lab_AD_Complet

Reproducible Active Directory lab, based on Docker, for training and self-study.

Version française : README.md

Lab content

A complete, isolated Active Directory environment comprising:

• DC01: Windows Server domain controller (AD DS + DNS)
• PC01: Windows 11 client workstation to join the domain
• linux01: Debian 12 client to join the domain (realmd + SSSD)

Everything is orchestrated via a single docker-compose.yml, fully configurable via environment variables.

Prerequisites

The lab requires hardware virtualization access (KVM on Linux, WSL2 + nested virt on Windows).

System	Supported	Notes
Linux (kernel >= 5.x with KVM)	Yes	Simplest setup
Windows 10/11 Pro + Docker Desktop	Yes	Enable nested virtualization in .wslconfig
macOS Intel	Partial	Degraded performance, not recommended
macOS Apple Silicon (M1/M2/M3)	No	Use a Linux VM (UTM) - see docs/etudiant/en/00-prerequisites.md

Minimum resources:

• 16 GB RAM recommended (12 GB minimum)
• 80 GB free disk space (Windows install + snapshots)
• CPU with VT-x / AMD-V enabled in BIOS

Check scripts provided:

./scripts/check-prereqs.sh        # Linux, macOS
.\scripts\check-prereqs.ps1       # Windows

Quick start

git clone <repo-url> lab_AD_Complet
cd lab_AD_Complet
cp .env.example .env              # adapt variables
./scripts/check-prereqs.sh
docker compose up -d dc01

Windows Server installation runs automatically in the background (20 to 40 minutes depending on your connection). Monitor progress via:

• Web UI: http://localhost:8006
• Logs: docker compose logs -f dc01

Once Windows is installed, AD configuration (promotion, OUs, users, GPOs, shares) is left to the learner. Detailed guides are in docs/etudiant/en/.

Accessing the hosts

Two methods available:

Web UI (noVNC)

• DC: http://localhost:8006
• Windows client: http://localhost:8009
• Useful to observe boot / installation, but slow and no clipboard sync.

RDP (recommended)

./scripts/rdp-dc.sh               # opens RDP session on DC01
./scripts/rdp-client.sh           # opens RDP session on PC01

On Windows:

.\scripts\rdp-dc.ps1

RDP provides native clipboard, folder redirection (\\tsclient\shared) and much better performance.

Project structure

lab_AD_Complet/
  docker-compose.yml           Defines the 3 containers
  .env.example                 Configurable variables
  linux-client/                Debian image pre-equipped (SSSD/realmd)
  scripts/                     Prerequisite checks + RDP launchers
  shared/                      Folder shared with Windows VMs via RDP
  docs/
    etudiant/                  Learning guides (FR + EN)
    formateur/                 Instructor materials and solutions (not distributed)

Documentation

• docs/etudiant/en/00-prerequisites.md: Docker install and checks
• docs/etudiant/en/01-lab-startup.md: first lab startup
• docs/etudiant/en/02-dc-promotion.md: domain controller promotion (GUI + PowerShell)
• docs/etudiant/en/03-ou-users-groups.md: OU tree, users, groups, AGDLP
• docs/etudiant/en/04-gpo.md: GPO creation and linking
• docs/etudiant/en/05-shares-ntfs.md: SMB shares and NTFS permissions
• docs/etudiant/en/06-join-windows-client.md: joining PC01 to the domain
• docs/etudiant/en/07-join-linux-client.md: joining linux01 to the domain
• docs/etudiant/en/troubleshooting.md: common issues

Each procedure is documented with a dual approach: graphical interface (Server Manager, ADUC, GPMC) and PowerShell scripting.

Stop the lab

docker compose stop               # stop without losing state
docker compose down               # stop and remove containers
docker compose down -v            # remove everything including VM disks

Windows disks are stored in ./storage-dc01/ and ./storage-pc01/ at the project root. Removing these directories resets everything to a fresh install.

License

MIT - see LICENSE.

Contributing

Contributions are welcome (fixes, translations, new exercises). Open an issue or submit a merge request.

---

Made by AcadéNice.