How to Set Up an Active Directory Lab for Beginners

Building an Active Directory Lab Environment from Scratch

A hands-on walkthrough of setting up a fully functional Active Directory domain using Windows Server, perfect for beginners exploring IT infrastructure and system administration.

---

📌 Project Overview

This project demonstrates my understanding of Active Directory (AD) administration, including tasks such as configuring security settings, managing users and groups, and performing basic vulnerability assessments within an Active Directory environment. Through this project, I aim to showcase essential administrative skills in Active Directory, which is widely used in enterprise settings to manage and control multiple devices and users across an organization.

Active Directory (AD) is a tool developed by Microsoft that allows administrators to manage and secure resources, users, and devices within a networked environment. It is especially valuable in enterprise networks with multiple domains and devices because it centralizes control, improving the efficiency and security of large-scale IT environments.

Core Concepts in Active Directory

Domains:

A domain is the fundamental organizational unit within an Active Directory structure, used to manage and control all network resources, including user accounts, computers, printers, and other devices. Domains allow administrators to enforce policies and permissions across all devices within the network. Examples of domain controllers include Windows Server editions (such as Windows Server 2019 or 2022), which help manage domain authentication, security policies, and resource access within an Active Directory environment.

Windows Clients:

Windows clients refer to individual workstations and laptops running Microsoft’s Windows OS that are integrated into an Active Directory domain. Devices like Windows 10 and Windows 11 PCs can join a domain, allowing them to be centrally managed and controlled by administrators. Administrators can control settings, enforce security policies, and push software updates across all connected Windows clients, providing a streamlined way to manage large numbers of computers from a central location.

Project Tools and Technologies

• Virtual Machines (VirtualBox):

  VirtualBox was used to create isolated virtual environments for the Windows Server (acting as the domain controller) and Windows client systems. This setup enabled the creation of a simulated enterprise network environment without impacting any production systems.

• Windows Server:

  A Windows Server was configured to serve as the domain controller. This machine managed the Active Directory environment, including the configuration of roles, domain setup, security settings, and implementation of group policies.

• Windows Clients:

  A client devices within the network. These clients joined the Active Directory domain and were used to demonstrate user and group management, policy enforcement, and device administration.

• CherryTree:

  A hierarchical note-taking application, was utilized for documenting configurations, processes, and observations throughout the project.

• Greenshot:

  A lightweight screenshot tool, was used to capture images and document visual aspects of the configurations and processes during the project for reporting and reference purposes.

This project will not only demonstrate my ability to perform fundamental AD administrative tasks but will also highlight my understanding of security configurations. By the end, I aim to have a well-documented setup of an AD environment with controlled access and applied security settings within an enterprise-like environment.

---

🧰 Lab Setup

Description:

The lab environment setup for this project will involve several key steps designed to simulate a real-world enterprise network within a virtualized environment. This setup will include the installation of virtual machines, configuration of network settings, and the installation of Windows Server and Windows client operating systems to create an Active Directory (AD) domain environment. The lab environment will provide a controlled setting for practicing AD administrative tasks and security configurations without affecting any live systems.

Key Setup Steps

1. Installation of Virtual Machines (VMs):

• Virtualization Software: To create the lab, I will use VirtualBox (or an alternative like VMware Workstation) as the virtualization platform. VirtualBox enables me to run multiple virtual machines on a single physical computer, simulating different roles within a networked environment.

• Creating VMs for Server and Clients: Separate VMs will be created to represent a Windows Server (which will act as the Domain Controller) and several Windows clients. Each virtual machine will be configured with resources like CPU, RAM, and storage according to the requirements of the operating system it will run.

2. Configuration of Network Settings:

• Network Mode: Virtual machines will be connected using a “Host-Only” or “Internal Network” mode, which ensures that the VMs can communicate with each other without needing external internet access, creating an isolated network.

• IP Address Allocation: IP addresses will be manually assigned to each VM or managed via a DHCP server on the Windows Server. This setup will replicate a small office network and allow for seamless communication within the domain.

• Domain Controller Configuration: The Windows Server will be configured to serve as a domain controller within the network, managing the Active Directory domain and ensuring all client machines can authenticate and communicate within this domain environment.

3. Installation of Windows Server:

• Operating System Installation: A VM will be installed with Windows Server (e.g., Windows Server 2019 or 2022) to act as the domain controller. This server will host the Active Directory Domain Services (AD DS) role, which is responsible for managing the domain.

