This walkthrough will configure users, groups, and policies on our domain controller.
Go to “Tools” and select “Active Directory Users and Computers” from the dropdown.
Select the Ecorp.local dropdown and then highlight Users.
Notice that originally both Users and Groups are in the Users folder. We can create a new folder called Groups by right clicking ECorp.local and selecting New and then choosing “Organizational Unit”.
Name the OU “Groups” and select OK.
Highlight “Users” and drag all the groups to the “Groups” folder.
Select “Yes”
After moving the groups to the Groups folder, go back to Users and right click Administrator and select Copy. We are going to create another Administrator account.
Fill in the fields and select Next.
Type in a password. Be sure to remember the password or write it down. Select Next.
Select Finish
Copy Administrator again.
Create a service account by filling in the fields as shown below.
Give it the following password: MYpassword123#. Check password never expires.
Go to properties of the SQL Service account and type in the password. Although it is not sound practice, some administrators are known to do this.
Add a new userby right clicking in the whitespace in the area where users are listed.
Fill in the following fields and select Next.
Type in the password and check Password never expires.
Select Finish
Create another user.
Fill in the fields below.
Add password and select password never expires.
That is all the accounts we will set up for now.
Select File and Storage Services from the left hand side of the Server Manager Dashboard.
Highlight “Shares”.
From the Tasks dropdown, select “New Share”.
Select Next
Select Next
Name the Share and select Next.
Select Next
Select Next
Select Create
Select Close when complete
We will now finish setting up the SPN (SQLService) account we created in the last exercise.
Open the command prompt as Administrator and type the following.
setspn -a ECorp/SQLService.ECORP.local:60111 ECORP\SQLService
As seen above, that command registered the SPN.
We can check it by running the following command.
setspn -T ECORP.local -Q */*
As seen below, the SPN is confirmed.
In the search window, type in Group Policy and select it.
Drop down the Forest ECorp.local and Domains. Right click on ECorp.local and select “Create a GPO in this domain, and link it here”.
Name the new GPO “Disable Windows Defender” and select OK.
Click the name of the new GPO and select OK.
Right click the policy and select Edit.
Drop down Computer Configuration → Policies → Administrative Template → Windows Component.
Select Microsoft Defender Antivirus (older servers have it listed as Windows Defender Antivirus) and then double click “Turn off Microsoft Defender Antivirus”.
Check the “Enabled” box and select OK.
Close Group Policy Management Editor.
Right click Disable Windows Defender and select Enforced.
Congratulations! You have now set up users, groups, policies and assigned a static IP address to your domain controller. In the next exercise we will join Windows VMs to the domain.