Skip to content

Instantly share code, notes, and snippets.

@rma92

rma92/ad_nodes.md

Last active October 22, 2024 18:01
Show Gist options
  • Save rma92/cb013e85ce9b83a4130be98c03c0e2c7 to your computer and use it in GitHub Desktop.
Save rma92/cb013e85ce9b83a4130be98c03c0e2c7 to your computer and use it in GitHub Desktop.
Download ZIP
Active Directory Notes
Raw
ad_nodes.md

GUI - Find an object location in search results / dsa.msc

  • In the search window, choose "View" > "Choose Columns..."
  • Select "Published At" from "Columns avaialble", and choose "Add >>". Click "OK".
  • You may need to expand the column.

You can also find an object's location in the properties window on the "Object" tab as the "Canonical name of object."

PowerShell - Install Domain Controller

Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools
Install-ADDSForest -DomainName "Domain1.local.arpa" -DomainNetbiosName "Domain1" -SafeModeAdministratorPassword (ConvertTo-SecureString -AsPlainText "Password1" -Force) -InstallDNS

PowerShell - Find AD User

Get-ADUser -Filter 'UserPrincipalName -like "*rmarino*"'

(Name is the human name of th euser

Remove Defender

PowerShell:

Remove-WindowsFeature -Name Windows-Defender

Dism:

dism /online /disable-feature /featureName:Windows-Defender

Server Core - Disable Sconfig

Set-SConfig -AutoLaunch $false

OpenBSD - Samba DC Test

  • Install OpenBSD
  • Configure doas so your normal user can doas:
vi /etc/doas.conf
echo 'permit persist username as root' > /etc/doas.conf
Raw
setup-wds.md

Setting up a test deployment environment in VMWare Workstation

  • Turn off DHCP on the host-only network adapter in Virtual Network Editor. It uses 192.168.254.0/24, but you can use whatever IP or network you prefer.

Create a Windows Server VM to run a domain controller, DHCP, and WDS.

  • Create a VM using mostly normal settings. Make the main network adapter have NAT or however you connect VMs to the internet, and then add a second network adapter on the host-only network.
  • Set the NIC on the host only network to a static IP (no gateway, we will use the DC for routing. Don't do this in prod):
netsh int ip set address ethernet0 192.168.254.254 255.255.255.0

Install roles and DC

Install-WindowsFeature -Name AD-Domain-Services, DHCP, DNS -IncludeManagementTools
ipmo ADDSDeployment
Install-ADDSForest -DomainName "ad.lab.i.rm.vg" -InstallDNS -CreateDnsDelegation:$false -Force:$true
Restart-Coputer -Force

The computer will reboot and set up the domain controller. It would be advisable to snapshot or backup the VM at this time.

Then set up the DHCP server:

$DHCPServerIP = "192.168.254.254"
Add-DhcpServerInDC -DnsName localhost -IPAddress $DHCPServerIP
Add-DhcpServerv4Scope -Name "Scope1" -StartRange "192.168.254.100" -EndRange "192.168.254.200" -SubnetMask "255.255.255.0" -State Active
Set-DhcpServerv4Binding -InterfaceAlias "Ethernet0" -BindingState $true
Set-DhcpServerv4OptionValue -ScopeId $DHCPServerIP -Router "192.168.254.254"
Set-DhcpServerv4OptionValue -ScopeId $DHCPServerIP -DnsServer "192.168.254.254"

Setup WDS:

mkdir C:\RemoteInstall
$WDSPath = "C:\RemoteInstall"
Install-WindowsFeature -Name WDS,WDS-Deployment,WDS-Transport -IncludeManagementTools
ipmo WDS
wdsutil /Initialize-Server /Server:$env:COMPUTERNAME
copy D:\sources\boot.wim C:\boot.wim
Import-WdsBootImage -Path C:\boot.wim -NewImageName "Win2022 Boot Wim"
wdsutil /Set-Server /AnswerClients:all
Set-WdsServer -NewClientApprovalPolicy AutoApprove
Set-DhcpServerv4OptionValue -ScopeId "192.168.254.0" -OptionId 66 -Value "192.168.254.254"

