Posts Active Directory Lab Setup (Part 2)- Add data to AD domain
Post
Cancel

Active Directory Lab Setup (Part 2)- Add data to AD domain

Scarred Monk Dec 5, 2021 2021-12-05T07:02:00+05:30
5 min

In the previous posts, we have covered installation of AD forest and AD basics have also been discussed. In this post, let’s start populating the AD environment with AD objects like user objects, computer objects, group objects, network shares etc. and then will see how a computer can join the domain.

Add users objects

New users can be created using GUI, cmd, powershell or bulk users using a script.

Creating user objects from Active Directory Users and Computers Console

Using GUI, we can create the user by going to Active Directory Users and Computers

To create a user in the active directory, open Active Directory Users and Computers. (Type dsa.msc in RUN to open it)

AD Users and Computers

Then, right-click on the Users container and Click New>User

Create User

Now, enter the details of the user and click Next

Save User

If there are no errors, you can click on Finish to save the user. Save User

Creating user objects using CMD or Powershell

Using command prompt, we can create a user using net user utility:

C:\Users\Administrator>net user ad.user password@123 /add /domain
    The command completed successfully.

Using command prompt, we can create a user using dsadd utility as well:

C:\Users\Administrator>net user ad.user password@123 /add /domain
    The command completed successfully.

Using powershell, we can create a user using New-ADUser cmdlet:

PS C:\> New-ADUser -Name "AD User" -GivenName AD -Surname User -SamAccountName ad.user -UserPrincipalName ad.user@rootdse.org -AccountPassword (ConvertTo-SecureString password@123 -AsPlainText -Force) -PassThru


DistinguishedName : CN=AD User,CN=Users,DC=rootdse,DC=lab
Enabled           : False
GivenName         : AD
Name              : AD User
ObjectClass       : user
ObjectGUID        : d8615bb7-07b2-4eca-8d92-c664cf17d042
SamAccountName    : ad.user
SID               : S-1-5-21-580985966-2115238843-2989639066-1108
Surname           : User
UserPrincipalName : ad.user@rootdse.org

Now user account has been created, we will enable it using Enable-ADAccount cmdlet:

PS C:\Users\Administrator> Enable-ADAccount ad.user
PS C:\Users\Administrator> Get-ADUser ad.user

DistinguishedName : CN=AD User,CN=Users,DC=rootdse,DC=org
Enabled           : True
GivenName         : AD
Name              : AD User
ObjectClass       : user
ObjectGUID        : 977be8fd-efc1-4f19-afda-da6bbf26cc8e
SamAccountName    : ad.user
SID               : S-1-5-21-3248418888-564280429-1801506269-1990
Surname           : User
UserPrincipalName : ad.user@rootdse.org

Creating bulk user objects using Powershell

Let’s create an array of users with random names. Got the random names list from here and created a small array of random names.

$UserNames = @('Michael', 'Christopher', 'Jessica', 'Matthew', 'Ashley', 'Jennifer', 'Joshua', 'Amanda', 'Daniel', 'David', 'James', 'Robert', 'John', 'Joseph', 'Andrew', 'Ryan', 'Brandon', 'Jason', 'Justin', 'Sarah', 'William', 'Jonathan', 'Stephanie', 'Brian', 'Nicole', 'Nicholas', 'Anthony', 'Heather', 'Eric', 'Elizabeth', 'Adam', 'Megan', 'Melissa', 'Kevin', 'Steven', 'Thomas', 'Timothy', 'Christina', 'Kyle', 'Rachel', 'Laura', 'Lauren', 'Amber', 'Brittany', 'Danielle', 'Richard', 'Kimberly', 'Jeffrey', 'Amy', 'Crystal', 'Michelle', 'Tiffany', 'Jeremy', 'Benjamin', 'Mark', 'Emily', 'Aaron', 'Charles', 'Rebecca', 'Jacob', 'Stephen', 'Patrick', 'Sean', 'Erin', 'Zachary', 'Jamie', 'Kelly', 'Samantha', 'Nathan', 'Sara', 'Dustin', 'Paul', 'Angela', 'Tyler', 'Scott', 'Katherine', 'Andrea', 'Gregory', 'Erica', 'Mary', 'Travis', 'Lisa', 'Kenneth', 'Bryan', 'Lindsey', 'Kristen', 'Jose', 'Alexander', 'Jesse', 'Katie', 'Lindsay', 'Shannon', 'Vanessa', 'Courtney', 'Christine', 'Alicia', 'Cody', 'Allison', 'Bradley', 'Samuel', 'Shawn', 'April', 'Derek', 'Kathryn', 'Kristin', 'Chad', 'Jenna', 'Tara', 'Maria', 'Krystal', 'Jared', 'Anna', 'Edward', 'Julie', 'Peter', 'Holly', 'Marcus', 'Kristina', 'Natalie', 'Jordan', 'Victoria', 'Jacqueline', 'Corey', 'Keith', 'Monica', 'Juan', 'Donald', 'Cassandra', 'Meghan', 'Joel', 'Shane', 'Phillip', 'Patricia', 'Brett', 'Ronald', 'Catherine', 'George', 'Antonio', 'Cynthia', 'Stacy', 'Kathleen', 'Raymond', 'Carlos', 'Brandi', 'Douglas', 'Nathaniel', 'Ian', 'Craig', 'Brandy', 'Alex', 'Valerie', 'Veronica', 'Cory', 'Whitney', 'Gary', 'Derrick', 'Philip', 'Luis', 'Diana', 'Chelsea', 'Leslie', 'Caitlin', 'Leah', 'Natasha', 'Erika', 'Casey', 'Latoya', 'Erik', 'Dana', 'Victor', 'Brent', 'Dominique', 'Frank', 'Brittney', 'Evan', 'Gabriel', 'Julia', 'Candice', 'Karen', 'Melanie', 'Adrian', 'Stacey', 'Margaret', 'Sheena', 'Wesley', 'Vincent', 'Alexandra', 'Katrina', 'Bethany', 'Nichole', 'Larry', 'Jeffery', 'Curtis', 'Carrie', 'Todd');

