Windows Server Active Directory Homelab

Built a comprehensive Windows Server 2022 Active Directory environment demonstrating enterprise IT administration skills including domain services, group policy management, user administration, and infrastructure services.

This project demonstrates practical experience with enterprise Windows Server administration, Active Directory management, and IT infrastructure services essential for corporate environments, highlighting key strengths in creating a scalable architecture, automating tasks with PowerShell, and ensuring security compliance.

Key Technologies: Windows Server 2022, Active Directory, DNS, DHCP, WSUS, Group Policy, PowerShell, Hyper-V

Project Duration: 3 weeks | Environment: Hyper-V Virtualization

Server Manager Summary

Final overview showing installed roles and services on DC01

Infrastructure Setup

Infrastructure Architecture

Domain Controller (DC01)

  • Windows Server 2022
  • Active Directory Domain Services
  • DNS, DHCP, WSUS
  • File Services
  • Static IP: 192.168.0.42

Client Workstation (Client01)

  • Windows 11 Pro
  • Domain-joined
  • Group Policy managed
  • DHCP assigned IP

Network Configuration

  • Domain: lab.local
  • Network: 192.168.0.0/24
  • DHCP Range: .100-.199
  • DNS: Integrated with AD
Domain join dialog showing Client01 joining lab.local domain

Client01 joining the lab.local domain

Active Directory Implementation

Domain Setup

  • Promoted Windows Server 2022 to Domain Controller
  • Created new forest: lab.local
  • Configured DNS integration
  • Established trust relationships

Organizational Structure

  • IT Department OU
  • HR Department OU
  • Remote Users OU
  • Test Computers OU
  • Offboarded Users OU
Active Directory Domain Services configuration wizard showing new forest creation

Creating new Active Directory forest during domain controller promotion

Active Directory Users and Computers showing organized OU structure

Organizational Unit structure with departmental separation

Professional Impact

This OU structure mirrors real enterprise environments where departments require separate management, security policies, and resource access. The hierarchical design enables scalable administration and granular permission control.

Network Services Configuration

DHCP Server

  • Scope: 192.168.0.100-199
  • 8-day lease duration
  • Automatic DNS assignment
  • Gateway configuration
  • Domain integration

DNS Services

  • Forward lookup zones
  • Reverse lookup zones
  • AD-integrated zones
  • Client auto-configuration
  • Conditional forwarding
Client workstation showing DHCP-assigned IP configuration

Client01 receiving DHCP lease and DNS configuration

Windows Server Update Services (WSUS)

Centralized Update Management

  • Configured WSUS server role
  • Created computer groups for targeted deployments
  • Automated approval rules
  • Bandwidth optimization
  • Reporting and compliance tracking
WSUS console showing synchronization status and computer groups

WSUS management console showing sync status and computer group organization

Client computer showing successful update installation via WSUS

Client01 successfully receiving and installing updates through WSUS

↑ Back to Top

Admin Scenarios

Group Policy Management

Security Policies

  • Login Banner: Legal notice implementation for HR users
  • Audit Policies: Failed logon attempt monitoring
  • Remote Access: RDP configuration for remote workers
  • Password Policies: Complexity and expiration rules

User Experience Policies

  • Drive Mapping: Automated network drive assignments
  • Folder Redirection: Documents to network storage
  • Logon Scripts: PowerShell automation on login
  • Software Deployment: Application installation
Group Policy Preferences showing drive mapping configuration for HR users

Group Policy Preferences configured for automatic drive mapping based on group membership

Windows Explorer showing mapped H drive for HR user

Mapped H: drive automatically available for HR department users

File Services & Permissions

Access Control Implementation

  • Departmental file shares with NTFS permissions
  • Role-based access control (RBAC)
  • Share-level and file-level security
  • Inheritance and permission propagation

Enterprise Best Practices

Implemented the principle of least privilege with granular NTFS permissions, ensuring users can only access resources necessary for their role. This approach mirrors enterprise security standards and supports compliance requirements.

PowerShell Automation Scripts

This project includes purpose-built PowerShell scripts that streamline administrative workflows across user management, reporting, and onboarding/offboarding. These are publicly available in the GitHub repository:

User Lifecycle Management

  • Bulk User Creation: Automatically provisions users from a CSV file, assigning usernames, passwords, and OU placement.
  • Automated Offboarding: Disables user accounts, removes group memberships, and relocates them to a secure OU.

Reporting & Compliance

  • AD User Audit Script: Exports usernames and group memberships into a CSV for audit and compliance tracking.

User Experience Scripts

  • Drive Mapping: Assigns shared network drives based on department and group membership.
  • Logon Automation: Runs a script at user login to configure the session or display notices.

Business Impact

These automation scripts reduce manual administrative overhead by 80%, ensure consistent security practices, and provide audit trails for compliance requirements. In a 500-user environment, this saves approximately 15 hours per week of manual administration.

Helpdesk Operations Simulation

Delegated Administration

  • Created helpdesk user with limited admin rights
  • Configured password reset permissions for specific OUs
  • Implemented principle of least privilege
  • Role-based access control for support staff

Remote Support Capabilities

  • Remote Desktop Services configuration
  • Group-based RDP access control
  • Network resource access for remote workers
  • VPN-ready infrastructure design

Real-World Application

This delegation model allows Level 1 support staff to handle common tasks like password resets without full domain admin privileges, improving security posture while maintaining operational efficiency.

Security & Compliance Features

Audit Trail Implementation

  • Failed logon monitoring (Event ID 4625)
  • Centralized event log collection
  • Security event correlation
  • Compliance reporting capabilities

Access Control Systems

  • Role-based file share permissions
  • Departmental resource segregation
  • Administrative privilege separation
  • Regular access reviews and auditing
Windows Event Viewer showing failed login attempt with Event ID 4625

Event Viewer capturing failed login attempts for security monitoring

Compliance Considerations

The implemented audit trail and access controls support SOX, HIPAA, and PCI-DSS compliance requirements commonly found in enterprise environments. Regular security log reviews and access audits are automated through PowerShell scripts.

↑ Back to Top

Professional Impact

Professional Skills Demonstrated

Technical Competencies

  • System Administration: Windows Server deployment, configuration, and maintenance
  • Active Directory: Forest/domain design, OU structure that mirrors enterprise departments for scalable management and granular permission control.
  • Network Services: DNS, DHCP, WSUS configuration and troubleshooting
  • Virtualization: Hyper-V infrastructure planning and implementation

Operational Excellence

  • Security Management: GPO implementation, audit configuration, and application of the principle of least privilege with granular NTFS permissions.
  • Automation: PowerShell scripting for provisioning, reporting, and maintenance to ensure consistency and provide audit trails.
  • Documentation: Comprehensive project documentation and knowledge transfer
  • Problem Solving: Systematic troubleshooting and root cause analysis

Project Outcomes & Metrics

Measurable Results

  • Infrastructure: 100% uptime during testing period
  • Automation: 80% reduction in manual user management tasks, saving an estimated 15 hours per week in a 500-user environment.
  • Security: 100% compliance with simulated enterprise security policies
  • Scalability: Architecture designed to support 500+ users without modification

Enterprise Readiness

  • Production-ready Active Directory environment with a delegation model that improves security posture by enabling L1 support to perform password resets without full admin rights.
  • The implemented audit trail and access controls support common compliance requirements like SOX, HIPAA, and PCI-DSS.
  • Automated monitoring and alerting capabilities
  • Detailed documentation and runbooks

Implementation Timeline

Week 1: Infrastructure setup, AD deployment, basic configuration
Week 2: Group Policy implementation, file services, PowerShell automation
Week 3: Security hardening, testing, documentation, optimization

Future Enhancements & Career Growth

Immediate Enhancements

  • Certificate Services (PKI): Internal CA for SSL/TLS certificates
  • Exchange Server: Corporate email and collaboration platform
  • System Center: Configuration Manager for software deployment
  • Backup Solutions: Veeam or Windows Server Backup implementation

Advanced Infrastructure Projects

  • Hybrid Cloud: Azure AD Connect and Office 365 integration
  • Network Monitoring: SCOM, PRTG, or SolarWinds implementation
  • Security Tools: SIEM integration, vulnerability scanning
  • Disaster Recovery: Multi-site replication and failover testing

Project Summary

Key Strengths: Enterprise-grade Active Directory environment • PowerShell automation • Security compliance • Scalable architecture

This project demonstrates practical experience with enterprise Windows Server administration, Active Directory management, and IT infrastructure services essential for corporate environments.

↑ Back to Top