Home > Ultimate vSphere Lab > Building the Ultimate vSphere Lab – Part 6: Domain Controller

Building the Ultimate vSphere Lab – Part 6: Domain Controller

The first VM we will deploy is our Domain Controller.

Right-click the Windows2008R2_Base VM and select Manage – Clone.


Base the clone on an Existing Snapshot named Version 1.0 (or whatever you called it before).


Create a Linked Clone.


Store it on the SSD drive and name it DC.


Power On the DC!

It will boot and will run through the Mini Setup.


Windows will ask you for Regional Settings and a Password.  It will boot afterwards.

You may notice that display performance is a bit sluggish.  Just Reinstall VMware Tools and Repair it and you’re set.


Okay, the first thing we will do is to put the network of this DC to the Internal we created earlier.

Edit the settings of the VM and change Network Adapter to VMnet2.  The DC is now isolated from your home network.  It can only communicate with other VMs on VMnet2 (but there aren’t any for now).

Fill in the IP4 Settings like in the screen below (mind the subnet!  It’s a /24!).


Next, Rename the VM to DC and reboot.


After the reboot, get back into the Computer Rename dialog box and press the More… button.

Fill in a valid DNS Suffix for your new domain we will create.  Mine will be named labo.local.  This means my DC will be DC.labo.local.  Reboot afterwards.


Next up, open Server Manager and click the Add Roles link.  Select DHCP Server & DNS Server.


Click Next a couple of times until you reach the IPv4 DNS Settings.  Fill in labo.local in the Parent domain field.


Continue clicking Next until the DHCP Scopes screen.  Click Add and add a scope ranging from until

Click Next until the DHCPv6 Stateless Mode and disable it.

Install the goodies!


Open the DNS Console and create a Forward Lookup Zone with the following settings:

Type Primary zone
Zone name labo.local
Create a new file … labo.local.dns
Dynamic Updates Allow both unsecure and secure dynamic updates

Then, create a Reverse Lookup Zone with the following settings:

Type Primary zone
IP IPv4 Reverse Lookup Zone
Network ID 10…
Create a new file… 10.in-addr.arpa.dns
Dynamic Updates Allow both unsecure and secure dynamic updates

Now perform an ipconfig /registerdns (or reboot your server) and ensure it is listed in the Forward and Reverse lookup zone.


Now it’s time to perform a DC Promotion.  Enter the dcpromo command.  The AD binaries will be installed.  Create a new domain in a new forest.

Fill in labo.local (or your own domain name) as the forest name.


Set the Forest functional level to Windows Server 2008 R2.


On the DNS Delegation, selection the option to no create the DNS delegation.

Accept the default file locations for AD binaries.  You could change them (as a best practice) to seperate disks, but since this is only a small LAB AD, i won’t bother with that.


Fill in a valid Directory Services Restore Mode password and click Next a couple of times to install AD.


You will get a warning about the DNS Zone.  Just skip it.


After the reboot, open Server Manager and go to Roles – DHCP Server.  Right-click your DHCP server and select Authorize.  This will make both IPv4 and IPv6 “green".


If you want, you can change the Forward and Reverse Lookup zone in DNS to AD Integrated, but it’s not really necessary for our lab.

That’s it for our Domain Controller!

Next up will be the SQL Server!


Building the Ultimate vSphere Lab – Part 1: The Story

Building the Ultimate vSphere Lab – Part 2: The Hardware

Building the Ultimate vSphere Lab – Part 3: VMware Workstation 8

Building the Ultimate vSphere Lab – Part 4: Base Template

Building the Ultimate vSphere Lab – Part 5: Prepare the Template

Building the Ultimate vSphere Lab – Part 6: Domain Controller

Building the Ultimate vSphere Lab – Part 7: SQL Server

Building the Ultimate vSphere Lab – Part 8: vCenter

Building the Ultimate vSphere Lab – Part 9: ESXi

Building the Ultimate vSphere Lab – Part 10: Storage

Building the Ultimate vSphere Lab – Part 11: vMotion & Fault Tolerance

Building the Ultimate vSphere Lab – Part 12: Finalizing the Lab

Categories: Ultimate vSphere Lab
  1. Raed Hussein
    January 20, 2012 at 18:20

    Hi again,, i guess the subnet was /8 and not /24.
    Unless you have another purpose

  2. Raed Hussein
    January 20, 2012 at 22:31

    oh sorry, ignore my question, how a geek I am 😀

  3. abyakta
    February 20, 2012 at 21:14


    Your whole Lab scenario is really amazing but in this scenario.how to access the lab from the Host system.I am if i want to access the vcenter from the host or ssh to esxi through putty i can’t do it as the network of whole lab is different then how can i do that. if i want to configure the update manager then how can you communicate update manager to internet.
    Hoping that you understand my question.


    • February 21, 2012 at 10:54

      The easiest way is to add an additional vNIC to your vCenter server and make it a Bridged connection. It will then receive an IP from your home network (router, modem, …).
      You vCenter will then be able to access the internet (make sure that you don’t specify a default gateway on the vNICs connected to VMnet2 or 3 on the vCenter machine, only on the bridged connection.

      You can then also reach your vCenter through RDP using that bridged connection.

