Building an Active Directory Domain with Group Policies

Project Overview

This lab demonstrates core Windows domain administration by installing Windows Server 2016 (Oracle VirtualBox), configuring Active Directory and Group Policy in a safe test environment, and then managing AD and GPOs with PowerShell.

Active Directory

Active Directory (AD) is Microsoft’s directory service for centrally managing users, computers, and resources in a Windows network. A Domain Controller validates credentials, enforces policy, and provides secure access to shared resources.

• Authenticate users and authorize access.
• Assign permissions and apply security policies at scale.
• Organize objects (users, groups, devices) in a domain hierarchy.

Whether a small office or large enterprise, AD is the backbone for identity, access, and centralized management.

Group Policy

Group Policy centrally manages user and computer settings across the domain with the Group Policy Management Console (GPMC). Policies link to Organizational Units (OUs) and apply at boot/logon to ensure consistent, secure configurations.

• Enforce password complexity and security baselines
• Restrict Control Panel / Task Manager
• Map network drives automatically
• Configure desktop environments
• Deploy software and scripts at startup/logon

Active Directory Objects

AD is composed of objects—each with attributes—stored in a hierarchical database for organization, management, and security.

• User – identity with credentials and permissions
• Computer – a domain-joined workstation/server
• Group – collections for simplified access control
• Organizational Unit (OU) – container for grouping and delegation
• Shared resources – printers, file shares, apps

Objects are uniquely identified by a Distinguished Name (DN) and can have Group Policies applied via their OU structure.

Lab Modules

Back to Home