Now, we’ll create a small function that’ll accept the limit of user accounts to be created and loop through these usersnames to create random users using the New-ADUser cmdlet by passing additional parameters to it from global variables like domain name, password etc:

    for ($i=1; $i -le $UsersLimit; $i=$i+1 ) {
        $firstname = (Get-Random -InputObject $UserNames);
        $lastname = (Get-Random -InputObject $UserNames);
        $fullname = "{0} {1}" -f ($firstname , $lastname);
        $SamAccountName = ("{0}.{1}" -f ($firstname, $lastname)).ToLower();
        $principalname = "{0}.{1}" -f ($firstname, $lastname);
        if($SamAccountName.Length -le 20){
            try { 
                Write-Host "Creating user object: $SamAccountName" -ForegroundColor 'Gray'; 
                New-ADUser -Name "$firstname $lastname" -GivenName $firstname -Surname $lastname -SamAccountName $SamAccountName -UserPrincipalName $principalname@$Global:Domain -AccountPassword (ConvertTo-SecureString $Global:default_password -AsPlainText -Force) -PassThru | Enable-ADAccount
            } catch { 
                Write-Host "Error creating user object: $SamAccountName" -ForegroundColor 'Red'
            }
        }
    }

Since, the maximum length of a username in active directory is 20, so we’re checking the username length if($SamAccountName.Length -le 20) and then trying to create user in order to avoid errors while creating users in the above code.

This will create users in bulk. You can also set up Title, Department etc. attributes to make the user accounts look more real by passing the additional parameters to the New-ADUser cmdlet.

PS C:\Scripts> Invoke-LoadADObjects -DomainName rootdse.org -LimitUsers 15

[+] Creating Bulk Domain Users in rootdse.org
Creating user object: katie.courtney
Creating user object: danielle.latoya
Creating user object: craig.laura
Creating user object: aaron.anna
Creating user object: rebecca.julia
Creating user object: catherine.candice
Creating user object: jesse.todd
Creating user object: william.jessica
Creating user object: nicholas.april
Creating user object: christopher.meghan
Creating user object: whitney.ronald
Creating user object: derek.jennifer
Creating user object: charles.carlos
Creating user object: catherine.joel
Creating user object: sarah.cassandra
[+] Bulk User objects creation completed.

Add Computer objects

To create computer account in AD, we can use New-ADComputer cmdlet:

PS C:\Scripts> New-ADComputer -Name RDSSRV01 -SamAccountName RDSSRV01 -DNSHostName RDSSRV.rootdse.org
PS C:\Scripts> Get-ADComputer RDSSRV01

DistinguishedName : CN=RDSSRV01,CN=Computers,DC=rootdse,DC=org
DNSHostName       : RDSSRV.rootdse.org
Enabled           : True
Name              : RDSSRV01
ObjectClass       : computer
ObjectGUID        : 414c6b5f-ff2b-459a-b479-8092f11f9372
SamAccountName    : RDSSRV01$
SID               : S-1-5-21-3248418888-564280429-1801506269-2197
UserPrincipalName :

To create multiple computer accounts, we’ll create an array of computer accounts first

$CompNames = @('APPSRV01', 'APPSRV02', 'APPSRV03', 'APPSRV04', 'APPSRV05', 'SQLSRV01', 'SQLSRV02', 'SQLSRV03', 'SQLSRV04', 'SQLSRV05', 'VNCSRV01', 'VNCSRV02', 'VNCSRV03', 'VNCSRV04', 'VNCSRV05', 'WEBSRV01', 'WEBSRV02', 'WEBSRV03', 'WEBSRV04', 'WEBSRV05', 'BCKUPSRV01', 'BCKUPSRV02', 'BCKUPSRV03', 'BCKUPSRV04', 'BCKUPSRV05');

Now, for each of these computers, we’ll run New-ADComputer cmdlet

    foreach($computer in $CompNames){
    $SamAccountName = "$computer"
    try { 
        Write-Host "Creating computer object: $($computer + "." + $Global:domainname)" -ForegroundColor 'Gray'; 
        New-ADComputer -Name $computer -SamAccountName $computer -Instance $Global:templateComp -DNSHostName $($computer + "." + $Global:domainname);
    } catch { 
        Write-Host "Error creating computer object" -ForegroundColor 'Red'
        }
}

Add Groups objects

We can create Group objects using New-ADGroup cmdlet.

New-ADGroup -name "DB Administrators" -GroupScope Global

To create groups in bulk, we can follow the same process.

I have created a script to populate Active Directory which can be download from my Github here.

Let’s run the script and see how the data is added into the domain:

AD Builder Script

Active Directory
Active Directory AD Data AD Builder Automated Lab Lab Setup Scripting Active Directory Lab Setup
Contents

Active Directory Lab Setup (Part 1) - Forest Installation

WMI Event Watcher notification for Windows Defender

Copyright © 2023 RootDSE