{"id":7424,"date":"2020-09-02T14:55:48","date_gmt":"2020-09-02T12:55:48","guid":{"rendered":"https:\/\/www.oradba.ch\/?p=7424"},"modified":"2020-09-02T15:01:32","modified_gmt":"2020-09-02T13:01:32","slug":"trivadis-lab-simple-vagrant-setup-of-windows-ad-server","status":"publish","type":"post","link":"https:\/\/www.oradba.ch\/wordpress\/2020\/09\/trivadis-lab-simple-vagrant-setup-of-windows-ad-server\/","title":{"rendered":"Trivadis LAB: Simple Vagrant Setup of Windows AD Server"},"content":{"rendered":"\n

One of my biggest problems when I started to look into Kerberos Authentication, Oracle Centrally Managed Users as well Oracle Enterprise User Security was the availability of an Active Directory to setup test cases. It is usually not the core business of an Oracle DBA to configure an Active Directory server. \ud83d\ude42 Using the productive AD is generally not a good choice either. One day I set up a Virtualbox VM with Windows 2016 and Active Directory. Great, but the VM went the way that many test VMs go and got screwed up. Set up a VM from scratch is cumbersome and time consuming. In particular when you would have to do it regular. Just doing backup and snapshot does work, but does not help to share the VMs with colleagues. Besides that the disk space on my notebook is limited. Then I did started to look into Vagrant. Then I did started to look into Vagrant. Not only for Oracle Database VMs but also for my Active Directory server. I have successfully used this environment in the past for several lectures and trainings at SOUG, DOAG and AOUG.<\/p>\n\n\n\n

The aim of this blog post is to introduce the Trivadis LAB environment. In particular, the vagrant based setup of the Windows Server for Active Directory. I will discuss some basic steps to create such a VM, but also a few configuration details so that you can use it in your own engineering project. I myself use the Windows VM together with DB VMs (oehrlis\/trivadislabs.com<\/a><\/em>) but also with my Docker based engineering environment (oehrlis\/doe<\/a><\/em>). So lets get ready to rumble…<\/p>\n\n\n\n

Trivadis LAB Environment<\/h1>\n\n\n\n

As you can see in the following figure, the entire Trivadis LAB environment contains VMs for Oracle databases and Oracle Unified Directory in addition to the VM for Active Directory. However, these are not included in this blog post. We just focus on Windows.<\/p>\n\n\n\n

\"LabEnvironment\"
Trivadis LAB Environment<\/figcaption><\/figure>\n\n\n\n

To allow a more or less practical use of the directory, a simple structure was created for the fictitious company Trivadis LAB<\/em>. The following graphic shows the organisation chart including departments and employees for Trivadis LAB<\/em>. All the users listed can be used as test users. The login name corresponds to the last name in lower case. The password for all users is set to a default password (see configuration files)<\/p>\n\n\n\n

\"Trivadislabs
Organisation Chart Trivadis LAB<\/figcaption><\/figure>\n\n\n\n

The fictitious company has the following departments: <\/p>\n\n\n\n

id<\/th>DEPARTMENT<\/strong><\/th>DISTINGUISHED NAME (DN)<\/strong><\/th><\/tr><\/thead>
10<\/td>Senior Management<\/td>ou=Senior Management,ou=People,dc=trivadislabs,dc=com<\/em><\/td><\/tr>
20<\/td>Accounting<\/td>ou=Accounting,ou=People,dc=trivadislabs,dc=com<\/em><\/td><\/tr>
30<\/td>Research<\/td>ou=Research,ou=People,dc=trivadislabs,dc=com<\/em><\/td><\/tr>
40<\/td>Sales<\/td>ou=Sales,ou=People,dc=trivadislabs,dc=com<\/em><\/td><\/tr>
50<\/td>Operations<\/td>ou=Operations,ou=People,dc=trivadislabs,dc=com<\/em><\/td><\/tr>
60<\/td>Information Technology<\/td>ou=Information Technology,ou=People,dc=trivadislabs,dc=com<\/em><\/td><\/tr>
70<\/td>Human Resources<\/td>ou=Human Resources,ou=People,dc=trivadislabs,dc=com<\/em><\/td><\/tr><\/tbody><\/table>
Trivadis LAB Departments<\/figcaption><\/figure>\n\n\n\n

The following groups were defined: <\/p>\n\n\n\n

GROUP<\/strong><\/th>DISTINGUISHED NAME (DN)<\/th>DESCRIPTION<\/strong><\/th><\/tr><\/thead>
Trivadis LAB APP Admins<\/td>ou=Trivadis LAB APP Admins,ou=Groups,dc=trivadislabs,dc=com<\/em><\/td>Application administrators<\/td><\/tr>
Trivadis LAB DB Admins<\/td>ou=Trivadis LAB DB Admins,ou=Groups,dc=trivadislabs,dc=com<\/em><\/td>DB Admins from the IT department<\/td><\/tr>
Trivadis LAB Developers<\/td>ou=Trivadis LAB Developers,ou=Groups,dc=trivadislabs,dc=com<\/em><\/td>Developers from the research department<\/td><\/tr>
Trivadis LAB Management<\/td>ou=Trivadis LAB Management,ou=Groups,dc=trivadislabs,dc=com<\/em><\/td>Management and managers<\/td><\/tr>
Trivadis LAB System Admins<\/td>ou=Trivadis LAB System Admins,ou=Groups,dc=trivadislabs,dc=com<\/em><\/td>System Admins from the IT department<\/td><\/tr>
Trivadis LAB Users<\/td>ou=Trivadis LAB Users,ou=Groups,dc=trivadislabs,dc=com<\/em><\/td>All Users<\/td><\/tr>
Trivadis LAB HR<\/td>ou=Trivadis LAB HR,ou=Groups,dc=trivadislabs,dc=com<\/em><\/td>Human Resources<\/td><\/tr><\/tbody><\/table>
Trivadis LAB Groups<\/figcaption><\/figure>\n\n\n\n

