Most enterprises run on a domain which manages identities of users and computers, and controls access to network resources. The central servers of these domains are known as domain controllers. Most medium and large enterprises have more than one domain controller; however, for the purposes of a home lab, it is fine to start off with a single DC. This article will demonstrate the basics of building an AD forest and the first domain controller.
Tools and Techniques
This is a low budget home lab, so I will be relying on resources that can run on a single laptop with 16 GB of RAM.
- Virtualbox
- Virtualbox Extension Pack
- Virtualbox Guest Additions
- Windows Server 2025 ISO
Pre-setup
You need to prepare the hypervisor before installing the VM. Your domain controller will need to run either in a host-only network or a NAT network. I personnaly prefer the NAT network since that makes it possible for the DC to reach the internet in case I need to install new packages later. There is a way to do this via the GUI, however, because I prefer automating my process as much as possible, I will show you the commands I used to set up my NAT network from the Powershell command line.
# NAT Network Creation
# 1. Create a NAT Network with a 192.168.100.0/24 subnet
VBoxManage natnetwork add --netname "vboxnet" --network "192.168.100.0/24" --enable
# 2. Enable DHCP. This is not necessary, but may be useful depending on what you want to add to your homelab.
VBoxManage natnetwork modify --netname "vboxnet" --dhcp on
# 3. Start the NAT Network
VBoxManage natnetwork start --netname "vboxnet"
VM Creation
Now it is time to add your Windows Server DC to the network. The following Powershell commands assume that you have a Windows Server 2025 ISO file in your Downloads folder, and that your account name is “user”. This script needs to be changed based on your actual username and where you placed the ISO file.
# 1. Create a new VM named "adlab-dc1"
VBoxManage createvm --name "adlab-dc1" --ostype "Windows2025_64" --register
# 2. Set memory and CPU to 2048 MB and 1 CPU, respectively
VBoxManage modifyvm "adlab-dc1" --memory 2048 --cpus 1
# 3. Create a virtual hard disk named "adlab-dc1.vdi"
VBoxManage createmedium disk --filename "adlab-dc1.vdi" --size 50000 --format VDI
# 4. Attach the disk to the VM
VBoxManage storagectl "adlab-dc1" --name "SATA Controller" --add sata --controller IntelAhci
VBoxManage storageattach "adlab-dc1" --storagectl "SATA Controller" --port 0 --device 0 --type hdd --medium "adlab-dc1.vdi"
# 5. Attach the Windows Server 2025 ISO
VBoxManage storagectl "adlab-dc1" --name "IDE Controller" --add ide
VBoxManage storageattach "adlab-dc1" --storagectl "IDE Controller" --port 0 --device 0 --type dvddrive --medium "C:\users\user\downloads\26100.1742.240906-0331.ge_release_svc_refresh_SERVER_EVAL_x64FRE_en-us.iso"
# 6. Set boot order
VBoxManage modifyvm "adlab-dc1" --boot1 dvd --boot2 disk --boot3 none --boot4 none
# 7. Enable networking and set the network to the vboxnet NAT network
VBoxManage modifyvm "adlab-dc1" --nic1 natnetwork --natnetwork1=vboxnet
# 8. Start the VM
VBoxManage startvm "adlab-dc1"
Install Windows Server 2025
The next part requires installing Windows Server 2025 on your new VM. I am unfamiliar with how to automate this part, but I imagine that it would require a product key, which I do not have for the purposes of this tutorial. Windows Server installs that do not have a product key come with a free license that lasts 180 days.
The following screenshots show the configuration that I use to set up the installation:
Once that is done, you will be sent to an installation screen. The time it takes to complete installation may vary from machine to machine.
Once the installation completes, you will need to create an adiminstrator account, with a password of your choosing. Then, you will need to install Virtualbox Guest Additions on the server so that you can easily copy scripts from your host machine to the VM. Oracle itself provides directions on how to install Guest Additions here.
Before you reboot your VM, make sure that the following settings on your VM are set to “Bidirectional”:
Set network config
Next, run the following script from a 64-bit Powershell window within the VM, to configure the network settings in accordance to the NAT network setup in one of the previous steps.
$myAdapter="Ethernet"
# Remove the existing IP configuration
Remove-NetIPAddress -InterfaceAlias $myAdapter -Confirm:$False
# Remove the default gateway
Remove-NetRoute -InterfaceAlias $myAdapter -Confirm:$False
# Add the new IP and gateway
New-NetIPAddress -InterfaceAlias $myAdapter -AddressFamily IPv4 192.168.100.5 -PrefixLength 24 -Type Unicast -DefaultGateway 192.168.100.1 -Confirm:$False
# Set the DNS servers. In this script, they are set to the server itsself and Google, but may be changed as necessary.
Get-NetAdapter -Name $myAdapter | Set-DnsClientServerAddress -ServerAddresses 192.168.100.5, 8.8.8.8 -Confirm:$False
# Rename the computer
Rename-Computer -NewName "adlab-dc1" -Restart
Note that the 64 bit Powershell process appears in Task Manager as “powershell.exe” with an x64 architecture, rather than an x86 architecture. The Powershell commands above will not work in the 32 bit Powershell process.
Create the AD forest
Now that you have rebooted the device again, it is time to create the AD forest. Drag and drop Run the following commands from a 64 bit Powershell window:
#
# Windows PowerShell script for AD DS Deployment
#
Import-Module ServerManager
Install-WindowsFeature -name AD-Domain-Services -IncludeManagementTools
Import-Module ADDSDeployment
Install-ADDSForest `
-CreateDnsDelegation:$false `
-DatabasePath "C:\WINDOWS\NTDS" `
-DomainMode "Win2025" `
-DomainName "adlab.com" `
-DomainNetbiosName "ADLAB" `
-ForestMode "Win2025" `
-InstallDns:$true `
-LogPath "C:\WINDOWS\NTDS" `
-NoRebootOnCompletion:$false `
-SysvolPath "C:\WINDOWS\SYSVOL" `
-Force:$true
Input a safe mode admin password of your choosing:
Once the installation finishes, the VM will automatically initiate a delayed reboot. When it comes back up, you will have a fully set up domain controller and AD forest.
It is always a good idea to automate as much of your home lab setup as possible, and make the scripts used for automation available whenever necessary. I store the scripts I use for my home lab setup on my GitHub account. The ones I used for this tutorial can be found here.