Certainly! Here's the updated reference guide for setting up your `homelab.local` Active Directory domain: # Reference Guide: Setting Up `homelab.local` AD Domain ## Introduction This guide outlines the process for creating an Active Directory (AD) domain, `homelab.local`, tailored for a comprehensive home network that includes personal devices, a cybersecurity lab, network-attached storage (NAS), and various IT and server equipment. It focuses on security, management, and operational efficiency. ## Domain Configuration ### Step 1: Domain and Controller Setup 1. **Primary Domain Controller (PDC):** Choose a dedicated or virtual server with sufficient resources to run Windows Server. This server will manage the `homelab.local` domain. 2. **Secondary Domain Controller (SDC):** Optional but recommended for redundancy. Can be less resource-intensive and also runs Windows Server. ### Step 2: Organizational Units (OUs) and Structure 1. **Create OUs for Major Areas:** - `CyberLab`: For cybersecurity research and testing. - `HomeDevices`: For personal and home devices. - `NAS`: For network-attached storage access and management. - `Users`: For managing user accounts and permissions. 2. **Define Sub-OUs:** - Under `CyberLab`: Create `Testing Environments`, `Research`, `Tools`. - Under `NAS`: Create `Media`, `Personal Storage`, `Lab Data`. ### Step 3: Security Groups and User Accounts 1. **Establish Security Groups:** - `LabAdmins`, `FamilyMembers`, `MediaAccess`, `Guests`, with permissions tailored to their needs. 2. **Create User Accounts:** - Setup `Admin Account(s)` for AD and resource management. - Create individual `Family User Accounts` and `Guest Accounts` as needed. - Use a clear naming convention for user accounts, e.g., `john.doe_001`. ### Step 4: Network Configuration and Security 1. **Segment LAN/WLAN:** - Differentiate between `CyberLab` and `HomeDevices` networks for security and traffic isolation. 2. **Implement Firewall Rules:** - Control traffic between network segments, especially protecting `CyberLab` resources. - Create specific firewall rules for each sub-OU within the `CyberLab`. ### Step 5: NAS Configuration and Access 1. **Set Up Storage Areas:** - Allocate `Media`, `Personal Storage`, and `Lab Data` areas within the NAS, setting appropriate access permissions for each user or group. 2. **NAS Backup Strategy:** - Implement a separate backup strategy for the NAS, including regular incremental backups to an external drive or cloud storage service. ### Step 6: Group Policy Objects (GPOs) 1. **Define Key Policies:** - Enforce a strong `Password Policy`, with a stricter policy for the `LabAdmins` group. - Set an `Update Policy` for automatic Windows updates. - Apply `Software Restrictions` to limit installations on personal and home devices, using a whitelist of approved software. 2. **GPO for NAS Access:** - Create a dedicated GPO for NAS access, defining user and group permissions for specific shares. ## Mermaid Diagram ```mermaid graph TD; A[PDC: homelab.local] -->|Manages| B[CyberLab] A -->|Manages| C[HomeDevices] A -->|Manages| D[NAS] A -->|Manages| E[Users] B --> F[Testing Environments] B --> G[Research] B --> H[Tools] C --> I[Personal Laptops] C --> J[Smart Home Devices] D --> K[Media] D --> L[Personal Storage] D --> M[Lab Data] E --> N[Admins] E --> O[Family] E --> P[Guests] N --> Q[Admin Account] O --> R[Family User Accounts] P --> S[Guest Accounts] ``` ## Conclusion This updated reference guide provides a comprehensive blueprint for setting up a secure and efficient Active Directory domain for your home network and cybersecurity lab. By following these steps and considering the additional recommendations, you can create a well-organized, manageable environment that supports both your professional and personal digital activities.