0:09 hello everyone welcome back to the
0:11 channel and for today's video I will be
0:14 showing you an updated version of how to
0:17 set up active directory from scratch on
0:20 a Windows server on a virtual machine so
0:22 this is going to be a nice project a
0:24 home lab project for those who are
0:27 learning entry level it or wants to see
0:29 if you can set up your own active
0:32 director and see if it is for you so
0:34 this video is the start of the series
0:36 where I'll be showing you how to build
0:39 your own home project starting with the
0:41 basic active directory setup and then we
0:45 will have a series of video on GPO DNS
0:48 active directory Services file servers
0:50 print servers Windows servers Linux
0:52 servers and more so stay tuned for that
0:55 if you're interested in this video I
0:56 will show you how to install VMware
1:00 Workstation Pro install Windows server
1:03 2022 on that VM how to install active
1:05 directory tools on Windows Server we
1:07 will have an activity on basic ad setup
1:10 like creating OU and accounts I'll also
1:12 explain active directory Concepts like
1:15 OU group Scopes and group types and also
1:18 give you some tips and best practices so
1:20 if you're interested to learn how to set
1:22 up active directory from scratch on a
1:24 virtual machine please keep on watching
1:26 and without further Ado let's get right
1:29 into today's video okay so for the first
1:31 video in this series I'm going to show
1:34 you the stepbystep process on how to set
1:36 up active directory from scratch on
1:39 Windows Server 2022 on a virtual machine
1:43 which is VMware Workstation Pro and
1:44 everything will be free and we will be
1:46 using a free trial for all of this you
1:48 don't have to purchase any license for
1:50 your home lab so the first step is to
1:52 install the virtual machine that we will
1:55 be using which is a VMware Workstation
1:57 Pro I'm also going to include all of the
1:59 links that we are using here for this
2:01 video video in the description box below
2:03 if you want to try this home lab
2:06 activity so in this video I'm using
2:09 VMware Pro this is now free to use for
2:12 personal use only I chose this because
2:14 I've been using this for a while now and
2:17 you are also free to use other virtual
2:20 machines if you are used to other ones
2:22 so if you click on the link down below
2:24 it will show you the download links for
2:26 the VMware products so we are going to
2:28 be using workstation Pro in this
2:30 activity so just click on that and you
2:33 should have a login for the broadcom
2:36 this is free to register so if you don't
2:38 have the login for this you can sign up
2:41 for the account so if you don't have an
2:43 account yet just click on this click
2:46 here and then you can register your
2:49 email address in here and then it should
2:51 just register you once you filled all
2:53 the information and you should be able
2:56 to log in now okay so the username is
2:59 your email address and once you have
3:01 logged in and you will see all the
3:03 downloads in here and you should just
3:06 select the one for personal use for
3:07 Windows if you're using a Windows
3:11 machine for your VM so I'm just going to
3:13 choose the latest version in here and it
3:17 should download it or it'll take me to
3:20 another page where I can download it and
3:22 I'll just wait for it to finish so I can
3:24 install it okay once it's finish
3:27 downloading just click on the executable
3:30 and you should be able to install it now
3:33 let just keep on clicking next accept
3:35 and next until it installs usually it
3:37 takes a few minutes so while we're
3:40 waiting for that to install we can now
3:43 go to our Microsoft link where we can
3:46 get the download for the iso that we're
3:48 going to use for our Windows Server this
3:50 is what we're going to install in our
3:54 virtual machine so we are using 2022 so
3:57 normally when you are new to this it's
3:59 your first time doing this for example
4:02 if you search for the Windows Server
4:04 2022 and you can see that you can get
4:07 started for free for the trial you can
4:10 click on the download the iso in here
4:13 and it's going to ask you to register so
4:15 once you've registered that's when you
4:17 can download the iso so just fill up all
4:20 of this in here and you'll be able to
4:23 see this page where you can download the
4:24 iso so I'm just going to go ahead and
4:27 download it it usually takes couple of
4:29 minutes like depends on your internet
4:32 connection but let me check like 5 to 10
4:36 minutes the most so while VMware is
4:38 installing you can also go ahead and
4:41 download the iso okay I think it's done
4:43 downloading for me I'm just going to
4:46 check on my downloads okay so you should
4:49 see the server ISO in here when it's
4:52 done downloading so now we can open the
4:56 vmw workstation Pro it should added a
4:58 shortcut on our desktop so since we're
