Microsoft Active Directory¶

Active Directory is hosted in the domain controller. Active Directory Lightweight Directory Services (AD LDS) is installed to provide Lightweight Directory Access Protocol (LDAP) to applications.

Installing Active Directory¶

Active directory is provided using Windows Server 2022 Core. Installation and Configuration of Active Directory on Windows Server 2022 core requires using PowerShell commands.

Install Active Directory Services Role¶

Use the following PowerShell command to install the Active Directory services role.

Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools

Import the AD DS Deployment Module¶

Import-Module ADDSDeployment

Create the Domain Forest¶

Install-ADDSForest -DomainName "refol.us" -InstallDNS:$False

Set the Safe Mode Administrator Password when prompted and confirm that the server will be a domain controller.

PS C:\Users\Administrator> Install-ADDSForest -DomainName "refol.us"
SafeModeAdministratorPassword: **********
Confirm SafeModeAdministratorPassword: **********

The target server will be configured as a domain controller and restarted when this operation is complete.
Do you want to continue with this operation?
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"):

The server will reboot.

Configuration¶

Windows Server 2022 Active Directory has been configured to work with Pi-Hole as the primary DNS server. In order to make this work, the following must be configured:

Enable NTP Server¶

It is important to configure the primary domain controller with a local NTP server.

1. Open Registry Editor(regedit.exe)
   Navigate to the following registry key: HKLM\System\CurrentControlSet\Services\W32Time\Parameters. To use a specific NTP source, modify the Type value to NTP.
2. Modify the NtpServer value to contain the NTP server to synchronize time with followed by 0x8, for example 131.107.13.100,0x8. Multiple NTP servers must be space-delimited, for example 131.107.13.100,0x8 24.56.178.140,0x8
3. Open an administrative Command prompt and execute the following command: w32tm /config /update

Using Powershell to enable NTP server

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\w32time\TimeProviders\NtpServer" -Name "Enabled" -Value 1 

Restart the NTP server

Restart-Service w32Time 

Configure Firewall to Allow NTP¶

Use the following Powershell command to allow NTP traffic.

New-NetFirewallRule `
-Name "NTP Server Port" `
-DisplayName "NTP Server Port" `
-Description 'Allow NTP Server Port' `
-Profile Any `
-Direction Inbound `
-Action Allow `
-Protocol UDP `
-Program Any `
-LocalAddress Any `
-LocalPort 123 

Authenticate Linux Hosts¶

In order to use Active Directory to authenticate a Linux host, it must be joined to the Active Directory domain.

References¶

• Windows 2022 guest best practices
• Configure the Root PDC with an Authoritative Time Source and Avoid a Widespread Time Skew
• Pi-Hole as Primary DNS with Active Directory
• Administer a Server Core server
• https://learn.microsoft.com/en-us/windows-server/networking/dns/manage-dns-zones?tabs=powershell