• Active Directory Setup: After installation, the AD DS role will be configured on the server, establishing a new domain (e.g., lab.local) to which client machines will be added. This will involve setting up the forest, domain name, and additional configurations necessary for AD functionality.

4. Installation of Windows Client Operating Systems:

• Client VMs: Separate virtual machines running Windows 10 or Windows 11 will be created to act as domain-joined clients. These VMs simulate the workstations and laptops typically found in an enterprise environment.

• Domain Joining Process: Each client machine will be configured to join the domain established on the Windows Server. This will allow administrators to apply security policies, manage user accounts, and enforce permissions from a central location.

• User and Group Policies: Once the clients are added to the domain, group policies and security configurations can be applied to these machines from the domain controller, replicating a realistic enterprise control setup

Expected Outcome

At the end of this setup phase, I will have a functioning Active Directory environment that replicates a small enterprise network. This environment will consist of:

• A centralized Windows Server configured as the domain controller and managing AD services.

• Multiple Windows client machines integrated into the domain, ready for AD management tasks, policy enforcement, and security configurations.

• A secure network configuration that isolates the lab environment and facilitates controlled testing and experimentation with AD management and security practices.

This lab environment will provide a comprehensive foundation for experimenting with AD administration, configuring user and group permissions, applying security policies, and identifying potential vulnerabilities within the domain, all while documenting each step for reference and learning.

---

🔧 Step 1: Installation of Virtual Machines (VMs)

Download the Virtual box at Oracle website.

Download VirtualBox from Oracle’s website , including both the Oracle VM VirtualBox Base Package (version 7.0.22) and the Extension Pack. The Extension Pack adds support for additional features like USB 2.0/3.0 devices, VirtualBox RDP, disk encryption, and more, which are useful for enhancing the virtual environment.

Select the Windows installation option base on the running OS, I’m running Windows. I choose VirtualBox version 7.0.20 as my virtualization software.

Installation Process:

Navigate to the Downloads folder and double-click the VirtualBox installation file. A setup window will appear, and click Next to begin the installation process.

At this stage, choose the default file location for installing VirtualBox files. Alternatively, select a preferred location if needed, and then click Next to proceed.

Ignore this warning and click Yes to continue.

For VirtualBox to install properly, it requires certain dependencies, such as Python Core and win32api. Click Yes to confirm the installation of these dependencies.

Continue clicking Next through each setup stage to the final screen, and then click on Finish to complete the installation.

We have successfully installed VirtualBox.

Network and System Configuration in VirtualBox

The VM open with its default network settings. The Network Adapter is set to Host-only Ethernet Adapter, with a default IP address configuration of 192.168.56.1/24.

Creating the Windows Server VM and Its Configurations

Click on "Machine" at the top-left corner of VirtualBox and then select "New."

These are the default settings.

Name the VM "Windows Server 2022" for easy identification.

Next, navigate to the drive, where the Server ISO file was stored.

Select "Skip Unattended Installation" because we to manually configure the VM and maintain full control over its settings.

Then click Next to continue.

Increase the RAM to 4 GB for this server if you have enough RAM. My host system has 16 GB of memory, so 4GB is fine.

I will allocate 2 CPUs to the VM since my host has a total of 8 CPUs.

Then click Next to proceed.

Increase the disk size to what suitable for you storage. I used 100 GB since I have 1 TB of available storage space.

Then click Next to continue.

Confirm all settings and Click on “Finish”

After successfully setting up the server, Let modify the network settings by clicking on Settings at the top center of VirtualBox. Then, Select the "Network" tab to change the network settings.

In the Network section, Let change the adapter to NAT Networking. we choose this option because we want our VM to communicate with other VMs and access the internet, while preventing communication with other VMs or PCs that are not on the same NAT Network.

In the Advanced section, Select the local interface as the adapter type, set the Promiscuous Mode to "Allow All," and click OK to save the changes.

Windows Server Installation Process started

Click the "Start" arrow to begin the installation process.

Leave all settings at their default values, click Next, and then click Install to proceed.

Select Windows Server 2022 Datacenter Evaluation (Desktop Experience) since this is an enterprise lab setup and we will prefer using the desktop environment for its user-friendly interface.

Click Next to continue the installation process.

Accept the license terms and click on “Next”

Select Custom installation since this is a fresh installation and we are not upgrading from a previous operating system.

Use the entire disk that we previously allocated for this VM, since we do not need to partition it.

Click Next to proceed.

The installation continue, and after this finish, the server automatically restart twice.

Continue customizing some settings. Since this is a server, the default account name is "Administrator."

