Setting up an AD DS server for my homelab

Hey

I have been looking to learn how to administrate MS AD DS and have a setup that I can actually try different things hands on. Microsoft does have courses on it, but sadly I have not really found those helpful since I cannot actually apply the new information in practise…

I do have access to Windows Server lincenses (2019,2022,2025 both standard and DC) but I have really been strugling to find the documentation on how to properly setup an AD DS server.

The biggest issue for me is that I have not really managed to figure out how to setup the DNS on the serverside, and how to offload the domain name stuff to my network router that does have access to a non-static public IPv4 address. Any ideas what could be wrong?

I have opened the ports from this article, but it doesn’t help

And the way that I was able to figure out the AD DS is not working was that I was not able to connect other VM’s running windows 10/11 Education onto that DC.

I have tried to setup a DC both on my homelab on top of proxmox VE and also through azure but I have not really had time to familiarize myself with the networking setup and DNS…

If you are aware of an guide or something that might be useful for me, let me know down below as well.

Any thoughts on how I should approach this? I would like to learn how to use that platfrom, but atm it feels out of my reach…

Thanks for taking the time

When installing the ADDS role the DNS Server role should be installed as well and setup automatically for your desired DNS name (has been a long time since I did this). Then only port 53 needs to be open other clients and servers use to do DNS against your domain controller. You did manually set the DNS server to your DS VM IP?

And in your DNS server options you would need to set up a forwarder IP for an external DNS server like 1.1.1.1 or 8.8.8.8 or your local pihole or router.
There are better and more secure ways to setup DNS, but for a homelab this should suffice.

2 Likes

2025 datacenter as the hyper-v host
2025 standard as DC01 VM
set static IP address for DC
add ADDS role to DC
configure conditional forwarding to 1.0.0.1 and 8.8.8.8 (encrypted cloudflare and google)
add DC role
only set devices to use DC as DNS when they will be Domain controlled, do not redirect router to DC as this is a homelab / devops setup.

take regular backups of VM so you can undo mistakes

enjoy

1 Like

Hey, sorry but is there a erason why I would run the DC as a VM of VM when I do could just make another vm on the hypervisor (proxmox)?

EDIT:
Allright, so just to understand, your suggestion is to create the whole windows lab using the windows server as a hypervisor and build the vm’s on top of it?

Only until ProxMox (QEMU) can figure out TPM pass-through so you can enable the full feature set of windows. Even if none of the below features interest you, you cannot run Windows 11 24H2’s successor on a hypervisor without a TPM module being passed through.

As soon as QEMU can support vTPM sharing, ProxMox will be the recommendation over Windows Server Datacenter.

1 Like

Allright, thanks for confirming that

I have been able to get some basic virtual TMP setted up PVE8.2. The implemenation has been good enough for Windows 11 vm not to complain about it, but I have not done much research onto the topic outside of that

1 Like