Add-DhcpServerv4Class -Name "PXEClient (UEFI x64)" -Type Vendor -Data "PXEClient:Arch:00007"
#Add-DhcpServerv4Class -Name "PXEClient (UEFI x64) 8" -Type Vendor -Data "PXEClient:Arch:00008"
#Add-DhcpServerv4Class -Name "PXEClient (UEFI x64) 9" -Type Vendor -Data "PXEClient:Arch:00009"
Add-DhcpServerv4Class -Name "PXEClient (UEFI x86)" -Type Vendor -Data "PXEClient:Arch:00006"
#Add-DhcpServerv4Class -Name "PXEClient (UEFI x86) 2" -Type Vendor -Data "PXEClient:Arch:00002"
Add-DhcpServerv4Class -Name "PXEClient (BIOS x86 & x64)" -Type Vendor -Data "PXEClient:Arch:00000"

Add-DhcpServerv4Policy -Name "PXEClient (UEFI x64)" -ScopeId 192.168.254.0 -Condition OR -VendorClass EQ,"PXEClient (UEFI x64)*"
Add-DhcpServerv4Policy -Name "PXEClient (UEFI x86)" -ScopeId 192.168.254.0 -Condition OR -VendorClass EQ,"PXEClient (UEFI x86)*"
Add-DhcpServerv4Policy -Name "PXEClient (BIOS x86 & x64)" -ScopeId 192.168.254.0 -Condition OR -VendorClass EQ,"PXEClient (BIOS x86 & x64)*"

Set-DhcpServerv4OptionValue -ScopeId 192.168.254.0 -PolicyName "PXEClient (UEFI x64)" -OptionId 067 -Value "boot\x64\wdsmgfw.efi"
Set-DhcpServerv4OptionValue -ScopeId 192.168.254.0 -PolicyName "PXEClient (UEFI x86)" -OptionId 067 -Value "boot\x86\wdsmgfw.efi"
Set-DhcpServerv4OptionValue -ScopeId 192.168.254.0 -PolicyName "PXEClient (BIOS x86 & x64)" -OptionId 067 -Value "boot\x64\wdsnbp.com"

Set-DhcpServerv4OptionValue -ScopeId 192.168.254.0 -PolicyName "PXEClient (UEFI x64)" -OptionId 066 -Value "192.168.254.254"
Set-DhcpServerv4OptionValue -ScopeId 192.168.254.0 -PolicyName "PXEClient (UEFI x86)" -OptionId 066 -Value "192.168.254.254"
Set-DhcpServerv4OptionValue -ScopeId 192.168.254.0 -PolicyName "PXEClient (BIOS x86 & x64)" -OptionId 066 -Value "192.168.254.254"

Set-DhcpServerv4OptionValue -ScopeId 192.168.254.0 -PolicyName "PXEClient (UEFI x64)" -OptionId 066 -Value "192.168.254.254"
copy C:\Windows\System32\RemInst\boot\x64\wdsmgfw.efi C:\RemoteInstall\boot\x64\wdsmgfw.efi

Add-DhcpServerv4Class -Name "iPXE" -Type User -Data "iPXE"
Add-DhcpServerv4Policy -Name "PXEClient (UEFI x64)" -ScopeId 192.168.254.0 -Condition And -UserClass EQ,"iPXE"

Set-DhcpServerv4OptionValue -ScopeId 192.168.254.0 -PolicyName "iPXE Config" -OptionId 067 -Value "boot\iPXE\iPXE.conf"

The WDS server now works.

Set up WDS to use iPXE

  • Copy the ipxe.zip files to C:\Remoteinstall\boot\ (this includes wimboot.x86_64.efi, x64\snponly_x64.efi, x64\snponly_usb_x64.efi, 2PXE\Boot, 2PXE\File\logo)
  • You need to open the WDS MMC, go to Properties (for the server) > "Boot" tab > Always continue the PXE boot (for both known and unknown clients).
  • Remove Option 60 from the DHCP server, this causes WDS to hijack the DHCP requests.

Set Booting to iPXE:

Set-DhcpServerv4OptionValue -ScopeId 192.168.254.0 -PolicyName "PXEClient (UEFI x64)" -OptionId 067 -Value "boot\x64\snponly_x64.efi"

The iPXE needs internet access, so you need to create a NAT gateway

New-NetNat -Name "Nat1" -InternalIPInterfaceAddressPrefix "192.168.254.0/24"

Create an iPXE menu in REMINST\Boot\iPXE\iPXE.conf contianing:

#!ipxe
chain --autofree Boot\iPXE\boot.ipxe.conf
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment