Justin's Blog

NorthStar Consulting Project – Part 4: Lab Setup

Published: September 5, 2025

Lab Environment

Setting up the Domain Controller (DC1)

I started by installing Windows Server 2025 on the first VM. During installation, I chose the Desktop Experience option to ensure a GUI was available for easier configuration.

Once installed, I renamed the server to DC1 for simplicity. Then, using the Add Roles and Features Wizard, I installed the following server roles:

Next, I configured AD DS by running the Promote this server to a domain controller wizard, creating a new forest called northstar.local. This automatically configured DNS for the domain.

Creating OUs, Groups, and Users

To avoid manually creating each OU, security group, and user, I leveraged PowerShell with the following script generated with the help of ChatGPT:

# Import Active Directory module
Import-Module ActiveDirectory

# --- 1. Create OUs ---
$OUs = @("Directors","Consultants","Reception","HR","Marketing","Accounts","Workstations")
foreach ($ou in $OUs) {
    New-ADOrganizationalUnit -Name $ou -Path "DC=northstar,DC=local" -ProtectedFromAccidentalDeletion $true
}

# --- 2. Create Security Groups ---
$Groups = @{
    "Directors" = "Directors"
    "Consultants" = "Consultants_Staff"
    "Reception" = "Reception_Staff"
    "HR" = "HR_Staff"
    "Marketing" = "Marketing_Staff"
    "Accounts" = "Accounts_Staff"
}

foreach ($ou in $Groups.Keys) {
    New-ADGroup -Name $Groups[$ou] -GroupScope Global -GroupCategory Security -Path "OU=$ou,DC=northstar,DC=local"
}

# --- 3. Create Users and Add to Groups ---
$Users = @(
    @{Dept="Directors"; Name="Sarah Brown"; Username="sarah.brown"; Group="Directors"},
    @{Dept="Consultants"; Name="John Smith"; Username="john.smith"; Group="Consultants_Staff"},
    @{Dept="Consultants"; Name="Emily Jones"; Username="emily.jones"; Group="Consultants_Staff"},
    @{Dept="Reception"; Name="Alex White"; Username="alex.white"; Group="Reception_Staff"},
    @{Dept="HR"; Name="Maria Green"; Username="maria.green"; Group="HR_Staff"},
    @{Dept="Marketing"; Name="James Black"; Username="james.black"; Group="Marketing_Staff"},
    @{Dept="Accounts"; Name="Linda Grey"; Username="linda.grey"; Group="Accounts_Staff"}
)

foreach ($user in $Users) {
    $password = Read-Host -AsSecureString "Enter password for $($user.Username)"
    New-ADUser -Name $user.Name `
        -GivenName ($user.Name.Split(" ")[0]) `
        -Surname ($user.Name.Split(" ")[1]) `
        -SamAccountName $user.Username `
        -AccountPassword $password `
        -Enabled $true `
        -Path "OU=$($user.Dept),DC=northstar,DC=local"
    Add-ADGroupMember -Identity $user.Group -Members $user.Username
}
Write-Host "OUs, groups, and users created successfully!" -ForegroundColor Green

For better organization, I also created two parent OUs: NorthStarUsers and Servers, moving all user OUs under NorthStarUsers.

Configuring John Smith’s Workstation

Next, I set up John Smith’s VM:

Once joined, John’s login account is recognized by the domain, allowing Group Policy and network resources to apply properly.

Setting up the File Server (FS1)

The file server VM was installed with Windows Server 2025 (Desktop Experience), renamed to FS1, assigned a static IP, DNS, and gateway, and joined to the domain.

On FS1, I created department folders under C:\Shares:

Folder permissions were configured using security groups created in AD DS, removing inherited permissions to ensure proper access control. Then, network shares were created, and mapped drives were set up using a Group Policy Object targeting the relevant OUs. For example, the Consultants folder is mapped to Z:\ for users in the Consultants OU.

Testing

Logging in as John Smith, the mapped drive appears automatically after a gpupdate /force and logging off/on. Permissions are verified, ensuring users can only access folders assigned to their department.

Next

Part 5 will cover the deployment of additional Group Policies, configuring DHCP scopes, fine-tuning DNS settings, and testing cross-department access controls.

Home