z3tssu
  • README
  • Cybersecurity Certifications & Notes
    • Cybersecurity Knowledge Base
      • IPPSEC's Video Search for Hacking Methods
      • Finding Someone's Location with Seeker
      • Nishang Project
      • Hacktricks
    • 📜Certifications & Courses
      • 🟢Hackthebox - CPTS
        • Getting Started
          • General
          • Tmux
          • Vim
          • Service Scanning
        • Penetration Testing Process
        • Network Enumeration with Nmap
          • Host Discovery
          • Host and Port Scanning
          • Saving the Nmap Scanning Results
          • Service Enumeration
          • Nmap Scripting Engine
            • Update the Scripting Engine
            • Nmap Script Locations
          • Performance Tags
          • Firewall and IDS/IPS Evasion
        • 👣Footprinting
          • 🔎Host-Based Service Enumeration
            • FTP [21]
              • Basics
                • vsFTPd Detailed Output
                • Hiding IDs - YES
              • Footprinting FTP
                • Nmap FTP Script Scanning
                • Service Interaction
              • FTP Commands
            • SMB [139/445]
              • Basics
                • Default Configuration
                • Create and Manage Samba Share
                • smbstatus
              • Footprinting SMB
                • SMB Nmap Scan
                • Smbclient
                • RPCclient
                  • Useful Commands
                  • Basic Enumeration
                  • Enumerate Users
                  • Group Information
                  • Bruteforcing User RIDs
                • smbmap
                • CrackMapExec
                • Enum4Linux-ng
            • NFS [111,2049]
              • Basics
                • Default Configuration of NFS
                • Creating an NFS Entry
                • Dangerous Settings
              • Footprinting NFS
                • nmap
                  • Basic Scan
                  • NFS Script Scan
                • Mount an NFS Share
                • Unmount NFS
            • DNS [53]
              • Basics
                • DNS Records
                • Default Configuration
                • Dangerous Settings
              • Footprinting DNS
                • DIG - NS QUERY
                • DIG - Version Query
                • DIG - Any Query
                • DIG - AXFR Zone Transfer
                • DIG - AXFR Zone Transfer - Internal
                • Subdomain Bruteforcing (For Loop with Seclists)
                • Subdomain Bruteforce (DNSenum)
            • SMTP (25,587)
              • Telnet SMTP
                • Telnet - HELO/EHLO
                • Telnet - VRFY
                • Telnet - Send an Email
              • Nmap Telnet
              • FTP User Enumeration
            • IMAP/POP3 [110,995,143,993]
              • Default Configuration
            • SNMP[161]
            • MySQL [3306]
            • MSSQL [1433]
            • Oracle TNS [1521]
            • IPMI [623]
            • SSH [22]
            • Rsync [873]
            • R-Services [512, 513, 514]
            • RDP [3389]
            • WinRM [5985, 5986]
            • WMI [135]
          • Introduction
            • Enumeration Principles
            • Enumeration Methodology
          • Infrastructure Enumeration
            • Domain Information
            • Cloud Resource
            • Staff
        • 🕸️Web Information Gathering
          • 🤷‍♂️WHOIS
          • 🧬DNS
            • 🧬DIG
          • 📚Subdomain Enumeration
            • DNS Zone Transfer
            • Sub Domain Bruteforcing
            • Virtual Hosts
              • Gobuster vhosts brutefoce
              • Add Vhosts to /etc/hosts
            • Certificate Transparency Logs
          • 🖐️Fingerprinting
            • Banner Grabbing
            • Web Application Firewall (Wafw00f)
            • Nikto
          • Crawling
            • robots.txt
            • .Well-Known URIs
            • Popular Web-Crawlers
              • Scrapy (ReconSpider)
              • Apache Nutch (Scalable Crawler)
              • Burp Suite Spider
              • OWASP ZAP (ZED Attack Proxy)
          • 🔥Automating Recon
            • FinalRecon
          • 🔍Search Engine Discovery
            • 🔍Google Dorking
            • 🔍Search Operators
          • Web Archives
          • Questions
            • Question 4
            • Question 5
        • Vulnerability Assessment
          • Vulnerability Scanning Tools
            • Nessus
              • Installing and Starting Nessus
              • Nessus Scan Types
              • Nessus Polices
                • Creating a Nessus Policy
              • Nessus Plugins
                • Creating a Plugin Rule
              • Credentialed Scanning
                • HTB Credentials for Nessus
              • Exporting Nessus Scans
              • Scanning Issues
            • OpenVAS
              • Installing OpenVAS
              • OpenVAS Scan
              • Exporting Scans
            • Nexpose
            • Qualys
          • Security Assessments
          • Vulnerability Assessment
          • Assessment Standards
          • Common Vulnerability Scoring System (CVSS)
          • Common Vulnerabilities and Exposures (CVE)
            • Open Vulnerability Assessment Language (OVAL)
          • Reporting
        • 📂File Transfers
          • File Transfer Methods
            • Windows File Transfer Methods
              • ⬇️Download Operations
                • 🪟 PowerShell Base64 Encode & Decode
                • 🌐 PowerShell Web Downloads -
                • 📦 SMB Downloads
                • 🌐 FTP Downloads
              • ↗️Upload Operations
                • 🔐 Encode File Using PowerShell
                • 🌐 PowerShell Web Uploads
                • 🧬 PowerShell Base64 Web Upload
                • 🌐 SMB Uploads with WebDAV Twist
                • 📡 FTP Uploads
            • Linux File Transfer Methods
              • Download Operations
                • 📦 Base64 Encoding / Decoding for File Transfers
                • 🌐 Web Downloads with Wget and cURL
                • 💣 Fileless Attacks in Linux – Execute Directly
                • 🐚 Download with Bash using /dev/tcp
                • 🔐 SSH Downloads with scp
                  • More Usage on SCP
              • Upload Operations
                • 🌐 Web Upload with HTTPS 🚀
                • 🛠️ Quick Web File Transfer Method
                • 🔄 SCP Upload
            • Transferring Files with Code
              • Downloading Files
              • Uploading Files
            • Transfer Files with Netcat, Ncat, RDP
            • Powershell Session File Transfer
            • RDP File Transfer
            • Protected File Transfers
            • Sending Files over HTTP/S
            • Upload and Download with Built in OS Tools
          • Detect or Be Detected
            • Detection
            • Evade Detection
        • 🐚Shells & Payloads
          • The Shell Basics
            • Bind Shell
            • Reverse Shell
          • Creating Payloads
            • Introduction to Payloads
            • Metasploit Payloads
            • Crafting Payloads with MSFvenom
          • Infiltrating Windows
            • 🛠️ MS17-010 EternalBlue
          • Infiltrating Unix/Linux
            • 🐍 Spawning a TTY Shell with Python
            • Spawing Interactive Shells
          • Web Shells
            • 🧪 Laudanum – "One Web Shell to Rule Them All"
            • 🧠 Antak Webshell + ASPX Concepts
            • 🐘 PHP Web Shells
            • Shells & Payloads - The Live Engagement
          • Detection and Prevention
        • 👾Metasploit
          • Introduction
            • 🧰 Introduction to Metasploit Framework (MSF)
            • MSF Engagement Structure
          • MSF Components
            • 🧰 Modules
            • 🎯 Targets
            • 🧠 Payloads
            • 🔧 Encoders?
            • 🗄️ Database
            • 🔌 Plugins
          • MSF Sessions
            • 🔁 Sessions
            • 🛠️ Meterpreter
          • Additional Features
            • 🛠️ Installing & Importing Custom Metasploit Modules
            • 🧠 Porting Scripts into Metasploit Modules
            • 💥 Introduction to MSFVenom
            • 🛡️ Firewall and IDS/IPS Evasion
        • ⚔️Password Attacks
          • Where Credentials are Stored?
          • John The Ripper
          • Remote Password Attacks
            • 🖥️ Network Services
              • WinRM [5985, 5986]
              • SSH [22]
              • RDP [3389]
              • SMB [139,445]
              • Questions
            • 🔐 Password Mutations & Wordlist Generation
            • 🔐 Password Reuse & Default Passwords
          • Windows Local Password Attacks
            • Attacking SAM (Security Account Manager)
            • Attacking LSASS
      • TCM Security - PNPT
      • Cisco Ethical Hacker
      • Introduction to Hacking Methodology
    • Pentesting Services
    • Pentesting Web
      • CBBH
      • TCM Security - Practical Web Hacking
    • Pentesting Wi-Fi
      • OSWP
