Shaun Carrillo's Cybersecurity Portfolio

How I Built and Managed an Active Directory Lab Using Windows Server 2022

Written by:

Shaun Carrillo
May 31, 2025

I chose this lab to help me learn Active Directory, Windows Server and realistic help desk workflows. Using VirtualBox and Windows ISOs, I created a self-contained lab to simulate a small enterprise environment and troubleshoot real-world IT issues.

Lab Environment Overview

COMPONENTDETAILS
Virtualization ToolOracle VirtualBox
Domain ControllerWindows Server 2022 – Static IP: 10.2.15
ClientsWindows 10 VMs (Desktop 1, Desktop2)
Host MachineLenovo IdeaPad, AMD Ryzen 3 7320U CPU, 8GB RAM, Windows 11
Domain Nameskc11.com
Tools UsedADUC, GPMC, RSAT, CMD

Setting Up Windows Server 2022 in Virtual Box

Downloaded Windows Server 2022 evaluation ISO from Microsoft

Created a new VM in Virtual Box with:

  • 4GB RAM
  • 3 Virtual CPUs
  • 50GB Disk Space

Installed the OS and gave it a static IP (10.2.15)

Renamed the machine to Server2022

Configured networking via “Host Only Adapter”

Next, I promoted Server to Domain Controller.

  • I used Server Manager -> Add Roles and Features.
  • Added Active Directory Domain Services
  • Created a new forest: skc11.com
  • Promoted the server and completed the reboot.

Created Users and Organizational Units (OUs)

  • Used Active Directory Users and Computers (ADUC) to:
    • Create OUs: Helpdesk, IT, HR
    • Add users using “New User” and “Copy” methods
  • Enabled Advanced Features to access Attribute Editor and find hidden containers.
  • I learned that a common mistake new users can make when trying to search for a user but they are not showing up. You need to search the “Entire Directory” instead of just the local domain or container.

Enabled Group Policy and Enforced Domain Security

  • Opened Group Policy Management
  • Edited Default Domain Policy to”
    • Set password complexity
    • Enforce account lockout after failed attempts
  • Enabled enforcement of policies at the domain level

RSOP (Resultant Set of Policy):

Used gpresult /r > C:\results.txt to verify applied policies.

Added Client Machines + RSAT Access

  • Installed Windows 10 on two separate VMs
  • Assigned static IPs and joined them to the domain (skc11.com)
  • Installed RSAT Tools to allow Active Directory access from client side

Here are some day to day admin Tasks I Practiced:

TaskTool or Command
Check IP configipconfig /all
View mapped drivesnet use
Check user password expirynet user helpdesk(user) /domain
Unlock user accountADUC -> User -> Account Tab -> Uncheck lockout box
Reset PasswordAUDC -> Right Click User -> Reset Password
RSOP reportgpresult /r
Rejoin Computer to domainSystem settings -> Domain -> Re-authenticate

Common Issues I simulated & Resolved

  1. Account Lockouts – Used ADUC to unlock user
  2. Account Expiration – Adjusted expiration settings to “Never”
  3. Client PC Falling off the Domain – Rejoined via domain credentials
  4. DNS Mismatch – Corrected primary DNS Server to point to domain controller
  5. Group Policy Conflicts – Used RSOP to trace and fix policy inheritance issues.

Resources

RSAT Tool Guide

Group Policy Basics

Leave a comment

Latest Articles

Next: