Active Directory Tutorial

In this tutorial, I will explore Microsoft Active Directory. The tutorial is split into three sections, as outlined in the table of contents below:

Setting up Windows Server 2022 Standard Desktop
Active Directory Domain Services (ADDS)
Lightweight Directory Services

1. Install Windows Server 2022

Let’s quickly go over how to install the Windows Server 2022 Standard Desktop Evaluation Edition.

1.1. System requirements

RAM: 2GB
HDD: 50GB

Choose your relevant settings and click Next:

For this tutorial, I'll be using Windows Server 2022 Evalution (Desktop Experience edition)

Allow this server to be discovered on your network:

Change the server name to something meaningful.

In my scenario, the server is located in Kathmandu and it is Domain Controller 01.

Therefore, KTM-DC01.

And restart the server.

2. Install Active Directory Domain Services

In this section, you'll be installing Active Directory Domain Services (ADDS).

First of all, Add role called Active Directory Domain Services:

Click Next:

Select Role-based or feature-based installation:

Select a server from the server pool as shown below, and click Next.

Note: I have KTM-DC01. There might be different DC in your case.

2.1. Post installation task

From the right-hand side Flag menu, click on Post-deployment Configuration:

Restart the server.

3. Active Directory LightWeight Directory Services

Add role called Active Directory LightWeight Directory Services:

3.2. Edit ADSI

Goto Tools
Click ADSI Edit

Now, try to add user from Active Directory Users and Groups:

Now, if you refresh ADSI Edit page, the newly created user will show up.

4. Windows ADLDS connection from external network

In this section I try to connect Windows ADLDS from external system.

Logon to the Ubuntu Server.

$ sudo apt install ldap-utils libldap2-dev

4.1. ldapsearch example

LDAP Search syntax:

ldapsearch -x -H ldap://<LDAP_SERVER>:389 \
-D "CN=admin,CN=Users,DC=example,DC=com" \
-b "DC=example,DC=com" "(objectClass=*)" \
-w <USER_PASSWORD>

So, in my context:

LDAP Server: ldap://192.168.0.178:389
Bind DN: CN=Administrator,CN=Users,DC=amaharjan,DC=priv
Base DN: CN=Users,DC=amaharjan,DC=priv

ldapsearch -x -H ldap://192.168.0.201:389 \
-D "CN=Administrator,CN=Users,DC=amaharjan,DC=com" \
-b "DC=amaharjan,DC=com" "(objectClass=*)" \
-w <password-here>

4.2. ldapadd example

Now, let's try to ldapadd to the Windows server's AD from the Ubuntu server:

ldapadd -x -H ldap://192.168.0.178:389 \
-D "CN=Administrator,CN=Users,DC=amaharjan,DC=priv" \
-w Toor#win -a <<EOF
dn: cn=fnietzsche,cn=Users,dc=amaharjan,dc=priv
objectClass: User
sn: Nietzsche
givenName: Friedrich
cn: fnietzsche
userPassword: Password1

EOF

Keycloak Integration

In this section, I will show you how to integrate Keycloak and Microsoft Active Directory.

Keycloak Realm

First you need a realm

Create User Federation

User federation provides access to external databases and directories, such as LDAP and Active Directory.

Add new provider

As mentioned below:

Connection URL: ldap://192.168.0.201:389
Bind type: Simple
Bind DN: CN=Administrator,CN=Users,DC=amaharjan,DC=com
Bind credentials:
Edit mode: WRITABLE
Users DN: OU=IT System Administrator,OU=IT Support,DC=amaharjan,DC=com
Username LDAP attribute: sAMAccountName
RDN LDAP attribute: cn
UUID LDAP attribute: objectGUID
User object classes: inetOrgPerson
Synchronization settings
- Batch size: 1000
- Periodic full sync: On
- Full sync period: 604800