«

»

Jul 27 2013

Building an Active Directory (AD) Test Lab using VMware Workstation

Building an Active Directory network in VMware Workstation is a piece-of-cake for those that master the program. If you are a newbie, you might want to read on. In this article I’m going to show you how to build an Active Directory lab, based on my experience with VMware Workstation. The best thing for you is to read this and build your own way of working with the product.

Now, I presume you already have VMware Workstation installed on your computer, and a domain controller and a few clients running as VM’s on VMware Workstation. To run this lab you will need at least 3 GB of RAM on your host (laptop or workstation), but that depends on what OS’s are you running in those VM’s. The most important thing into building this environment is how you connect your virtual network adapters.

When I build a lab, I completely isolate the VM’s from my home network, and for that I use another bridge connection or a LAN segment. As you can see in the bellow image the domain controller adapter is connected to VMnet2 which is bridged to a physical network adapter on my host.

The physical network adapter on the host does not have access to internet or any other network, but is connected to another host (Windows 7 workstation) using a dedicated/separate switch. I did this so I can connect my VM’s running on Host 1 to the VM’s running on the other hosts; this is for bigger labs, where resources on one host are not enough.

Now off course, you might have only one physical network adapter in your host, and if so, you can use LAN segments to isolate the VM’s from your home network. Just select LAN segment, then click the LAN Segments button.

To create a LAN segment just hit Add then type a name. As you can see I have a few created already, and I use them when I create clusters or advanced labs.

Configure the network adapters of your VM’s to use the connection of your choice, either a bridge connection or a LAN segment then click OK.



If you followed me from the beginning, right now your VM’s still can’t communicate since they don’t have an IP address.

And you are asking: Do I have to assign static IP addresses every time I built a lab ?

And I answer: Yes, if you don’t have a DHCP server.

In my case, all my domain controllers templates have DHCP installed, configured, and ready to lease IP’s to clients. As soon as I connect the virtual adapter of my VM’s to the same connection as my domain controller is, they will all get an IP address from the DHCP server running on that domain controller. As soon as the clients have an IP address, they will be able to communicate.

All you have to do now is join those clients to the domain. If you need internet connection in your lab, and sometimes you do, a router needs to be present between the lab and the home network. For that, power on another VM with two network adapters configured. One of the adapters connected to your LAN (home network) and the other one connected to your lab (LAN segment or bridge). Now go ahead and install TMG 2010 or any other software that can act as a router on this VM. If you don’t have enough resources to power on another VM you can configure the domain controller to act as a router, is OK it’s a test lab. Just add another network adapter to the domain controller, then install RRAS; and BAM…you have internet in your lab.

    

If you don’t want to go trough all this, you can always use the NAT connection in VMware Workstation or connect the virtual adapter to your home network. I don’t recommend it, because is to easy (crazy ha !), and you are not going to learn some advanced networking techniques in VMware Workstation this way.

Want content like this delivered right to your

email inbox?


19 comments

Skip to comment form

  1. Vince

    In case anybody runs into issues getting internet to work on their domain controller and other servers joined to the domain, here’s what I had to do:

    1. Manually set an IP address, subnet, and gateway on the bridged network adapter on your domain controller (even though DHCP may be enabled on your home network). Note: You will get a warning related to not having set a DNS server, but you can ignore this.
    2. Ensure that the gateway and DNS on the network adapters on any servers joined to the domain that aren’t the domain controller itself match the IP address of the LAN segment adapter on the domain controller
    3. Remove the gateway of the LAN segment adapter on the domain controller

    Hope that helps! Thanks to Adrian for his help in figuring this out 🙂

  2. RAJ

    Same static IP configuration on ware for windows server 2012.It will be best if you can provide some video tutorial on configuring static IP for AD creation and adding other hosts(in VMware to join them).

    1. Adrian Costea

      Hi,
      Thanks for the feedback. I will think about it.

  3. sine

    Good Day! I hope someone can help me here. I’m having problem joining my physical client to virtual domain controller, but if it is virtual client to join, no problem at all.

    I am using 2 physical computer PC1 and PC2. PC1 is the one handling the vmware. They are both connected to switch.

    PC1 (Host computer) ip address 20.20.20.4/24
    AD and DNS server = 20.20.20.1/24 = vmware server
    PC2 (physical client) 20.20.20.5/24

    Network Config of vmserver is bridge mode.

    I got this error “an attempt to resolve the dns name of a domain controller in the domain being joined has failed”

    1. Adrian Costea

      Hi,
      This is a DNS issue. You have to configure all DNS settings for all the computers in your lab to use the domain controller’s IP address. You probably set up the ISP DNS or an external one. Let me know if this works.

      1. sine

        Thank you for your reply.

        I already did that, all computer dns ip add is 20.20.20.1 ( because thats my dns ip address, right?). I also tried creating reverse lookup zone in dns configuration server. Still now i cant join my physical client to my AD Server (which is also my DNS Server).

        1. Adrian Costea

          Can they PING each other? Make sure the network is set to Bridge and the bridge network is configured on the proper physical adapter.

  4. Einfo Mail

    Scenario is ..

    1. Host OS: Windows 10 Desktop
    2. Guest OS: Windows Server 2012 R2, Windows 8.1 & Windows 7
    3. Windows 10 Desktop is connected with DHCP-enabled Wifi Router with an Ethernet cable. DHCP-enabled Wifi Router is installed by the ISP. If I do any changes in the router settings, Internet service gets interrupted.

    Please help me to setup a lab in Workstation 12 Pro with internet access where I can install and configure AD, DHCP and DNS successfully on Windows Server 2012 R2 and Windows 8.1 & Windows 7 can be added to the domain.

    Regards
    Einfo Mail

    1. Adrian Costea

      Hi,
      You can use the NAT network from VMware Workstation and this way you have a different subnet, you have internet access and also systems can see each other.

  5. Bothito

    Please help with static IP configuration on VMware.
    I would like to configure Active Directory on VMware with FULL INTERNET AND STATIC IP ADDRESS, Please help.

    Case scenario
    I am using VMware 10 on Windows 8.1 and this is what challenges me:
    After installing server 2008R2 on VMware, and switching network adapter to “NAT connection” I had full access to internet.
    Assigning static IP 1920168.5.2 to the server disconnect the internet.
    Adding more network on the server reconnect to internet but removes the static IP address.
    Even bridging the two network adapters, I still get internet access.
    Active directory cannot be installed on a dynamic IP address
    I am connecting using Wireless connection (My cellphone as modem).

    Your help will be greatly appreciated

    1. Adrian Costea

      It’s not working because you are using a different subnet that NAT is using. Just connect the DC using DHCP and see what IP it’s assign to it. Now you know the IP class. Assign an IP address to the DC form that IP class and you should be good to go. I don’t recommend you use NAT for creating your labs, it gives you kinda of a headache. Instead you can use bridge connections or LAN segments then install a router between your lab and your home network. This way you can configure whatever firewall rule you want in the lab from the firewall. I hope this helps but if you need future explanation just let me know.

  6. nucleox

    This is my current development setup,
    PC1 – Visual Studio 2015
    PC2 – Windows 2012 R2 (Domain Controller, SQL Server, etc..)
    Most of my applications runs agains Active Directory and SQL Database, I think I could use a single PC virtualizing either Windows 10 (Dev Setup) or the Windows server 2012 (Domain controler, sql, etc..)
    What is the best approach, virtualize PC1 or PC2?
    Ps. Planning to VMWare Workstation Pro 12.

    1. Adrian Costea

      Hi,
      You can virtualize all of them and since is just a dev environment it’s OK to use VMware Workstation. I recommend you don’t install any software on the domain controller, leave it a domain controller. Deploy a 2012 server, make it a member of the domain and put SQL on this one. Hope this helps.

  7. Timo Uitto

    Hi,

    I love your discussion and comments!

    I’m running AD (vm) test lab on host only virtual network. There is old Coyote Linux (I like it) as a GW, one foot to host only network (AD) and other to VM-8 (NAT). Host platform is laptop, which is connect to router (4G). On this far everything works fine :). There is other laptop (physical) connected to router (4G), which I like to join to AD. If you have any advice, I appreciate.
    Current situation is that host, which is running lab environment can access to AD. If I like, I can join this HOST to domain. Other laptop can see this HOST, but it can’t see HOST adapter to lab environment or Coyote Linux. Naturally it can see 4G- router. My 4g router features are limited. Example static routing is limited.

    1. Adrian Costea

      Remove all VMs from the Host-only network and attach them to a bridge network or a LAN segment. You will have to create the LAN segment if is not created; not difficult to do it. Next step will be to configure all the VMs to be on the same subnet. From here on everything should work great. Also, on the gateway make sure you have two network adapters, one connected to the LAN (where your VMs are) and the other one connected to your internet network.
      Let me know how it works.

  8. manish joshi

    I have bought a new laptop 1 TB HDD, 8 GB RAM, intel i5-6th generation, laptop in order to setup active directory and virtual machines lab. I am a guy working as of now in IT service desk. and wanted to switch from my existing domain to core server management domain.
    Let me know what software do I need to build my lab for active directory .

  9. jarek

    Hi,

    Is it possible to connect physical client with Windows Vista Business to such DC running on virtual Server 2008 on VMware? I’m asking because of licensing constrains I’m facing (don’t have box Windows license to make virtual client but have an old laptop with Vista OEM preinstalled 🙂 Thanks!
    Jarek

    1. Adrian Costea

      Off course you can, just make sure you set the network adapter of the DC in bridge mode so it can talk with your physical network.
      As a second advice; you don’t need a Windows license in order to do labs, you can work just the same using a trial version from Microsoft’s site. Go ahead an download a copy and try this using full virtualization.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

css.php