      • Wireless Penetration Test (WPA2)
    • Pentesting Cloud
    • Network Defense
      • Blue Team Level 1
    • 🐍Scripting with Python
    • ☢️Active Directory Penetration Testing
      • Initial Attack Vectors
      • Post Compromise Enumeration
    • Cybersecurity Job Skills
      • Information Security Officer Guide
    • 🔍IP Address Investigation
      • WHOIS
      • Reverse DNS
      • Geolocation of the IP
      • Check If IP is Active and has Services Running
      • Check the IP Reputation
      • Check Passive DNS History
      • Confirm the Actual Server Location
    • Cybersecurity Projects
      • Wireless Penetration Test (WPA2)
      • AWS Honeypot
      • SOC Analyst Home Lab
      • Threat Management with Wazuh SIEM
    • Cybersecurity Books
    • 🔄SOC
  • IT Certifications & Notes
    • Certifications
      • MS-900 Microsoft 365 Fundamentals
        • Describe Microsoft security and compliance capabilities
          • Describe the functions and identity types of Microsoft Entra ID
          • Describe access management capabilities of Microsoft Entra
            • Introduction
            • Describe Conditional Access
            • Describe Global Secure Access in Microsoft Entra
            • Describe Microsoft Entra roles and role-based access control (RBAC)
      • CISSP
      • ITIL
        • ITIL 4 Foundations
      • CCNA
        • David Bombal - Udemy
        • CCNA Training - Jeremy's IT Lab
          • Resources
          • Cisco Packet Tracer Labs
            • Cisco Packet Tracer Overview
            • Packet Tracer Lab 1
      • MCSE Certification Options
      • AZ-900
    • IT Projects & Training
      • Windows Server 2016 - Active Directory Lab Build
      • Windows Server 2022 Fundamentals
        • Introduction to Server Manager
          • Installing and Configuring Server Manager
          • Creating a VM on Microsoft Azure for Server 2022
        • Introduction to Active Directory
          • Active Directory and Setting up
          • Active Directory Overview
          • Delegation Rights for Active Directory
          • Active Directory Administrative Center
          • Common cmd commands for IT Support
        • Group Policy Management
          • How to apply basic GPO
        • Introduction to Share Folders
          • Creating Share Folders on Server Manager
          • Share Folder Permissions for Users
          • Map a Network Drive (locally)
          • Map a Network Drive through Active Directory
        • Understanding Windows/Common AD Issues
          • Installing RSAT Tools
          • Joining a PC to the Domain
        • Real Life IT Support Issues
          • When a User Gets locked out their accounts
          • Change Password of a User
      • Office 365 For IT Support
        • Office 365 Overview
      • Microsoft Azure Training
        • Getting Started in the Azure Portal
        • Introduction to Microsoft Azure Services
        • Basic Usage of Azure Services
        • Azure Deploy Sql Database Overview
        • Azure AD Connect Overview
        • Azure Microsoft File Share/Map Drives
        • Deploy Windows 11 to Azure
        • Microsoft Azure Basic Fundamentals (Azure Active Directory)
        • Introduction to Vnet (Overview)
        • Microsoft Azure Network/Security
        • Microsoft Azure Tagging (Final Course)
      • Networking Projects with Cisco Packet Tracer
        • Build a Basic Network
        • Webserver Project
      • Setup and Router and Switch
    • IT Knowledge Base
  • CTF/Box WRITEUPS
    • Tryhackme
    • HTB
      • Footprinting Lab - Easy
      • Footprinting Lab - Medium
      • Footprinting Lab - Hard
      • Nessus Skills Assessment
      • OpenVAS Skills Assessment
      • Tier 0
      • Tier 1
  • Cryptocurrency/Blockchain
    • Cryptocurrency Investigation
    • Certifications
      • Certified Blockchain Security Professional
Powered by GitBook
On this page
  • How to Build an Active Directory Lab
  • Lab Overview and Requirements
  • Lab Setup Overview
  • Downloading Necessary ISOs
  • Active Directory Lab: Downloading Windows ISOs
  • Setting Up the Domain Controller
  • Windows Server 2019 Domain Controller Setup
  • Setting Up the User Machines
  • Windows 10 User Machine Setup for Active Directory Lab
  • Setting Up Users, Groups and Policies
  • Domain Controller Configuration for Active Directory Lab
  • Joining Our Machines to the Domain
  • Windows 10 User Machine Domain Join and Local Admin Configuration
  1. IT Certifications & Notes
  2. IT Projects & Training

