About 0x00
1. domain controller: win server 2008
2. domain server: win server 2008, win server 2003
3. domain PC: win7 x64, win7 x32, win xp
0x01. Configure a static IP
Check the IP address and gateway
DNS is 127.0.0.1, domain controller installation process will be installed by default DNS service.
0x02. Install Active Directory roles
win + R open operation, an input controller mounted dcpromo
Or directly open Server Manager, the Add Roles
windows NT 4.0 compatible encryption algorithm, referring to the low version SMBv1 clients, NTLM network authentication process during the
Using relatively simple algorithms, relatively easy to crack; not upgraded to version SMBv2 server may be endangered use of technical means of PTH (pass the hash hash delivery) of, MS17-010 and other vulnerabilities.
We are not here to reinforce, to facilitate post experiment.
A plurality of domains called forest. Since we currently have only one domain, select Create a new domain in a new forest can be.
Forest root domain name
The first domain is the forest root domain name is also the forest
Set up a new forest root domain is the fully qualified domain name (FQDN), DNS name must meet the standards for domain names.
The forest functional level is upward compatible, win server 2003 is compatible with up win server 2003 and above, if you select here win server 2008, and that it is compatible versions win server 2008 and above.
The domain functional level, above.
Domain functional level
|
Domain functional level
|
Domain controllers are running the operating system
|
|
Windows Server 2003
|
Windows Server 2012 Windows Server 2008 R2 Windows Server 2008 Windows Server 2003
|
|
Windows Server 2008
|
Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Server 2016
|
|
Windows Server 2008 R2
|
Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Server 2016
|
|
Windows Server 2012
|
Windows Server 2012 Windows Server 2012 R2 Windows Server 2016
|
|
Windows Server 2012 R2
|
Windows Server 2012 R2 Windows Server 2016
|
|
Windows Server 2016
|
Windows Server 2016
|
林功能级别
|
林功能级别
|
域控制器运行的操作系统
|
|
Windows Server 2003
|
Windows Server 2012 Windows Server 2008 R2 Windows Server 2008 Windows Server 2003
|
|
Windows Server 2008
|
Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Server 2016
|
|
Windows Server 2008 R2
|
Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Server 2016
|
|
Windows Server 2012
|
Windows Server 2012 Windows Server 2012 R2 Windows Server 2016
|
|
Windows Server 2012 R2
|
Windows Server 2012 R2 Windows Server 2016
|
|
Windows Server 2016
|
Windows Server 2016
|
开始安装DNS服务
弹窗告警,提示无法创建DNS服务器的为委派,
选择“是”,选择数据库、日志、SYSVOL的位置:
设置目录服务还原模式的administrator密码。
点击“下一步”,显示摘要信息。
点击“下一步”,开始配置Active Directory活动目录域服务。
安装完成,安装完成需要重启一下。
重启后,会默认使用域内账户Administrator登录,我们使用前面设置的域密码登录。
在服务器管理器中可以查看到关于这台域控的详细信息。
0x03 加入域
先ping 一下保证网络连通
然后将当前主机的DNS服务器设置为DC的IP:
测试一下能否ping 通 DNS服务器
找到系统属性,
这里输入域账户密码。
选择账户类型的时候选择users,否则,后期很多操作做不了。
ok,加域成功!
0x04新建用户