a virtualized, self-contained environment built for cybersecurity learning and testing. This lab is designed to help develop hands-on skills in Windows system administration, domain configuration, network management, and offensive security techniques like lateral movement and Active Directory exploitation.
The environment consists of:
- A Windows Server 2022 Domain Controller configured with Active Directory, DNS, and core services
- A Windows 11 Client machine joined to the domain for testing authentication, GPOs, and user management
- A Kali Linux Attacker machine used to perform ethical hacking techniques, AD enumeration, and privilege escalation
| Role | Hostname | IP Address | OS |
|---|---|---|---|
| Domain Controller | Abdullah_DC | 192.168.10.10 | Windows Server 2022 |
| AD Client | CLIENT01 | 192.168.10.20 | Windows 11 Pro |
| Attacker | KALI | 192.168.10.150 | Kali Linux Rolling |
- Hypervisor: VMware Workstation 17.x
- Networking: Host-Only + NAT (for Kali)
- OS Images:
- Windows Server 2022 ISO
- Windows 11 ISO
- Kali Linux ISO
This section explains how I installed and configured Active Directory Domain Services (AD DS) and DNS on a Windows Server 2022 machine to promote it as the domain controller for the Abdullah-AD.local domain.
- Hostname: Abdullah_DC
- IP Address: 192.168.10.10
- OS: Windows Server 2022 (Desktop Experience)
- Role: Domain Controller + DNS Server
Static IP configuration
Open Ethernet0 → Properties → Internet Protocol Version 4 (TCP/IPv4) → Properties and fill in:
| Setting | Value |
|---|---|
| IP address | 192.168.10.10 |
| Subnet mask | 255.255.255.0 |
| Default gateway | 192.168.10.1 |
| Preferred DNS server | 127.0.0.1 |
Selecting Add Roles and Features to begin installing AD DS and DNS roles.
Role Selection screen Active Directory Domain Services and DNS Server are checked here.
Choosing Add a new forest and entering the domain name: Abdullah-AD.local. This creates your top-level AD forest.
NetBIOS domain name auto-populated as ABDULLAH-AD. This will be used in domain logins like ABDULLAH-AD\Administrator.
You can use either the Active Directory Users and Computers (ADUC) GUI or PowerShell. Example PowerShell snippet:
Launch Active Directory Users and Computers (ADUC)
import-Module ActiveDirectory
Adding a single user
New-ADUser -Name "John Doe"
-GivenName "John' -Surname "Doe"
-SamAccountName "jdoe"
-UserPrincipalName "jode@abdullah-AS.local'
-AccountPassword (ConvertTo-SecureString "Password123!" -AsPlainText -Force)
-Enabled $true
-Path "CN=Users, DC=Abdullah-AD, DC=local"
Create a Bulk of Users
$users = @(
@{Name="John Doe"; Username="jdoe"; Password="Password123!"},
@{Name="Jane Smith"; Username="jsmith"; Password="Password123!"},
@{Name="Alice Admin"; Username="alice"; Password="AdminPass123!"},
@{Name="sqlsvc Service Account"; Username="sqlsvc"; Password="Service123!"},
@{Name="ASREP Roasting"; Username="asrep"; Password="WeakPass123!"}
)
foreach ($u in $users) {
New-ADUser -Name $u.Name `
-SamAccountName $u.Username `
-UserPrincipalName "$($u.Username)@Abdullah-AD.local" `
-AccountPassword (ConvertTo-SecureString $u.Password -AsPlainText -Force) `
-Enabled $true `
-Path "OU=CompanyUsers,DC=Abdullah-AD,DC=local"
This section outlines the configuration of the Windows 11 client machine and its successful integration into the Active Directory domain Abdullah-AD.local.
- Hostname: CLIENT01
- IP Address: 192.168.10.20
- OS: Windows 11 Pro
- Network: Static IP on the same subnet as the Domain Controller (192.168.10.0/24)
- DNS: Points to DC (192.168.10.10) to resolve the domain name
Navigate to System Properties to change the computer name and domain settings.
- This is accessed via
Control Panel>System
Clicking Change settings and setting the hostname to CLIENT01. This helps identify the machine within the domain.
In the Domain field, enter Abdullah-AD.local to begin joining the client to the AD environment.
Prompt appears requesting credentials, this is where you enter Administrator and the domain admin password.
Reboot, then log in for any user you created
Verify with whoami that you should see the domain prefix.
Success! The machine is now joined to the domain. You receive a confirmation message and must restart the computer.
Made by Abdullah Banwair — feel free to reach out!
Suggestions, contributions, and pull requests are welcome!