5:01 using personal use we can choose this
5:03 first option in here cuz we don't have a
5:05 license okay so it's pretty
5:07 straightforward The Next Step that
5:09 you're going to do is to create a new
5:12 virtual machine in here okay so just
5:16 click on next on that and for this just
5:18 select the I will install the operating
5:21 system later I have learned that if you
5:23 do it through here it doesn't really
5:26 work properly later when we set it up so
5:29 just skip that part and select this one
5:31 and then click on next and then select
5:34 Windows Server 2022 and here that's
5:37 going to be the server we're using so we
5:39 can keep the name in here and just click
5:44 on next and maximum this size would be
5:47 maybe it depends on the specs of your
5:48 computer but for me I'm just going to
5:51 put 20 in here for now I don't think I'm
5:55 going to need that much okay so click on
5:58 finish after and then you should see
5:59 that it created your virtual machine
6:02 machine Cas so these are the specs for
6:05 it so for now let's right click on it
6:08 and go to settings Okay now click on the
6:12 CD DVD SATA in here this is where we are
6:14 going to add the iso image click on
6:17 browse and go to your downloads and
6:20 click on the server ISO that we just
6:23 downloaded earlier click on okay okay
6:25 let's click on power on this virtual
6:27 machine so it's going to boot up the
6:31 virtual machine and just press any key
6:35 so after you pressed any key quickly
6:37 it's going to load the windows image
6:39 here so sometimes you're going to miss
6:41 this so if you missed pressing a key it
6:44 will show this and it won't load the iso
6:46 so what you will do is right click on
6:49 this and shut down the virtual machine
6:52 and start over so once it boots and you
6:55 see the message earlier where you have
6:57 to press a key you have to press it
7:00 really quickly to get into to this so it
7:02 will load the setup okay so once you get
7:05 this once you get this window click on
7:08 next and install now okay we are going
7:10 to choose the desktop experience standard
7:11 standard
7:14 evaluation because we want our server
7:16 with the gooy this one just has the
7:19 commands it doesn't have the gooey so
7:22 that's what we wanted click on next and
7:25 just accept click on accept here and
7:27 then do this custom install Microsoft
7:30 server and it'll just show show you the
7:33 drive allocation in here just make sure
7:35 that this is correct and just click on
7:37 next and just wait for it to [Music]
7:44 finish okay so just type in the password
7:47 that you want for
7:50 admin make sure to remember it and make
7:52 sure to type
7:55 something click on
7:58 finish and you should have your VM ready
8:00 with Windows
8:03 server 2022 okay so just log in with
8:06 your credentials here as admin and then
8:09 the next step will be to install active
8:12 directory tools on the server just to check
8:14 check
8:16 what server version we have you can do
8:19 the wiver command in here and it'll show
8:22 you the Windows server and version so we
8:25 have 21 H2 Windows Server
8:28 2022 also this is a free trial so it
8:32 only lasts for for 180 days and I think
8:34 that's around like 6 months so that's
8:37 plenty of time to play around and build
8:40 your active directory and Windows server
8:43 that you can practice with and put on
8:46 your resume and once this is this has
8:48 expired you can still build like another
8:51 one you can download another ISO but
8:52 you're going to have to build everything
8:55 from scratch okay so for the next step
8:58 we are installing active directory in
9:01 here so server manager will pop up right
9:05 away once you log in so open that and go
9:07 to the manage on the right hand side
9:10 here go to add roles and features click
9:13 on that and click on next and just
9:16 select the RO based installation in here
9:19 click next and you should select active
9:22 directory domain services this will pop
9:25 up and click on ADD features okay so if
9:27 there's other tools that you need like
9:31 remote access or hyperv go ahead and add
9:35 all of those so yes just make sure that
9:38 you have group policy management check
9:40 in there and it should be automatically
9:42 checked too when once you select active
9:46 directory in here so click next click
9:49 next here just keep clicking next and
9:52 keep uh hitting next in here now it's
9:54 just listing everything that you have
9:56 selected click on install and just wait
9:58 for it to finish the installation it's
10:00 going to let you know the progress in
10:03 here it might take a few minutes also so
10:06 just check on it but make sure to not
10:08 close this window during the
10:10 installation cuz we are going to do an
10:13 very important step after okay so once
10:16 it's finished you can see that this bar
10:18 is full you can click on this promote
10:20 This Server to a domain controller this
