This project demonstrates how to deploy and configure a Windows Server 2022 Domain Controller and connect a Windows 11 client within an isolated virtual network. The goal is to simulate a small enterprise IT environment to practice Active Directory, DNS, and Group Policy (GPO) management.
💡This lab was built using VMware with host-only networking to keep all traffic internal to the virtual environment.
- Install and configure Active Directory Domain Services (AD DS)
- Set up and test DNS functionality
- Join a Windows 11 client to the domain
- Create and manage domain user accounts and OUs
- Apply and verify Group Policy Objects (GPOs) to control user access
- Troubleshoot policy application and domain connectivity
| Tool / Service | Purpose |
|---|---|
| Windows Server 2022 Standard Evaluation | Domain Controller (AD DS, DNS) |
| Windows 11 Pro | Domain client |
| VMware Workstation / Player | Virtualization platform |
| Active Directory Domain Services | Centralized user/computer management |
| Group Policy Management Console (GPMC) | Apply system-wide policies |
| DNS Server | Domain name resolution |
| Setting | Value |
|---|---|
| Network Type | Host-Only (isolated LAN) |
| Network Address | 192.168.233.0/24 |
| Domain Controller IP | 192.168.233.10 |
| Client IP | 192.168.233.11 |
| Domain Name | lab.local |
| DNS Server | 192.168.233.10 |
- Create a new VM with:
- 2 vCPUs
- 4GB RAM (minimum)
- 60GB disk space
- Boot from Windows Server ISO and complete setup.
- Log in as the local Administrator.
- Open Control Panel → Network and Internet → Connections → Properties → TCP/IPv4 → Properties
- Set:
- IP Address: 192.168.233.10
- Subnet Mask: 255.255.255.0
- Default Gateway: leave blank for host-only
- Preferred DNS: 192.168.233.10
- Open Server Manager → Manage → Add Roles and Features.
- Install the following roles:
- Active Directory Domain Services
- DNS Server
- Promote the server to a Domain Controller → Create a new forest named lab.local.
- Set a DSRM password during promotion.
- Restart after installation.
In this case I already have it set up but this is where to find it:
- Open Active Directory Users and Computers (ADUC).
- Create:
- OU:
LabUsers - User:
bobby(domain user)
- OU:
- Assign a password and uncheck “User must change password at next logon” (for lab simplicity).
- Install and boot up the Windows 11 VM.
- Assign a static IP:
- IP:
192.168.233.11 - DNS:
192.168.233.10
- IP:
- Rename PC to BOBBYS-PC.
- Join the domain:
- Right-click This PC → Properties → Rename this PC (advanced)
- Enter domain:
lab.local - Provide domain admin credentials from the DC.
- Restart the Windows 11 client.
- Log in as lab\bobby.
- Confirm domain login works.
- On the DC, open Group Policy Management.
- Create a new GPO:
- Name:
Restrict Control Panel - Location: Linked to Domain Root or LabUsers OU
- Name:
- Edit GPO: User Configuration → Administrative Templates → Control Panel → Prohibit access to Control Panel and PC settings → Enabled
- Run
gpupdate /forceon the client to refresh policies - Log off/on to apply the changes.
- On the Windows 11 client, open CMD and run:
gpupdate /r - Confirm your GPO name appears under “Applied Group Policy Objects”.
| Issue | Possible Fix |
|---|---|
| Client cannot join domain | Verify DNS points to the domain controller |
| GPO not applying | Confirm user is domain user (LAB\bobby) and linked OU |
| Slow policy refresh | Use gpupdate /force or restart |
| Network unreachable | Ensure both VMs are on same host-only network |
✅ Successfully deployed a Windows Server 2022 Active Directory environment with one domain controller and one Windows 11 domain client.
✅ Created and verified functional user-based Group Policies.
✅ Simulated an enterprise IT infrastructure for system administration practice.
- Add Password and Account Lockout Policies
- Configure File and Folder Permissions (NTFS & Share)
- Deploy Software Installation via GPO
- Integrate WSUS or DHCP Server for automation
- Add second domain controller for redundancy
- Automate tasks using PowerShell scripts
- Active Directory & DNS configuration
- GPO creation and management
- Windows domain networking
- Troubleshooting authentication and policy issues
- Virtual lab setup (VMware, host-only networking)