Escaping the Catch-22 of IT: Building My Own Active Directory Lab
In the IT world, knowing how to use Active Directory (AD) is something recruiters are always looking for—it’s one of the core tools IT professionals work with. But how are you supposed to get AD experience if no one will hire you because you don’t have AD experience? It’s a total catch-22 (great book, by the way), and it reminds me of trying to get my first job at 16. No one would hire me because I didn’t have experience, but I had just turned 16—how could I have any?
There’s not much you can do to stand out in that kind of situation. It’s not like you can build side projects for a cashier position (though I’d love to see someone try).
That’s one of the reasons I enjoy IT—you can create your own opportunities to stand out. Whether it’s through certifications or personal projects, there’s always a way to level up and show what you’re capable of.
So instead of letting my lack of AD experience hold me back, I decided to do something about it. I built my own virtual Active Directory lab to get hands-on experience and familiarize myself with the basics.
And so, the project began.
I started by watching a few YouTube tutorials and using ChatGPT to help troubleshoot any issues along the way. The first video walked through setting up the initial environment. I downloaded Windows Server 2019 and Windows 10 ISOs and ran them inside Oracle VirtualBox.
I configured the Windows Server VM to serve as the Domain Controller, complete with two network adapters—one to access the internet, and the other to connect to a private internal network within VirtualBox. After installing Active Directory, I created a domain called mydomain.com and began configuring the necessary settings.
That’s when things got a little messy. The tutorial I was following used a PowerShell script hosted on GitHub to automatically create Organizational Units (OUs) and users, but I ran into internet connection issues inside the VM, so I couldn’t access the script. I took a break and came back with a fresh mind the next day.
On my second attempt, I found a clearer YouTube tutorial and began making real progress. I created a fictional company called ByteFixSolutions and made it its own Organizational Unit. Inside that, I set up additional OUs for different departments: Finance, HR, IT, and Management. I manually created five user accounts and set their passwords.
Next, I spun up another virtual machine running Windows 10 to simulate a user’s workstation that would join the domain.
And that’s when I ran into my first real challenge…
The computer named “WORK-0001” refused to join the domain. In the tutorial I was following, the guy didn’t run into any issues at this step—but I did. I got the following error:
“An Active Directory Domain Controller (AD DC) for the domain ‘mydomain.com’ could not be contacted.”
Huh. I followed the tutorial step-by-step, so why was I getting this error?
After a bit of digging, I discovered the issue: both of my virtual machines had 169.x.x.x APIPA addresses, which meant they didn’t have proper IP configurations. On top of that, the Windows 10 machine wasn’t pointing to the domain controller as its DNS server.
To fix it, I set both VMs to use the Internal Network setting in VirtualBox and assigned static IPs within the same range. On the Windows 10 machine, I updated its DNS settings to point to the domain controller at 192.168.10.1. After that, I was finally able to join WORK-0001 to the domain mydomain.com.
Awesome—time to move on with the tutorial!
Not even three minutes into the next part, I hit another roadblock.
The instructor demonstrated how to remotely manage the Windows 10 machine using the “Manage” option in Active Directory Users and Computers (ADUC). When I tried to do the same, I was greeted with an error saying I needed to enable COM+ Network Access (DCOM-In) and Remote Event Log Management firewall rules.
Alright—time to do some research.
I found out I could enable these settings from the client machine, but that approach led to even more permission issues. Eventually, I learned that I could push these configurations using Group Policy from the domain controller. I followed a guide to create and deploy the proper Group Policy to adjust the firewall settings—and it worked. Very cool.
Next, I wanted to try something a bit more advanced: pushing software through Group Policy.
My goal was to install Google Chrome automatically on any computer that joins the domain—because let’s be real, Chrome > Edge.
I set up the Group Policy, but then I hit another error:
“Cannot verify the path is a network location.”
To solve this, I created a shared folder on the server (C:\Software) and shared it over the network as \\SERVER2019\Software. I moved the GoogleChromeEnterprise.msi installer into that folder and granted read permissions to Everyone.
After that, I updated the Group Policy to use the correct UNC path:
\\SERVER2019\Software\GoogleChromeEnterprise.msi.
Then I went through the usual troubleshooting steps:
- Confirmed the GPO was linked to the correct OU (HR)
- Verified that WORK-0001 was a member of the Chrome-Install-Group
- Ran gpupdate /force on the client machine and rebooted
- Checked Event Viewer for MSI installer logs
- Disabled slow link detection to prevent skipped installations on “slow” networks
- After a reboot, I checked the workstation—Chrome had successfully installed!
Overall, this project was definitely more challenging than, say, installing software on a Raspberry Pi, but I genuinely had fun. I learned a lot about how essential networking is in IT environments, and I got a solid grasp of how Active Directory operates in a real-world context.
It reminded me a bit of solving math problems—you rarely get the correct answer on the first try, even if you’re following an example. There’s always a wrong output somewhere, and it’s up to you to debug, figure it out, and keep going. Over time, the process becomes smoother, and the mistakes become fewer.
Now, I can confidently say that I have hands-on Active Directory experience—and I have a fully functioning lab project to prove it.