Apr 4, 2025 8 min read blog

Microsoft Server Playground

In my studies in network and IT security we are now learning about Microsoft Servers. This is a brand new topic for me to learn about, so i wanted to challenge myself to set up a playground in VirtualBox. My initial plan is to have two separate networks simulating Branch A and Branch B of a company. Each branch should have an Active Directory Domain controller. They should be interconnected with OpenWrt routers.

The Branches will be on internal network from VirtualBox, but the routers will have a NAT connection for internet, one Internal network between the routers, and lastly one Host-Only-Network for management.

Two Branches with one Domain Controller, one Client and one router each. The routers are interconnected, connected to internet and to a management PC — A rough overview of my plan

Branch A Router

To get the OpenWRT up and running i downloaded the image from OpenWrt and unzipped it with gzip -d openwrt-*.img.gz. To get the image in to VirtualBox we first need to convert it in to a .vdi image. We can use VBoxManage to do this, with the command VBoxManage convertfromraw --format VDI openwrt-*.img openwrt.vdi. Since we are not putting this on a little device, but running as a VM we can expand the disk so we have more room to play. With the command VBoxManage modifymedium openwrt.vdi --resize 512 we can resize the disk to a whopping 512mb.

To start the VM I set it up as below, generic Linux and no hard drive. The CPU and RAM was untouched as 512mb ram is plenty enough. After I have created this I copy the .vdi file in to the folder of the VM.

initial vm config set to other linux, no ISO selected

The most important settings for the VM is setting the network configurations. The adapter configurations were as follows:

Host-only Adapter (vboxnet 1)
Bridged adapter
Internal network (Branch A)

I tried with NAT on adapter 2 but for some reason i got no internet then, switched to Bridged adapter and it started working. So I will not investigate further for now.

The OpenWrt image comes with basic settings, so when we have adapter 2 to be our WAN connection it matches with the basic settings. The basic settings sadly comes preset with 192.168.1.1 as IP-address. We need to change this in to something that matches our Host-only network. This network I have set to 192.168.57.0/24 range. To change the IP we use uci set network.lan.address=192.168.57.2 and uci commit network before we do a restart.

We should now be able to access to routers webpage in our browser at that address. In the web-GUI we can navigate to the interfaces menu, I first looked at the devices tab to match the MAC-address of adapter 3 to an adapter in GUI, and it is eth2. In the interface tab I added a new interface with the settings shown below. Also added LAN firewall rules

eth2 configured ipv4, netmask, gateway and broadcast

Branch A Server

To get the first server up and running I used one of my templates that I have set up and cloned it. After I have booted it up and set my admin password I changed the static IP-address as I do not have a DHCP yet. Using the below settings i was able to ping google, great success!

The first thing i set up is Active Directory Domain services, and here i want to create a new forest. When opening Add Roles and Features Wizard I selected the Domain Services role and accepted the features needed to complete it.

Adding the Active Directory Domain Service role

After that has successfully installed the necessary features for the role we need to promote it as a domain controller. And in that wizard we chose to add a new forest, I named mine company.local. After going through the selections it does a prerequisite check before allowing me to press install.

After the above installation has completed it will reboot the server, and after the reboot we can log in to our new active directory domain! And as we can see below we have two new roles with all green check, GREAT!

The next role I wanted for my Branch A Server was the DHCP server role. To add that role we go through the same wizard as we did before but we select the DHCP role. The wizard is as straight forward as last time. I added the below address range for my DHCP server. Confirmed it working by testing my client, but more on that later on.

Branch A Client

What I want from my client for now is to simply receive IP address from DHCP server and then join my domain. And as we can see from the below picture I have received an address from DHCP together with correct gateway and DNS server.

Before joining my client to my domain I decided to set up a new user for me to log in with. I choose to first create new organizational units to have some order in my setup. I added my user, a security group and added the client1 to computers.

Branch B Router

The first thing i did for this router was to change the Internal Network to Branch_B so I have a separate network for Branch B. After this has booted it has the same static IP as Branch A router since i Cloned it. So i need to change it with uci set network.lan.address=192.168.57.3 and uci commit network and reboot.

Since I had cloned it after I had set up the local network on Router A the only thing that needed to change here was ipv4 address and broadcast.

With both routers set up we needed to set up static route between them, so the two networks could access each others. Luckily the web interface of OpenWrt was easy to configure. Since I have a DHCP server in Branch A that i want to hand out addresses on Branch B as well I sat up a DHCP relay in Branch B router.

Branch B server

The setup on this was fairly straight forward as I had a clone ready. First thing that needed configuration was static IP address which was set as below. The DNS server here is important so we can join our domain.

To join an existing domain the configuration is very similar to the config on Branch A. But here we select join existing domain, write the address of our domain and authenticate. After I had configured this as well, I changed the DNS settings in both servers to point to them self and to each other.

Branch B Client

The client in Branch B received the IP address as expected from the DHCP server located in Branch A. As seen below it have DNS address to both servers. All I needed to do now was to join the domain.

What have I learned?

From this little challenge I made for my self I have gained greater knowledge about the sites function in Active Directory. The way it relates to the subnets in sites, scopes in DHCP server. These two points were my main goal for this challenge. In addition to those I got to practice setting up Active Directory Domain Servers with DNS and DHCP.

In Virtualbox I got to test out a lot of different network types and have learned the difference between NAT, NAT network, Host-only network, Bridged adapter and Internal network. The cloning of machines set up as template have greatly reduced the amount of time I have needed to set up machines.

I finally tried out the OpenWrt routers in a fun little environment on my computer, and i will definitely play more with it later. I got to apply my freshly acquired knowledge of DHCP helper/relay in a functional way.

What did not go to plan? And what would I have changed?

The first thing that did not go as planned was that the NAT network solution did not provide proper internet to my router for unknown reasons. I changed to bridged adapter and that worked. And i chose to not investigate this any further.

I also deviated from my plan to have a separate management network and a separate link between routers, I combined this in a host-only setup. This worked flawlessly.

As for things I would do differently, my mind thinks of snapshots. I have not been good enough to take snapshots during this project.