Active Directory Project | ProLoyaconoTech

Secure Multi-Site AD Environment with GPOs and Replication

This project simulates a real-world enterprise environment using virtual machines, Active Directory, and pfSense routing. It demonstrates my ability to configure multi-site domain controllers, enforce Group Policy. Technologies used: VMware Workstation Pro, Windows Server 2022, pfSense (firewall/router), Windows 11 Pro (domain-joined client).

Network Structure using pfSense — Network structure using pfSense for routing and traffic analysis.

PfSense CLI — Configured pfSense interfaces to segment LAN-HQ and LAN-BR using VMware LAN segments. WAN interface connected via NAT to provide internet routing to both networks.

PfSense GUI — Configured pfSense GUI for traffic monitoring and management.

PfSense DHCP Dynamic Assignment — Enabled DHCP on the BR subnet to dynamically assign IPs to clients on the branch network.

Network for DC-HQ — Configured a static IP (192.168.10.10) on DC-HQ and installed the DNS Server role. Forward lookup zones for _msdcs.loyacono.local and loyacono.local were automatically created during AD installation, enabling name resolution for domain-joined devices.

DNS Manager — Configured a static IP (192.168.10.10) on DC-HQ and installed the DNS Server role. Forward lookup zones for _msdcs.loyacono.local and loyacono.local were automatically created during AD installation, enabling name resolution for domain-joined devices.

Promotion to Domain Controller — Verified DC-BR as an additional domain controller under loyacono.local. Presence confirmed via Active Directory Sites and Services and Server Manager. Replication tested using repadmin, confirming successful directory synchronization with DC-HQ.

Replication Summary — Promoted DC-BR to replicate from DC-HQ, completing the multi-site domain controller setup with replication over pfSense.

Active Directory Users and Computers — Created organizational units and joined a Windows 11 client to the domain. Verified replication and object visibility from both DCs.

GPO Creation — Created Group Policy Objects (GPOs) to enforce security settings and software installation on domain-joined clients.

Workstation Logon — Tested workstation logon for domain-joined clients, verifying GPO application and user authentication.

Client Added to Domain — Successfully joined Windows 11 client to the loyacono.local domain via DC-BR. Verified user logon with GPO applied.