Windows Server 2016 - Active Directory Lab Build

PreviousIT Projects & TrainingNextWindows Server 2022 Fundamentals

Last updated 3 months ago

How to Build an Active Directory Lab

Sean Nanty (z3tssu)Nov 7, 20248 min read

Hello, my name is Sean Nanty and below is my notes on how to setup an Active Directory Lab, including how to setup the Windows Server Domain Controller, Setting up two Windows 10 machines, setting up users, groups and policies and finally joining these machines to the domain.

Lab Overview and Requirements

Lab Setup Overview

Lab Components:

  • Machines:

    • 1 Windows Server 2019

    • 2 Windows 10 Enterprise machines

    • 1 Kali Linux machine (attack machine)

System Requirements:

  • Disk Space: 60 GB minimum

  • RAM:

    • Minimum: 16 GB total for the lab

    • Recommended: 32 GB for optimal performance

    • Per Machine Allocation:

      • 2 GB RAM for each virtual machine (Windows Server, Windows 10 instances, and Kali Linux)

      • 8 GB total for VMs, plus RAM for base OS

Tips for Lower Specs:

  • If 16 GB RAM is unavailable, it's still beneficial to follow along, take notes, and practice with the tools as much as possible.

  • Additional resources:

    • Some exercises may utilize Hack the Box machines for hands-on practice.

Recommendations:

  • Building a Lab: Ideal for users meeting hardware requirements to build and understand the lab environment.

  • Alternative Hardware: Purchasing a low-cost server (e.g., from eBay) to meet lab requirements is an option.

  • Engagement: Even without full specs, follow along to understand lab structure, attack methodologies, and reasoning behind each setup step.

Next Steps:

  1. Download Required Files: Start gathering necessary files for the lab.

  2. Build the Lab: Begin setting up virtual machines as per the lab design.

Downloading Necessary ISOs

Here are the notes summarizing the steps to download the necessary Windows ISOs for the Active Directory lab setup:

Active Directory Lab: Downloading Windows ISOs

Steps to Download ISOs

  1. Access Microsoft Evaluation Center:

    • Search for "Microsoft Evaluation Center" on Google.

    • Click on the first link to access the site.

  2. Download Windows 10 Enterprise ISO:

    • Navigate to "Windows 10 Enterprise" and open in a new tab.

    • Follow the prompts to download the ISO.

    • License: 90-day evaluation period. Expired licenses still function for lab purposes (shows a warning but remains usable).

    • File Size: ~4.6 GB

    • Instructions:

      • Choose the 64-bit version.

      • Select English as the language.

      • Download and save the file to an appropriate location with sufficient space.

  3. Download Windows Server 2019 ISO:

    • Go to "Windows Server" and select Windows Server 2019.

    • File Size: ~4.9 GB

    • Instructions:

      • Choose English as the language.

      • Download and save the file.

Important Notes:

  • Both files are large (4.6–4.9 GB), so allow time for downloading.

  • Ensure adequate disk space for saving the ISOs.

Setting Up the Domain Controller

Here are the notes detailing the installation steps for setting up the Windows Server 2019 Domain Controller in the Active Directory lab:

Windows Server 2019 Domain Controller Setup

Step-by-Step Installation

  1. Create Virtual Machine:

    • Open the virtual machine software and click Create New Virtual Machine.

    • Browse and select the Windows Server 2019 evaluation ISO.

    • Configure settings:

      • Set OS as Windows Server 2016 (or similar if 2019 is not listed).

      • Select Standard installation.

      • Choose storage location on your main drive.

      • Allocate 60 GB of storage (split into multiple files).

  2. Configure VM Settings:

    • Uncheck "Power on this virtual machine" and complete setup.

    • In Edit Virtual Machine Settings:

      • Remove Floppy Drive to avoid install errors.

      • Set Network to NAT (shared host IP).

      • Assign 2 GB RAM (or more if available).

  3. Start and Configure Installation:

    • Power on the VM and press any key quickly to boot from the ISO.

    • Follow prompts to select language and install Windows Server 2019.

    • Choose Custom Install, allocate new space, and confirm partitions.

    • Proceed with installation (may take several minutes).

  4. Initial Setup After Reboot:

    • After installation and reboot, create an Administrator password:

      • Use a strong password format (e.g., Password@123).

    • Log in as Administrator and proceed with full-screen setup:

      • Go to Manage > Install VMware Tools for full screen support.

      • Install and restart VM as prompted.

  5. Rename Computer for Domain Controller:

    • In System Settings > Rename this PC, set a relevant name (e.g., Hydra-DC for a Marvel theme).

    • Restart the computer after renaming.

  6. Add Active Directory Domain Services (AD DS) Role:

    • Open Server Manager and go to Manage > Add Roles and Features.

    • Select Active Directory Domain Services (AD DS) and confirm features.

    • Proceed with installation and wait for completion.

  7. Promote Server to Domain Controller:

    • In Server Manager, click the flag icon and select Promote this server to a domain controller.

    • Choose Add a new forest, set root domain (e.g., marvel.local), and set a password.

    • Follow prompts and confirm paths for database, log files, and SYSVOL.

  8. Finalizing Domain Controller Setup:

    • Click Install. The VM will reboot after completion.

    • Log back in using the domain (e.g., Marvel\\\\Administrator) to confirm domain integration.

Next Steps:

  • Set up additional machines to complete the lab environment and prepare for attack simulations.

Setting Up the User Machines

Here are the notes summarizing the setup of Windows 10 user machines for the Active Directory lab:

Windows 10 User Machine Setup for Active Directory Lab

Objective

  • Set up two Windows 10 machines to serve as user machines in the lab environment. These will be used for various attack simulations in the lab.

Setup Instructions

  1. Create First Virtual Machine:

    • Open virtual machine software, click Create New Virtual Machine.

    • Select the Windows 10 ISO downloaded earlier.

    • Choose Windows 10 Enterprise edition (leave product key blank).

    • Set storage to 60 GB, split into multiple files if preferred.

  2. Edit VM Settings:

    • In Edit Virtual Machine Settings:

      • Remove Floppy Drive to avoid installation issues.

      • Set Network Adapter to NAT (shared host IP).

      • Allocate 2 GB RAM (adjust as needed based on system resources).

    • Save settings and start the VM.

    • Press any key to boot from the ISO.

  3. Windows Installation Process:

    • Select language and keyboard layout preferences.

    • Choose Custom Install and create new partitions as needed.

    • Follow on-screen instructions, then allow time for the installation to complete.

  4. Initial Setup After Installation:

    • Configure regional settings and keyboard layout.

    • Local Account Setup:

      • Choose Domain Join Instead to bypass Microsoft Account setup.

      • Enter a username (e.g., Frank Castle for themed setup).

      • Set a password (e.g., Password1 for simplicity in the lab).

    • Answer security questions as prompted (answers can be placeholders).

  5. Install VMware Tools (Optional):

    • Go to Player > Manage > Install VMware Tools for full screen support.

    • Complete the installation and restart the VM if prompted.

  6. Rename the Machine:

    • Open System Settings > Rename this PC.

    • Set a descriptive name (e.g., Punisher for a Marvel-themed lab).

    • Restart the machine to apply the new name.

  7. Repeat Process for Second Machine:

    • Create a second VM following the same steps above.

    • Choose a different name (e.g., another Marvel character) for distinction.

Next Steps

  • Once both machines are set up, they will be joined to the Active Directory domain.

  • After that, the lab environment will be ready for attack simulations.

Setting Up Users, Groups and Policies

Here are the notes summarizing the configuration steps for the domain controller, including user creation, policy setup, and enabling a file share:

Domain Controller Configuration for Active Directory Lab

Steps to Configure Domain Controller

  1. Log In to Domain Controller:

    • Use the Administrator account with previously set password.

  2. Open Active Directory Users and Computers:

    • Go to Server Manager > Tools > Active Directory Users and Computers.

    • Expand marvel.local (domain name) and view Organizational Units (OUs).

  3. Organizational Units (OU) and User Groups:

    • Create New Group OU:

      • Right-click domain > New > Organizational Unit, name it Groups.

      • Move default security groups from Users into Groups OU.

  4. Create Domain Users and Admin Accounts:

    1. Go in the Users OU, Right click > New > Users

    2. User Accounts:

      • Frank Castle:

        • Username: fcastle, Password: Password@01.

        • Disable password expiration.

      • Tony Stark (Domain Admin):

        • Username: tstark, Password: Password@01.

        • Domain Admin permissions enabled (copied from Administrator).

      • Peter Parker:

        • Username: pparker, Password: Password@01.

    3. Service Account (SQL):

      • Name: SQLService.

      • Password: MyPassword123# (noted in description field).

      • Assigned Domain Admin privileges (for testing purposes).

  5. Set Up SMB File Share:

    • In File and Storage Services > Shares:

      • Click Tasks > New Share.

      • Choose SMB Share – Quick and select C:\\\\ as location.

      • Name the share HackMe and apply default permissions.

      • We can check that it is created

  6. Set Service Principal Name (SPN) for Kerberoasting:

  7. This will be used for Future attacks

  8. Open Command Prompt as Administrator.

  9. Set SPN for SQL service (to simulate vulnerability):

setspn -a Hydra-DC/SQLService.MARVEL.local:60111 MARVEL\\SQLService

  1. Verify SPN setup:

setspn -T Marvel.local -Q /

  1. Confirm SPN registration for Kerberoasting attack later.

  2. Configure Group Policy to Disable Windows Defender:

    • Open Group Policy Management:

      • Navigate to Domains > marvel.local.

      • Right-click and Create a GPO in this domain, name it Disable Windows Defender.

    • Edit GPO Settings:

      • Go to Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Defender Antivirus.

      • Enable Turn off Windows Defender Antivirus and apply.

    • Result:

      • Windows Defender will be disabled on all domain-joined user machines to avoid interference during attack exercises.

Summary

  • The domain controller is now set up with:

    • Several user accounts (standard and admin roles).

    • An SMB share.

    • Policies to disable Windows Defender on domain-joined machines.

    • SPN configured for SQL service for future Kerberoasting simulation.

Next Steps

  • Set up user machines, join them to the domain, and enable file sharing.

  • Once complete, the lab will be ready for attack simulations.

Joining Our Machines to the Domain

Here are the notes for joining Windows 10 user machines to the domain and setting up local admin access for testing in the Active Directory lab:

Windows 10 User Machine Domain Join and Local Admin Configuration

Overview

Join the Windows 10 machines (e.g., Frank Castle’s and Peter Parker’s) to the marvel.local domain, set up network shares, and configure local administrator rights.

Steps to Join Windows 10 Machines to Domain

  1. Create Shared Folder on User Machine:

    • Go to This PC > C:\\\\.

    • Right-click > New Folder, name it Share.

    • Right-click folder > Properties > Sharing.

    • Click Share and turn on Network Discovery and File Sharing for public networks.

  2. Get Domain Controller IP Address:

    1. On the domain controller, open Command Prompt and type:

ipconfig

  • Note the IP address of the domain controller (e.g., 192.168.57.140).

  • Set DNS Server to Domain Controller IP:

    • On the user machine, go to Network and Internet Settings > Change Adapter Options.

    • Right-click Ethernet 0 > Properties > IPv4.

    • Set DNS Server to the domain controller's IP address (e.g., 192.168.57.140).

    • Leave IP Address set to obtain automatically (DHCP).

  • Join Machine to Domain:

    • Go to Settings > System > About.

    • Select Access Work or School > Connect.

    • Choose Join this device to a local Active Directory domain.

    • Enter Domain Name: marvel.local.

    • Sign in with Domain Admin Credentials (e.g., Administrator and password).

    • Restart the machine when prompted.

  • Log in as Domain User:

    • After reboot, log in as the domain user (e.g., fcastle with Password1).

Configure Local Administrator Rights

  1. Set Frank Castle as Local Admin on his Machine (The Punisher):

    • Log in as Domain Administrator on The Punisher machine.

    • Open Computer Management > Local Users and Groups > Groups > Administrators.

    • Add fcastle as a local administrator.

  2. Set Frank Castle as Local Admin on Tony Stark’s Machine (IronMan):

    • Repeat steps to log in as administrator on IronMan.

    • Add fcastle to the local administrators group on Spider-Man.

    • Also, add tstark as a local administrator on IronMan for his own access.

  3. Verify Domain Join in Active Directory:

    • Go back to the domain controller, open Active Directory Users and Computers.

    • Confirm The Punisher and Spider-Man appear under Computers in the marvel.local domain.

Summary

  • Frank Castle (fcastle) is a local admin on The Punisher and IronMan.

  • Tony Start (pparker) is a local admin on Iron-Man.

  • Network shares are set up on each machine to emulate a realistic network.

  • Machines are joined to marvel.local and ready for attack simulations.