Enter any password of your choice, re-enter it for confirmation, and then click Finish to complete the setup.

Installation Complete.

AT the top-left corner, Click on Input, then select Keyboard, and choose Insert Ctrl+Alt+Delete.

Next, Enter the Administrative Password and Click Enter.

After successfully signing in, a window pop-up asking whether to allow other devices on the same network to discover our server. Click Yes because we want our Windows clients to be able to find the server.

---

🌐 Step 2: Installation and Configuration of Windows 10 Client

The configuration and network settings for the Windows 10 client are the same as those used for the Windows Server 2022 VM, and the installation process for the operating system is also similar. Therefore, we follow the same steps.

Name the VM "Windows 11," allocated 4 GB of RAM, set the disk size to 70 GB, and configured the network adapter to NAT Networking.

Continue following the same steps until the installation process began.

Leave all settings at their default values.

When the installation is complete, the system will restart twice.

Set the region to our country, select US as the keyboard layout or the appropriate keyboard layout for your PC, and continue.

Click on Sign-in options and choose Domain Join Instead.

Set the account name to "User" since we will be creating multiple accounts on the domain.

Click Next and accept the license terms.

The installation has been completed.

---

🏛️ Step 3: Installing Active Directory Domain Services

• Roles and Features installation

• Promoting the server to a domain controller

• Creating the domain (e.g., lab.com)

To install the Active Directory Roles and Features, Open the Server Manager Dashboard.

At the top-left corner of the Dashboard, click Manage. Then, select Add Roles and Features.

Leave all settings as default and click Next.

By default, Role-based or feature-based installation was selected, so simply click Next to continue.

Here, the server's IP address is shown as 192.168.10.8/24.

Open the Command Prompt (CMD) and use the command ipconfig /all to verify the IP address and subnet.

After confirming the IP address, click Next with the default settings.

Select the necessary roles for this project. For each role consider reviewing the Description section to better understand its purpose.

Click on a role, a pop-up window appeared prompting to add the required features for that role, so select Add Features.

When attempting to add the DHCP Server Features, a warning window popped up, indicating that no static IP address was set for the server. To resolve this, let cancel the process and update the server IP configuration to a static.

Changing IP Configuration to a Static IP.

Open Settings by searching for it on the Windows search bar.

Then, clicked on Change adapter options.

Right-click on Ethernet and select Properties.

Click on Internet Protocol Version 4 (TCP/IPv4) and then select Properties.

In the new window, choose “Use the following IP address” and enter the static IP for the server.

Finally, click OK and Close to apply the changes.

Return to the Selected Server Roles page, click on DHCP Server, and then select Add Features. After the features are successfully added, Click Next to continue.

Leave all other settings as default and click Next to proceed.

Click Next and Next again to continue.

Click Next and Next again to continue.

Confirm all the selected roles and click Next, Next and Next to proceed.

Select Automatic restart and confirm by clicking Yes, then click Install to begin the installation process.

Wait for the installation process to complete and then click Close.

Click on Tools to verify that the tools have successfully installed, and then restart the server.

Domain Controller (DC) Configuration:

At the top of the Server Manager window, click on the yellow error flag and select Promote this server to a Domain Controller.

Select Add a new Forest since this is a new Domain Controller setup. Then enter the Domain Name as lab.com and click Next.

Enter the Directory Services Restore Mode (DSRM) password and Leave all other settings as default.

Then click Next.

Ignore the warning and click Next and Next.

leave everything as default and click Next.

Here, click on View script, which display a PowerShell automated script that can also be used to promote the server to a Domain Controller (DC).

Clicked Next to proceed with a manual setup.

Encountering this issue due to the Certificate Service we installed. Since we don't need it for this lab, let’s uninstall it.

To uninstall this, go to the Server Manager Dashboard, click on Remove Roles and Features to remove the “Certificate Services and Rights Management Services roles and features”, then clicked on Next.

Continue clicking Next till the end, and then click Remove.

After the removal completed, Start the process of promoting the server to a Domain Controller (DC).

The Prerequisites Check was successful.

Click on Install

The Domain Controller was successfully setup.

---

🗂️ Step 4: Joining a Windows 11 Client to a Domain

Joining a Windows 11 Client to the Domain (lab.com):

Due to limited hardware resources like memory and CPU, I decided to install the Windows 11 client on a separate host. Additionally, I changed the network settings to a "Bridged adapter”, allowing VMs from other hosts to communicate with it.

