Part 1: Simple Windows Security - Domain/Forest

In Part 1 below, we will configure the Domain Controllers. The virtual machines for the domain controllers have already been built in Hyper-V. Below is a table with general VM settings.

Virtual Hardware Software
1xCPU Server 2022
2xGB RAM Generation 2 Hyper-V VM
1vNIC
30GB Disk

Prepare the Server

We start here with two fresh Windows Server 2022 installs. We are using a strong , randomly generated, 16 character password for the ""Administrator” account. This account becomes the “Domain Administrator” in the first Domain Controller, so it’s imperative that the password is strong.

The password is set, now we can login.

We are greeted with a bunch of Server and network management boxes.

Click No on Do you want to allow your PC to be discoverable

Click Don’t show this message again checkbox and hit the X

Open PowerShell and rename the server to “dc1” and restart the server. Use the commands Rename-Computer “dc1” and Restart-Computer

  1. Log back in and set a static IP address by going to Start > Settings > Network & Internet > Change Adapter options.

  2. Right click Ethernet and click Properties. Double-click Internet Protocol Version 4 (TCP/IPv4). Set the static IP, Subnet mask and Default gateway to your network.

  3. For DNS, let’s use Cisco Umbrella’s public DNS servers here

  4. Click OK .Click OK again

Update windows by going to Start > Settings > Update & Security > Windows Update > Check for Updates. Download all the updates avaiable and click Restart Now when prompted.

Install Windows Roles

  1. Switch windows to the Server Manager, click Add roles and features. Click Next

  2. Ensure Role-based or feature—based installation radio is selected and click Next

  3. Ensure Select a server from the server pool radio is selected and dc1 is selected and click Next

  4. Check the box for Active Directory Domain Services

  5. Check Include management tools (if applicable) > Click Add Features

  6. Check the box for DHCP Server

  7. Check Include management tools (if applicable) > Click Add Features

  8. Check the box for DNS Server

  9. Check Include management tools (if applicable) > Click Add Feature

  10. Click Next. Click Next. Click Next. Click Next. Click Next

  11. Un-check the box Restart destination server automatically if required.

  12. Click Install

  13. Wait for the installation progress to complete and click Close

Create Windows Forest & Promote

  1. In the top right-hand corner click the flag with the warning symbol and click Promote this server to a domain controller

  2. Check the radio Add a new forest

  3. Enter your domain name. Based on Microsoft Best Practice, you should chose a subdomain of your public top-level domain. For example, if your public domain is tanktopsecurity.com, you’d choose something like ad.tanktopsecurity.com.

  4. Click Next

  5. Leave the defaults up top. Server 2016 is the most recent Forest and domain functional level.

  6. Enter a DSRM password:

  7. Don’t use the same password as the administrator password from the start of the guide. Use using a strong , randomly generated, 16 character password. This password can be reset a a later date if lost.

  8. Click Next

  9. You’ll see a warning for A delegation for this DNS server cannot be created… This is normal for the first DC in a new forest. You can click Show more to learn more on this warning.

  10. Click Next. The server checks for existing NetBIOS names and enters your NetBIOS domain name here. Click Next.

  11. Leave the default paths here and click Next

  12. You can review all the forest and domain settings here. You can click View script to get the PowerShell command that Server Manager is running to create the new forest and promote the Domain Controller. You could copy this script for future us in other Windows network builds.

  13. Click Next

  14. Prerequisite check will run. you’ll see a few warnings. These are normal for a new DC in a new forest.

  15. Click Install

  16. You’ll see a progress window. After a while, the server will reboot.

  17. When the computer is booted, use the Administrator username and password, which is now the Domain Administrator password.

Add DC2 to the forest & Promote

On dc2, repeat the sections above with a few exceptions:

Prepare the Server section

  1. Instead of dc1, rename the server to dc2

  2. Assign a different IP address in the same network

  3. Set the Preferred DNS server address to dc1’s static IP

Create Windows Forest & Promote section

  1. Instead of selecting the radio button Add a new forest, select Add a domain controller to an existing domain

  2. Type your domain name and click Select

  3. In the pop-up window, enter the domain name, the domain name followed by Domain Administrator user name and the password and click OK.

    1. Example: AD\administrator

  4. In the pop-up window, select your domain and click OK

  5. Click Next

  6. Enter a strong DSRM password. Ideally a different password than the one you sent for dc1 .

  7. Click Next

  8. You’ll see a warning for A delegation for this DNS server cannot be created… This is normal. You can click Show more to learn more on this warning.

  9. Click Next

  10. You can leave the defaults and click Next

  11. Again, leave the defaults and click Next

  12. Click Next again

  13. Prerequisite check will run. you’ll see a few warnings, these are normal. Click Install

  14. The server will reboot

  15. Now sign in with the Domain Administrator password.

  16. This domain controller is now synced with dc1 and can server clients for logins and DNS requests

Download Windows 11 and Server 2022 Trials

In order to learn how to create and manage Windows networks, you’ll need access to both the Windows Server and a Windows desktop operating system. As of this post in February 023 the most recent editions are Windows Server 2022 and Windows 11 22H2. Please see below for a quick guide to download the ISO file that you can use to install Windows Server or Windows 11.

Download Windows Server 2022 Eval


  1. Visit the Microsoft Windows Server trial link: https://www.microsoft.com/en-us/windows-server/trial

  2. Click on Download Free Trial

  3. Click Download the ISO

  4. Fill in the requested information. I made sure to uncheck “I would like Microsoft to share my information…”

  5. Click Download

  6. Click ISO Downloads

  7. Wait for your new Windows Server Eval ISO to finish downloading

  8. Start building!!


Download Windows 11 Eval

  1. Visit the Microsoft Windows 11 download page: https://www.microsoft.com/software-download/windows11/

  2. Scroll down to Download Windows 11 Disk Image (ISO) for x64 Devices

  3. Use the dropdown to select Windows 11 (multi-edition ISO for x64 Devices)

  4. Click Download

  5. Next, choose your language nad clikc Confirm

  6. A verification page may appear then disappear

  7. Click 64-bit Download

  8. Wait for your new Windows Server Eval ISO to finish downloading

  9. Start building!