10:22 is very important to do after because we
10:24 are setting this up as our domain
10:26 controller because we are doing this
10:28 from scratch we don't have a domain
10:31 controller yet so click on that and it
10:33 it should show you this window and we
10:36 are going to add a new forest in here
10:37 and this is where you will be typing
10:39 your domain name for your active
10:43 directory in here I am going to call it
10:47 East charmer in Here Local always add
10:49 local because we are just doing the
10:52 local domain in here if you don't add
10:53 local it's going to show an error
10:58 message so add local and click on next
11:01 ke and select the most recent in here
11:03 that they have which is
11:07 2016 and just type in the password for
11:09 your domain something that you will
11:12 remember and click on next okay just
11:15 click on next until it finishes okay so
11:17 you would see the domain name it's going
11:19 to be what you typed in earlier keep
11:23 clicking on next next next and once it's
11:25 verified you will see in here if
11:28 everything is okay you should be able to
11:31 click on install down here okay so we
11:33 now passed the prerequisite check in
11:37 here so we can click on install and it
11:38 will take a few minutes for this to
11:42 finish okay so it has to reboot your
11:44 computer or server because it's going to
11:47 install the active directory tool so
11:49 just wait for that to finish okay now
11:51 that it's done we should be able to log
11:54 in now you can see that you're using the
11:57 domain you have the domain now which was
12:04 account okay so let's check if they were
12:07 installed so usually you can type it in
12:09 but you can also see it under the
12:13 windows admin tools here so you see all
12:16 the different tools that we installed
12:18 and we are going to do active directory
12:20 users and computers for this video this
12:23 is the very basic that we do on a daily
12:27 basis we do a lot in active directory so
12:29 this is going to be our activity for the
12:32 basic active directory setup for this
12:34 video so the goal in here is to set up
12:37 active directory from scratch which we
12:40 have done so the next steps would be to
12:43 create U or organizational units then
12:46 create user accounts and groups within
12:47 these U and I'm going to show you later
12:50 on how we use active directory on a
12:52 daily basis in the workplace so I'm
12:55 going to give you real world examples on
12:58 how we use active directory okay so just
13:01 a quick review if you are new to it and
13:04 active directory so when we say OU it
13:06 means organizational unit and it's like
13:08 a container which contains different
13:12 kinds of objects like users computers
13:16 servers groups and these objects are all
13:19 inside one organizational unit so it's
13:22 like a container or like a folder that
13:25 has all the different objects like files
13:27 for example when you think about a
13:29 Windows folder so it's basically the
13:32 same concept okay so let's open active
13:35 directory users and computers now okay
13:37 so as you can see you now have a domain
13:39 in here which is the local domain that
13:42 we named earlier and if you click on the
13:43 drop down in here you will see the
13:47 builtin use in here so these are use
13:50 this computer user so these are default
13:52 that is already included when you create
13:55 a domain Cas so first in our activity is
13:58 to create different ous which is USA
14:01 Europe and and Asia so what you will do
14:05 is to right click on the domain in here
14:08 and select new you will see
14:11 organizational unit in here and just
14:14 type in the name so click on USA in here
14:18 and it should show up so do the rest for
14:22 the other U okay so going back to the
14:25 activity earlier it says to create
14:28 groups within the ous and create users
14:31 on under the different groups so to
14:34 create a group in here actually let's
14:36 create I'm going to show you what it's
14:38 typically structured in the workplace so
14:42 usually under this geographical OU there
14:45 is another OU so you can put an OU
14:48 within an OU in here usually it's
14:51 categorized by different objects for
14:54 example you would like to put a computer
14:56 OU in here for all of the assets the
15:00 computer that you have then we can also
15:05 put the users cuz there's a they're a
15:07 different category for the groups or
15:10 container then we can add for example
15:13 servers in here just to make it simple
15:16 and do the rest for the other ous as
15:18 well okay once you finish that you can
15:20 see the different U you can also
15:23 minimize this so that it w't look
15:26 clutter especially if you are just going
15:30 to use USA in here so the next activity
15:32 would be to create different groups
15:36 under these Os or containers for example
15:38 for users typically in the workplace we
15:41 have different departments for our