Use the ipconfig /all command to verify the IP address of the Windows client to ensure it is on the same network as the domain. Also, use the ping command to check network reachability.

Use the Windows search bar to find Settings. On Settings, Select “Rename this PC” to give the computer a more recognizable name.

Enter the new name as Client-1 and click Next to proceed.

After renaming the PC, restart it to apply the changes.

Update the DNS configuration on the Client-1 PC to point to the Domain Controller's IP address.

To join Client-1 to the domain, open “File Explorer.”

Click on System Properties and select Domain or Workgroup settings.

Click on Change in the System Properties window. Under Member of, select Domain and entered the domain name "lab.com." Then, click OK to proceed.

On the Windows Security window, enter the domain username "Administrator" and the associated password. After filling in these credentials, click OK to continue.

Client-1 has successfully joined to the domain.

I click on "OK" to restart my PC.

And finally, click on "Restart Now."

Confirm on the Domain Controller.

On the server, open the Server Manager Dashboard, click on “Tools,” then select “Active Directory Users and Computers.”

Click on the Domain name “lab.com,” and then select “Computers.”

There, confirm that the Client-1 PC has successfully joined to the domain.

👤 Step 5: Users, Groups and Organizational Units Creation

Creating Organizational Units

Navigated to the Server Manager Dashboard and click on Tools, then select Active Directory Users and Computers.

In the new window, click on View and enable Advanced Features. This option provides additional settings and controls, allowing access to more advanced configuration options.

Start by creating Organizational Units (OUs) such as IT Department, Finance Department, and HR Department. To accomplish this, right-click on the domain name “lab.com,” select New, and then click on Organizational Unit.

Enter the name of the unit we want to create, “IT Department,” and ensure that “Protect container from accidental deletion” is check to prevent any unintended deletion, and then click OK to create the unit.

Repeat the same process to create additional organizational units, such as the Finance Department and HR Department.

Creating Users in Active Directory

In Active Directory (AD), there are two primary methods for creating users:

1. Copy Method: This approach is useful for creating new users who will have the same attributes as an existing user within the same group or organizational unit. It helps save time and reduces repetitive tasks.

2. Manual Creation: This method involves manually inputting all attributes for a new user, which is ideal when the new user requires unique attributes.

Using the Copy Method:

Start by creating the IT Department Admin using the Copy method since we want the IT manager to inherit all attributes of the Domain Administrator. Here’s how we can do it:

Navigate to the Users folder.

Right-click on the existing Administrator account.

Select Copy to duplicate the account with the desired attributes.

Filled in all the account information, including the username, password, and other required details for the new IT Department Admin. After ensuring all fields are completed accurately, click on Next to proceed.

Set the account password, ensuring it meet with the required complexity standards, and leave all other settings at their default configurations. Once the password is set, click on Next to continue.

Review the account information carefully to ensure accuracy, then click on Finish to complete the account creation process.

After successfully creating the first user, click on the user, hold down Ctrl, and drag the cursor to the IT Department. This action moved the user from the Users folder to the IT Department.

Next, use the second method, which is manually creating a user.

Right-click on IT Department, navigate to New, and then click on User.

Create a new user call “Helpdesk” and click on Next after entering the username.

Set the user's password, ensure that the user must change the password at the next login, and then click on Next.

Verify the user information and click on Finish.

To edit user settings, right-click on the user and then select Properties.

This is the General setting of the account

Chang to the Organization tab, fill in all the necessary information, and in the Manager field, click on “Change”, then search for the user we want to be the manager of this account, which is the IT Manager's account we created, and click on “OK.”

Click on the Object tab to verify the account information, then click on Apply and OK to save the changes.

This process continue with other users from different units. Repeated the steps for each user, carefully configuring their details and assigning the appropriate manager to each account.

Confirmation of Accounts

On Client-1, each user successfully confirm access to their accounts, verifying that permissions and settings were correctly applied.

Creating Groups

To organize users within departments, begin by creating a group for the IT department.

Select the "IT Department," right-click to access additional options, navigate to “New,” and select"Group."

Enter “IT Group” in the Group Name field, leave all other settings as default, and click “OK” to create the group.

Add members to the group, such as "Dauda" and the "Helpdesk" accounts.

To do this, click on the Members tab and select Add.

On the new window, search for the account name we want to include, click on Check Names to confirm the account, and then click OK to add it to the group.

Select the Object tab and check the Protect object from accidental deletion box. This setting helps to prevent accidental removal of the group.

Navigate to the Security tab to set the appropriate security permissions for the group. Once all settings are configured, click Apply and then OK to save the changes.

Repeat this process to create additional groups for the HR and Finance departments, ensuring each group have the necessary permissions and members assign accordingly.

---

🔐 Step 6: Group Policy Configuration (GPO)

Applying Group Policies.

To apply group policies, open the “Server Manager” navigate to the “Tools” area and select the “Group Policy Management”

Start by creating “Account Lockout Policy” for all users and computers. For the sake of limited hardware resources, we will create only one Clients. Therefore the single client is used for all objects.

Creating an “Account Lockout Policy”

Why?

Applying an Account Lockout Policy is an important security measure designed to prevent unauthorized access to accounts within a domain. Here’s why it's beneficial:

• Protection Against Brute-Force Attacks: An account lockout policy helps protect against brute-force attacks, where an attacker attempts multiple password guesses to gain access to user accounts. By limiting the number of failed login attempts, it reduces the risk of attackers guessing passwords through repeated attempts.

• Mitigates Insider Threats: In addition to external threats, an account lockout policy helps guard against potential misuse by insiders who may try to access unauthorized accounts within the network.

• Alerts to Potential Security Incidents: Frequent account lockouts can signal attempted unauthorized access. Administrators can investigate repeated lockouts as potential indicators of attempted attacks or misconfigurations in the system.

• Maintains Compliance: Many organizations must adhere to security standards and compliance requirements (e.g., HIPAA, PCI-DSS, and ISO standards) that mandate controls for user authentication, including account lockout settings.

• Enhances Security for Remote Access: With many users accessing corporate networks remotely, account lockout policies add an extra layer of security against external login attempts that could compromise sensitive resources.

However, while an account lockout policy enhances security, it must be configured with balance. Setting the lock out threshold too low can lead to users being locked out by accidental login mistakes, while setting it too high may not provide adequate protection against guessing attacks.

To set this policy, right-click on the “Default Domain Policy” and then click on “Edit.”

Here, navigate from “Computer Configuration” to “Account Policy” and then select “Account Lockout Policy.”

Edit the policy settings.

These are the final policy settings:

Creating Password Policy

Why?

Creating a Password Policy is essential to secure accounts and protect sensitive information within an organization’s network. Here are the key reasons for implementing a password policy:

• Prevents Easy-to-Guess Passwords: A strong password policy requires users to create complex passwords that are difficult for attackers to guess or brute-force. By enforcing length, character variety, and other requirements, the policy reduces the chances of weak passwords like "password123" or "admin."

• Protects Against Unauthorized Access: Password policies prevent unauthorized access by ensuring that each user account has a secure password. This makes it harder for attackers to break into accounts and gain access to sensitive resources or systems.

• Reduces Impact of Phishing Attacks: By enforcing regular password changes, the policy limits the effectiveness of phishing attacks. Even if a password is stolen, requiring users to update passwords regularly reduces the timeframe an attacker can use it.

• Limits Risks of Reused Passwords: Password policies can prevent users from reusing passwords. Since reused passwords are often used across multiple sites, preventing reuse reduces the risk if another site suffers a data breach that exposes passwords.

• Supports Regulatory Compliance: Many regulations and standards (like GDPR, HIPAA, and PCI-DSS) require organizations to implement password policies as part of their security protocols to protect customer data and sensitive information.

• Mitigates Insider Threats: A strong password policy also protects against potential threats from insiders by ensuring all users follow the same security standards, reducing the likelihood of weak or shared passwords that could lead to unauthorized access.

• Encourages Good Security Habits: A password policy can serve as an educational tool, helping users understand the importance of strong passwords and encouraging better password management practices, such as avoiding common passwords and using secure password storage methods.

By implementing a password policy, organizations can enforce security standards that protect their systems, maintain compliance, and encourage users to follow good password practices, ultimately strengthening overall network security.

To do this, clicked on “Password Policy” and edit the “Policy Settings.”

Here are the edited “Policy Settings”:

Set up a CMD Disable Policy to prevent users from running the command line.

Navigate to the “System Policy” under User Configuration, and then click on “Prevent access to the Command Prompt.”

Select “Enabled,” click on “Apply,” and then click on “OK.”

These are few of the policies created.

---

🧪 Step 7: Create a Share Folders and Files

Creating a Shared Drive

Creating a shared drive allows multiple users or departments to access and collaborate on files centrally stored on the server. This improves data organization, ensures consistent backups, and facilitates controlled access through permissions, enhancing both security and efficiency within an organization.

On the Server Manager Dashboard, click on "File and Storage Services".

When the new window open, click on "Shares",

On "Tasks", select "New Share".

Choose "SMB Share - Quick" for a simple and efficient setup.

Here, select the share location and click on "Next".

On the Share Name page, enter the name of the folder we want to share and click on "Next".

On the Other Settings page, enable Access-Based Enumeration and Allow Caching of Share, then click on "Next".

On the Permissions page, click on Customize Permissions to adjust the permission settings according to our requirements. After configuring the permissions, click "OK".

Review and confirm all the settings to ensure they are correct. Once satisfied, click "Finish" to complete the setup process.

The process completed successfully, and we will receive a confirmation message.

Click "Close" to exit the setup window.

On the client PC, right-click on "This PC" and select the "Map network drive" option.

In the dialog box, enter the full path of the shared folder that we created to map by typing it in or clicking "Browse" to locate it.

Check the "Reconnect at sign-in" option to ensure the drive would automatically reconnect each time the user signed in.

Finally, click "Finish" to complete the mapping process.

The shared drive mapping has successfully completed on the client PC.

Confirm access to the shared folder.

The mapped network drive is now visible under "This PC" and can be accessed seamlessly.

This marks the successful completion of the project, showcasing the creation and implementation of key Active Directory configurations, user and group management, policy setups, and shared drive access.

All objectives were achieved, ensuring a well-structured and secure environment.

---

📚 Project Summary

Active Directory (AD) Project Summary

This project involved setting up and managing a Windows Server Active Directory (AD) environment, integrating a Windows 11 client, and implementing various administrative configurations. The goal was to demonstrate expertise in configuring and managing domain services, user and group administration, security policies, and shared resources tailored to organizational requirements.

Key Steps and Achievements:

• Domain Configuration and Client Integration:

  Installed and configured a Windows Server AD domain named lab.com.

  Successfully joined a Windows 11 client (Client-1) to the domain after verifying network connectivity using tools like ipconfig and ping.

• Organizational Unit (OU) Setup:

  Created OUs for core departments: IT, Finance, and HR.

  Enabled protection against accidental deletion for all OUs to prevent misconfigurations.

• User Account Management:

  Used two methods for creating user accounts:

  Copy Method: Efficiently created accounts with similar attributes, such as creating an IT admin account based on the domain administrator.

  Manual Method: Created unique accounts, including Helpdesk staff, with tailored settings. Configured organizational and account properties for each user, including assigning managers for proper hierarchy.

• Group Management:

  Created security groups for each department (e.g., IT Group, HR Group, Finance Group) to streamline resource and policy management.

  Assigned appropriate members to each group and set security permissions.

  Protected group objects from accidental deletion and customized group permissions to ensure secure access to shared resources.

• Policy Implementation:

  Configured department-specific desktop wallpaper policies to maintain uniformity and professionalism. Implemented a Wallpaper Policy to prevent users from changing their desktop backgrounds.

  Enforced critical security policies, including:

  Account Lockout Policy: Locked accounts after multiple failed login attempts to mitigate unauthorized access risks.

  Password Policy: Ensured password complexity and expiration settings for enhanced security.

  Disable CMD Policy: Prevented unauthorized use of the Command Prompt for standard users to reduce potential system misuse

• Shared Drive Setup:

  Configured shared folders for each department (IT, HR, Finance) using the SMB Share - Quick method. Enabled advanced features like access-based enumeration and caching for optimized performance and security.

  Customized permissions for each department's shared folder to ensure only authorized users had access.

  Mapped shared drives on client machines, enabling seamless and automatic reconnection during user sign-ins.

• Results and Verification:

  Verified the successful creation and configuration of user accounts, OUs, groups, and shared resources.

  Ensured each department had access to its respective shared drive, with proper permissions and automatic reconnection.

  Confirmed policy enforcement, including uniform wallpapers and restricted desktop background changes, across all client devices.

---

🔭 Recommendations for other Resources:

To further enhance the functionality, security, and efficiency of this Active Directory (AD) environment, the following recommendations are suggested:

• Visit the TCM Security Helpdesk course at their academy for free.

---

💬 Final Thoughts

This project demonstrated a robust and structured approach of setting up and managing an Active Directory environment. By integrating domain services with tailored policies and resource management, it showcased essential IT administration practices. The implementation of security measures, shared resources, and departmental policies reflects a comprehensive understanding of enterprise-level IT infrastructure management. These skills are vital for effectively managing and securing organizational IT environments.

---