Malleum Knowledge Base

Domain Network Setup

3 min read

Initial Setup

  • Install Windows Server 2025 on proxmox
  • Setup random password for Administrator
xzA#43bxMzcQr1
  • Update the system if possible

Prepare the machine for creating a template

C:\Windows\System32\Sysprep\sysprep.exe /oobe /generalize /shutdown

What Sysprep Does to Your System

  1. Removes System-Specific Data (Generalization)
  • Resets the SID (Security Identifier) → Prevents duplicate SIDs in cloned machines.
  • Removes event logs & unique identifiers → Ensures the new VM starts fresh.
  1. Resets Windows Activation
  • If Windows is KMS activated, it will re-request activation after cloning.
  • If using MAK (Multiple Activation Key), re-activation might be required after Sysprep.
  1. Resets User Profiles & Customized Settings
  • Deletes non-default user accounts (unless using CopyProfile=true).
  • Resets Windows activation status (re-activation may be required).
  • Clears out network settings (static IPs, hostname, domain join, etc.).
  1. Reverts Windows to First Boot Setup

After Sysprep, the next boot will show the OOBE (Out-Of-Box Experience) setup:

  • You will need to set up language, region, keyboard layout, etc.
  • The administrator account will be disabled unless configured otherwise.

Configuring the Network in Pfsense

  • In proxmox select the windows machine and convert it to a template file
  • Clone new machine from the template (Full Clone)
  • Perform Static Mapping in pfsense with the new mac address

pfsense settings

Configuring the Domain network

Renaming the Machine

  • Start the machine and set a strong password for administrator.

  • Rename the PC using GUI or PowerShell and Restart

Rename-Computer -NewName "PRIMARYDC" -Restart

Installing AD-Domain Services

  • Once we have renamed the computer, we need to configure the server as the domain controller for the mineral.local domain. Log in to the server as an administrator and run the commands :
Install-WindowsFeature AD-Domain-Services
Install-ADDSForest -DomainName hacksafely.lab -DomainNetbiosName HACKSAFELY -InstallDns -Force
Install-WindowsFeature RSAT-AD-Tools

  • First, we install the AD-Domain-Services feature. This feature installs the Active Directory server and associated services to run the server as a domain controller.

  • Next, we run the Install-ADDSForest command to setup the forest and create root domain. Active Directory can’t work without a DNS server, and as this is an isolated network, it makes sense to run the DNS server on the domain controller server.

  • When the machine has finished rebooting you should re-authenticate to the server, but make sure to use the username HACKSAFELY\Administrator so that you can use the domain administrator account. The password for the domain administrator should be the same as the one you initially configured when installing the server.

Then, start an instance of PowerShell and run the commands in to do same basic user setup.

Graph View