header image

Have you ever wanted to take a cup of coffee while installing Windows Active Directory?

I recently had one this kind of task which is why I decided to give control for semi-automated PowerShell modules & scripts, written from scratch. System administrator should supply parameters for the installation process to use. Otherwise, deployment of the whole AD: fully automated.

Table of Contents


Why?

Deploying AD environment can be very time-consuming and boring task. Additionally, testing multiple AD scenarios repeatedly in deployment environment without risking production environment, or replicating production environment with multiple optional customizations can be crucial to a company.

Do you want to customize or perform penetration testing for a planned Windows Active Directory environment before actually deploying it to the production environment? Well, there you go.

Automatize deployment, automatize it once, twice more or as many times you want, and tweak your AD configuration to suit your needs. Adapt the changes to your real Windows AD environment, externalize risks. Combine AD automatization with virtual networks and you have your development playground.

Benefits & features

  • Speed up Windows Active Directory deployment on physical and virtual environments

    • When successfilly configured, the deployment in simple environments takes 1-3 hours rather than days with minimal intervention
  • Extend your existing or new Active Directory deployment

  • Add, edit & configure Active Directory object resources such as users & computers

  • Deploy multiple Active Directory features

  • Replicate same configuration on multiple IT environments

  • Modular structure; features can be added and customized if needed

  • Flexible configuration

    • Customizable & extendable group policies for multiple groups

    • Flexible firewall configurations supported for group policy objects

    • Restricted & common SMB network shares for each group in a domain

    • IIS server configuration support

    • Domain Name Server (DNS) configuration support

    • WSUS support

Drawbacks

  • Not fully automated solution: some user interaction is still required

  • Not tested in large-scale or demanding environments

  • Requires operational & pre-configured network topology

  • Although configuration is flexible, it could be more user-friendly

  • No GUI

  • Bugs likely exist, features likely missing in some parts

post image
Principle of a very minimalistic Windows Active Directory environment. It consists of a domain controller (DC), optionally separated web & file server (IIS, SMB), and clients. More advanced environments interact with remote networks, use a replicating DC and avoid single point of failures in every level.

Power of PowerShell

The Windows AD automation relies heavily on Windows PowerShell. PowerShell has many built-in functions which benefit automating AD configuration tasks. However, not everything can be obtained without custom functionality. Flexibility, modularity and custom functions help here.

post image
post image
Automated deployment of AD environment with pre-defined sample configuration. For instance, all users, groups, organizational units (OUs) and computers are fully configurable. Additionally, you can define contents of each OU, link fully configurable Group Policy Objects and configure firewall rules as shown.

Requirements

  • Windows Server 2016/2019

  • Preferred: Windows clients (7 or 10)

  • FreeBSD/Linux or OpenLDAP not supported

  • Basic network; internet access

  • Deployment tool - Fjordtek GIT

    • NOTE: Authorized access required

post image
Automatically deployed & configured SMB shares on a Windows domain network. Different users/groups have various access permissions to these network shares. Permission policy is configurable with the referred AD deployment tool.