      If you want to PuTTY to your ESXi hosts from your desktop host, go into the Virtual Network Editor in VMware Workstation and enable “Connect a host virtual adapter to this network” on the VMnet2 network. You will get an extra Network Adapter (virtual) on your desktop PC. Give that an IP address in the same range as the ESXi hosts (10.0.0.x) without specifying a gateway and you’re set!

  4. Tim
    April 1, 2012 at 14:48

    I really appreciate the time and effort you put into this lab setup. It is great.

    Hmm.. for whatever reason, after completing the domain controller setup, I am getting a number of warnings and one error related to DHCP on the roles summary. Here is the error:

    The DHCP/BINL service on the local machine, belonging to the windows Administrative Domain labo.local, has determined that it is not authorized to start.It has stopped servicing clients. The following are some possible reasons for this:

    This machine is part of a directory service enterprise and is not authorized in the same domain.

    This machine cannot reach its directory service enterprise and it has encountered another DHCP service on the network belonging to a directory service enterprise on which the local machine is not authorized.

    WOuld you have any ideas what my problems might be? Thanks for any reply!

    • April 2, 2012 at 09:08

      Normally, your DHCP must be authorized in AD. Check this article to Authorize it and that should get you rid of the error you are getting:


      • Tim
        April 2, 2012 at 20:20

        Thanks for this link.

        Oddly enough, after restarting the vm a second time, the error has disappeared without my having done anything special.

        However, I still get several warnings in the Roles summary. Would you know if these are things I should address or be concerned about:

        Active Directory Domain Services:

        Event 2886 – The security of this directory server can be significantly enhanced by configuring the server to reject SASL (Negotiate, Kerberos, NTLM, or Digest) LDAP binds that do not request signing (integrity verification) and LDAP simple binds that are performed on a cleartext (non-SSL/TLS-encrypted) connection. Even if no clients are using such binds, configuring the server to reject them will improve the security of this server.

        DHCP Server:

        Event 10020 – This computer has at least one dynamically assigned IPv6 address.For reliable DHCPv6 server operation, you should use only static IPv6 addresses.

        Event 1056 – The DHCP service has detected that it is running on a DC and has no credentials configured for use with Dynamic DNS registrations initiated by the DHCP service. This is not a recommended security configuration. Credentials for Dynamic DNS registrations may be configured using the command line “netsh dhcp server set dnscredentials” or via the DHCP Administrative tool.

        Thanks again.

      • April 4, 2012 at 08:37

        None of these warnings are critical or will limit the functionality of your lab. In a production environment you might want to look after them to secure your DC.

  5. Shawn
    May 14, 2012 at 23:46

    This Lab is great but how do you deal with the licensing activation etc. to keep you Virtual lab running?

    • May 15, 2012 at 09:16

      Several options:
      – For the Windows VMs, this expiration period is 180, for VMware 60 days
      – Make a simple file copy of all VMs after the initial install. After the licenses are expired, restore the original VMs and you can restart the evaluation period.
      – For Windows VMs, a Technet subscription is the cheapest solution to get permanent licenses
      – For VMware, we have NFR licenses (work for a Partner)

  6. venkat
    October 5, 2012 at 08:24

    Amazing thing.. Thanks a lot, actually this home preparation makes confidence level improvement in interviews who never had an practical exrposure but theoritical exposure at technology in organisation… Thanks a ton..:)

  7. November 17, 2012 at 04:46

    When we created the vmnet2 we gave it a subnet mask of /8
    But when are creating the DC and adding it to vmnet2 , why are we giving it a subnet of /24?


  8. Sean
    January 15, 2013 at 08:08

    Why did you use as the subnet mask for DC’s Class A IP address

    In VMnet2 (workstation settings), you used

    • January 15, 2013 at 09:29

      In the VMnet2 setting in Workstation, we indeed filled in But as long as you don’t use the Workstation’s internal DHCP server to distribute IP addresses, it doesn’t really matter what you fill in there…

      I’ll clear that up in the new updated series when 5.1 is validated on Server 2012!

  9. Sean
    January 15, 2013 at 17:13

    hmm… so would putting in Workstation setting for VMnet2 make any difference compared to Since Workstation’s DHCP is not being used and no internet is allowed on vmnet2, I believe both would act the same correct?

    • January 22, 2013 at 10:36

      Yes that is correct! Doesn’t make a difference as long as you don’t use the DHCP Service of Workstation!

  10. Klauss
    February 11, 2013 at 21:38

    Very helpful – Thank you. I just don’t understand why creating the machine from the linked clone – when space is not an issue?

    • February 24, 2013 at 19:01

      When space is not an issue you can just create ‘fresh’ installs for all VMs. The linked clones are only there to save some space on the SSD drive.

  11. Kwasi Denkyira
    April 12, 2013 at 05:58

    I am following this great material to setup my lab but I cannot get internet access when creating Internal network for my LAN communication using with a subnet mask of I am using vmware workstation 9.0 and my Host is Windows 7 Ultimate, 64-bit

  12. Kwasi Denkyira
    April 12, 2013 at 14:28

    Ok, I got it working changing to and it works now

  1. June 8, 2012 at 16:43
  2. October 31, 2013 at 16:49

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: