Setting up a vulnerable AD lab

note: if learning about the attacks on AD directory is the goal, check out: https://github.com/Orange-Cyberdefense/GOAD

According to microsoft’s website, Active Directory (AD) provides the methods for storing directory data and making this data available to network users and administrators. In simple words, it’s a phone book that can be accessed over a network which contains information on computers, user, printers etc. Authentication on windows is done through Kerberos and Kerberos Tickets. For other systems (linux, mac) it uses protocols like RADIUS, LDAP (Lightweight Directory Access Protocol).

Requirements

Right, now that we understand what AD is….what do we need to make this lab?

As AD most common for windows systems. We need to download a few ISO files. Specifically these:

• For Domain Controller: https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-2022
• For User Machines: https://www.microsoft.com/en-us/evalcenter/evaluate-windows-10-enterprise