Prerequisites<\/h1>\n\n\n\n

The vagrant projects in oehrlis\/trivadislabs.com<\/a> do require Vagrant and Window Server Virtualbox.<\/p>\n\n\n

    \n
  1. Install Oracle VM VirtualBox<\/a><\/li>\n
  2. Install Vagrant<\/a><\/li>\n<\/ol>\n\n\n

    The first time you provision a Windows Server VM, the basis Vagrant Box is loaded from the Vagrant Cloud, which may take a while. If preferred, you can download this VM in advance with Vagrant. Enclosed the example for Windows Server 2019 <\/p>\n\n\n\n

    vagrant box add StefanScherer\/windows_2019 --provider virtualbox<\/code><\/pre>\n\n\n\n
    Setup<\/h1>\n\n\n\n
    Setup of the Vagrant VM is straight forward. You have to decide if you would like to setup a Windows Server 2019 (win2019ad<\/em>) or Windows Server 2016 (win2019ad<\/a><\/em>). The steps below are for Windows Server 2019.<\/p>\n\n\n
      \n
    1. Clone this repository git clone https:\/\/github.com\/oehrlis\/trivadislabs.com<\/em><\/li>\n
    2. Adjust configuration in trivadislabs.com\/<\/em>common\/config\/vagrant.yml<\/em><\/li>\n
    3. Change into the trivadislabs.com\/win2019ad<\/em> directory<\/li>\n
    4. Run vagrant up<\/em>\n
        \n
      1. The first time you run this it will provision everything and may take a while (20-40min). Ensure you have a good internet connection as the scripts will download a couple of tools via Chocolatey<\/em><\/a>.<\/li>\n
      2. The installation can be customised, if desired (see below).<\/li>\n<\/ol>\n<\/li>\n
      3. Connect to the VM using vagrant rdp<\/em> as vagrant<\/em> or administrator<\/em> user. Default password is either store in vagrant.yml<\/a> or default_pwd_windows.txt<\/a>.<\/li>\n
      4. If necessary, run the Windows Update manually.<\/li>\n
      5. You can shut down the VM via the usual vagrant halt<\/em> and then start it up again via vagrant up<\/em><\/li>\n<\/ol>\n\n\n
        Enclosed an excerpt from the vagrant up<\/em> command:<\/p>\n\n\n\n
        user@host:~\/trivadislabs.com\/win2019ad\/ [ic19300] time vagrant up\nBringing machine 'win2019ad' up with 'virtualbox' provider...\n==> win2019ad: Importing base box 'StefanScherer\/windows_2019'...\n==> win2019ad: Matching MAC address for NAT networking...\n==> win2019ad: Checking if box 'StefanScherer\/windows_2019' version '2020.07.17' is up to date...\n==> win2019ad: Setting the name of the VM: win2019ad.trivadislabs.com\n==> win2019ad: Clearing any previously set network interfaces...\n==> win2019ad: Preparing network interfaces based on configuration...\n    \n...\n\n    win2019ad: This Computer SID is S-1-5-21-1473420208-2468469534-\n    win2019ad: =========================================================\n    win2019ad:  Successfully finish setup AD VM \n    win2019ad:   Host      : win2019ad\n    win2019ad:   Domain    : trivadislabs.com\n    win2019ad: =========================================================\n\nreal\t34m7.109s\nuser\t1m4.814s\nsys\t0m32.222s<\/code><\/pre>\n\n\n\n
        Configuration<\/h1>\n\n\n\n
        The Vagrantfile<\/em> is preconfigured for the Trivadis LAB domain. I.e. host name, domain name, user etc. are predefined. Generally there is no need to adjust the Vagrant file itself. To ensure that all VMs in Trivadis LAB always work with the same configurations, a central YAML file is used for Vagrant. The file is locate in common\/config\/vagrant.yml. For the Window VM you find the following configuration:<\/p>\n\n\n\n
        # Configuration valid for all VM's\ncommon:\n  default_password: LAB01schulung\n  domain_name: trivadislabs.com\n  company_name: Trivadis LAB\n  gateway: 10.0.0.1\n  dns: 10.0.0.4\n  public_dns1: 8.8.8.8\n  public_dns2: 4.4.4.4\n\n# Configuration valid for Windows 2019 AD server\nwin2019ad:\n  box: StefanScherer\/windows_2019\n  vm_name: win2019ad\n  domain_mode: WinThreshold\n  people_ou_name: People\n  groups_ou_name: Groups\n  mem_size: 2048\n  cpus: 1\n  public_ip: 10.0.0.4<\/code><\/pre>\n\n\n\n
        A short explanation of the settings and possibilities:<\/p>\n\n\n\n