15:45 company so same goes to how we structure
15:47 active directory you want to group them
15:48 into different group The users into
15:51 different departments as well so you can
15:53 create different groups under the users
15:56 for example you can click on new and
15:59 select group in here and for examp
16:02 example you can type in it in here and
16:03 as you can see in here there are
16:06 different options for group scope and
16:08 group type in here so I'm going to
16:11 discuss what the differences between
16:13 those options are and which one you
16:15 should select for the group that you're
16:17 creating okay so before we proceed if
16:19 you already know what the group scope
16:21 and group types are you can skip this
16:24 part where I explain everything and just
16:27 go ahead and watch the activity and lab
16:30 and Hands-On part keep so there's three
16:32 different options for the group scope we
16:35 have Universal Global and domain local
16:38 so this is the table that you can check
16:41 and typically we use the global because
16:43 this is usually the group that can be
16:47 used within the same domain for example
16:49 if I select the Global Group scope in
16:52 here this it group can be used under the
16:55 East charmer local domain so it can be
16:58 accessed by anything that's under this
17:00 East charmer local local so the
17:03 universal goes to different domains so
17:06 it has more access for example I have
17:08 two domains in here so for example
17:10 there's a domain in here aside from East
17:13 charmer so if I create the it group in
17:15 here it can be accessed under East
17:18 charmer domain and the other domain
17:20 that's outside East charmer so that's
17:23 Universal okay so now let's talk about
17:26 the group type we have two in here so we
17:28 do have the first type is the security
17:30 groups in here so the security groups
17:33 are used to assign permissions to Shared
17:36 resources and it also has two types in
17:39 here which is the user rights and you
17:42 can also assign permissions so this is
17:44 the group that you create if you want to
17:47 give permissions to Shared resources and
17:49 you can give and you can create a
17:51 security group that just assigns user
17:53 rights or assigns permission those are
17:56 two different kinds of or types that you
17:59 can do with security groups so explain
18:01 it better I have examples in here on the
18:04 user rights so user rights also has two
18:07 kinds it has built-in security groups or
18:09 Custom Security groups so built-in
18:11 security groups are the ones that are
18:13 default that's already included in
18:15 active directory that you don't have to
18:17 create because they are already there
18:21 for example domain admins domain admins
18:24 is just giving access to a user
18:27 basically to it's basically giving full
18:30 control or full access to a user like
18:35 being able to manage edit modify delete
18:37 anything from the domain so the main
18:39 admins is a built-in Security Group and
18:41 you don't have to create it because it's
18:44 already there I will show you later on
18:46 also another built-in Security Group is
18:48 the domain desktop user and this is
18:51 usually for the users who needs remote
18:54 access or those users that needs those
18:56 users that use remote desktop
18:59 applications to access different servers
19:01 remotely so that's also built in you
19:03 don't have to create it it's already
19:05 included in the windows tools the other
19:08 type of user right that you can create
19:10 as a security group is a Custom Security
19:12 Group which is the one that you can
19:15 create based on the rights that you want
19:17 to give to the user so this is something
19:20 that you can create and modify depending
19:23 on your preferences or the needs of the
19:26 users so for example this is this can be
19:29 done through like different departments
19:30 because in every company there's
19:32 different departments like finance
19:35 department HR department it department
19:37 so if you want to customize a right
19:39 based on the department you can create a
19:41 Custom Security Group that wasn't a
19:44 builtin or wasn't already included
19:46 because this is more for what your
19:48 company needs so you can create a
19:50 security group for the finance
19:53 department that can access or give
19:55 rights to the financial data or
19:56 application and can do the same for the
20:00 HR department so that's one type of user
20:02 right that you can create through
20:04 security group so there's also another
20:07 kind which is giving permissions for
20:09 shared resources so this is different
20:12 from the user rights so user rights to
20:14 make it simple is something that user
20:17 can do and for the permissions what the
20:20 user can get into or what the user can
20:22 access so there's like different kinds
20:25 of access that is available for a user
20:28 there's a full control there's a modify
20:30 there's re only so it really depends on
20:32 what kind of access you're giving them
20:34 so for example you can give file and
20:36 folder permissions the shared file and
20:39 folder permissions different access also
20:41 by department for example you want the
20:44 finance department to be able to access
20:47 the finance folders and you can also
20:50 have other departments to have access to
20:52 the finance folder but maybe only read
20:54 mode or read only because they can't
20:57 make any changes like the HR for example
20:58 they just can view stuff but they can't
21:00 can't add or edit so that's something
21:03 that you can do through security groups
21:05 as well okay so as mentioned earlier
21:07 there's two types of groups there's the
21:10 security group and the distribution
21:12 group so drro distribution group or the
21:15 drro list as we call it in the workplace
21:18 it's not giving access or giving
21:21 permissions this is usually used for
21:23 email distribution list to send emails
21:26 to collections or groups of people so
21:29 this is an email list where we give user
21:32 membership on what email list they can
21:34 receive for example these are example of
21:36 distribution groups that we usually use
21:38 in the workplace so there's a group that
21:41 is called all employees which is an
21:43 email list that all the employees in the
21:46 company gets and sometimes we can also
21:48 categorize this or group this by
21:50 department so for example we have a
21:54 finance or it or HR drro Group we of
21:56 course there's emails that we just want
21:59 the finance department to receive same
22:01 with the HR department so we can also
22:03 group it through that distribution group
22:05 and can be also role based depending on
22:07 what role they have like manager
22:10 executive admins so if you know the
22:12 different group scope and group type
22:14 that is really important when you're
22:16 creating groups so you would know what
22:18 they're going to be used for so for
22:21 example we have the it group that is
22:22 created in here it's going to be a
22:24 security group because it's going to
22:26 give user rights to only the it
22:29 departments for examples so let's go
22:31 ahead and create that group for example
22:34 you want another group and it's a
22:36 security group I'm just going to create
22:38 another group which is going to be
22:41 called uh DL which is short for
22:43 distribution list or drro list because
22:46 it's going to be uh a distribution group so
22:48 so
22:51 dlit admins for example it admins
22:53 because this is going to be an email
22:55 that will be received by of the it
22:57 professionals or IT staff so I'm just
22:59 going to change this to distribution
23:01 because we want this as an email list
23:04 key so that's another group that you can
23:05 create all right so that's how you
23:08 create groups now you can just go ahead
23:10 and create different users here add
23:14 different people so same step just click
23:18 a new create user just type in the full
23:21 name for example
23:26 East fmer and then just create a log on
23:29 name typically we don't do this manually
23:32 there's a script that is that is ran
23:35 when we create new users especially when
23:37 we onboard new employees I'm just
23:40 showing you this so you can create your
23:43 home lab to practice on so this is what
23:45 we do we just type in a password for that
23:47 that
23:52 user okay and then this one depends on
23:54 your comedy policies too so just click
23:56 on next and you will see each charmer
23:58 has been added as a user so you can go
24:02 ahead and do this to all the other OU
24:04 that you have or your lab so when you
24:07 start working as an IT professional in a
24:09 company most of the time or 100% of the
24:11 time active directory and Windows server
24:14 is already set up so you don't have to
24:16 build it from scratch so it's already
24:19 there there's already a structure for
24:21 everything so you don't need to be
24:24 creating users typically we don't really
24:30 okay so I have here a more detailed
24:33 activity for you guys to try so this is
24:36 just a list of what you can do for this
24:39 act for this activity okay so I think
24:42 that's it for the most basic task that
24:45 you can do and for the most basic
24:46 activities that you can do in active
24:50 directory users and computers so this is
24:52 only the first part and the first video
24:55 of the series of Home Labs that I'm
24:57 going to be sharing with you so at least
24:59 now you have a Windows server that you
25:01 can use to play around with the
25:03 different tools and you have installed
25:05 active directory so now you can practice
25:08 your active directory skills that you
25:10 can also put on your resume and I hope
25:12 you guys learned something from today's
25:13 video thank you so much for watching and
25:16 I hope to see you guys in the next one [Music]
