⚠️
Project Status Update - February 2025: This infrastructure project was discontinued indefinitely due to a basement flood. The flood waters reached the hardware case, submerging the server and network equipment. This case study documents the complete implementation that was completed prior to the incident. Most hardware, configurations, and data were lost, but the knowledge and experience gained remain valuable.
ℹ️
Project Status Update - January 2025: Project put on hold to prepare for the arrival of our baby boy! 🎉
Executive Summary
This comprehensive case study documents the complete design, implementation, and ongoing management of a budget-friendly home network infrastructure built with the most cost-effective components available. As a new graduate, this project was completed using used/refurbished hardware and evaluation software, demonstrating that enterprise-level IT skills can be developed without expensive equipment. The project showcases proficiency in Windows Server administration, Active Directory management, Linux integration, network design, virtualization, and infrastructure automation—all achieved on a total hardware budget of approximately $295.
This hands-on learning environment serves as a practical demonstration of real-world IT infrastructure capabilities while highlighting resource optimization and cost-effective technology choices. The single-server design combines multiple roles to minimize hardware costs while maximizing learning value, making it an ideal project for new graduates building their first home lab.
Project Duration: 3 months (September - November 2024)
Total Implementation Time: ~120 hours
Total Hardware Cost: ~$295 (budget-optimized, used/refurbished components)
Technologies Used: Windows Server 2022 Evaluation, Ubuntu Server 22.04 LTS, Hyper-V, Active Directory, PowerShell, BASH, VLANs, DHCP, DNS
Hardware Strategy: Single-server design combining DC and Hyper-V roles to minimize costs while maximizing learning value
Project Objectives
Primary Goals
- Active Directory Domain Environment: Create a fully functional Windows Server 2022 domain controller with proper DNS and DHCP services
- Network Segmentation: Implement VLAN-based network segmentation for security and organization
- Virtualization Infrastructure: Deploy Hyper-V virtualization platform supporting multiple virtual machines
- Linux-Windows Integration: Successfully integrate Ubuntu Server into Active Directory domain
- Centralized Management: Establish monitoring and management tools for infrastructure oversight
- Security Implementation: Apply enterprise security best practices including firewalls, Group Policy, and access controls
- Documentation: Create comprehensive documentation for future reference and knowledge sharing
Success Criteria
- ✅ All network services (DNS, DHCP) functioning correctly
- ✅ Domain-joined clients authenticating successfully
- ✅ Linux systems integrated with Active Directory
- ✅ Network segmentation isolating traffic appropriately
- ✅ Virtual machines running stable and performant
- ✅ Monitoring and alerting systems operational
- ✅ Complete documentation of all configurations
Architecture Design
Network Topology
Internet Gateway
(ISP Router)
|
| (WAN)
|
┌──────────┴──────────┐
| ISP Router |
| (192.168.1.1) |
| (VLAN Support) |
└──────────┬──────────┘
|
┌──────────┴──────────┐
| Managed Switch |
| (8-port VLAN) |
└──────────┬──────────┘
|
┌────────────────┼────────────────┐
| | |
VLAN 10 VLAN 20 VLAN 30
Management Servers Clients
192.168.10.0/24 192.168.20.0/24 192.168.30.0/24
| | |
┌────┴────┐ ┌────┴────┐ ┌────┴────┐
| | | | | |
DC + Mgmt External Work- Mobile
Hyper-V WS USB stations Devices
Host (10.5) Backup (30.x) (30.x)
(10.10) (20.2)
|
├─── Ubuntu Server VM (20.10)
├─── Windows File Server VM (20.15)
└─── Windows 10 Test Client VM (20.20)
IP Addressing Scheme
| VLAN | Subnet | Gateway | Purpose | Devices |
|---|
| VLAN 10 | 192.168.10.0/24 | 192.168.10.1 | Management | Domain Controllers, Admin Workstations |
| VLAN 20 | 192.168.20.0/24 | 192.168.20.1 | Servers | Hyper-V Host, VMs, NAS |
| VLAN 30 | 192.168.30.0/24 | 192.168.30.1 | Clients | Workstations, Laptops, Mobile Devices |
Hardware Specifications
Budget Considerations: As a new graduate, this project was built using the most cost-effective components possible, focusing on learning and functionality over performance. Most components were purchased used or refurbished, and evaluation/trial software was utilized where possible.
Primary Domain Controller Server (Combined with Hyper-V Host):
- CPU: Intel Core i5-4590 (4 cores, 4 threads) - Used/Refurbished (~$40)
- RAM: 16GB DDR3-1600 (2x 8GB) - Used (~$30)
- Storage: 500GB SATA SSD (Crucial MX500) - New (~$45)
- Motherboard: Used LGA1150 motherboard with integrated gigabit Ethernet (~$50)
- Power Supply: 450W 80+ Bronze - Used (~$25)
- Case: Basic ATX case - Used (~$20)
- OS: Windows Server 2022 Evaluation (180-day trial, renewable)
- Total Cost: ~$210
Network Infrastructure:
- Router: Existing ISP router with VLAN support (or used enterprise router ~$30)
- Switch: TP-Link TL-SG108E (8-port managed switch) - New (~$35)
- Storage: External USB 3.0 HDD (2TB) for backups - New (~$50)
- Total Network Cost: ~$85
Total Project Cost: ~$295 (excluding existing ISP router if used)
Note: This single-server setup runs both the domain controller and Hyper-V host roles to minimize hardware costs. While not ideal for production environments, it provides excellent learning opportunities and demonstrates resource optimization skills.
Phase 1: Windows Server 2022 Domain Controller Setup
Pre-Installation Planning
Before installing Windows Server 2022, I performed the following planning steps:
- Network Configuration Planning: Determined static IP address (192.168.10.10)
- DNS Planning: Planned domain name (homelab.local) and DNS structure
- Naming Convention: Established server naming convention (DC01-HOMELAB)
- Service Accounts: Planned service account requirements
- Backup Strategy: Identified backup requirements and locations
Installation Steps
Step 1: Windows Server 2022 Installation
# Installation media: Windows Server 2022 Standard Evaluation
# Installation method: USB bootable media
# Partition scheme: GPT
# File system: NTFS
# Installation time: ~20 minutes
Step 2: Initial Server Configuration
# Set computer name
Rename-Computer -NewName "DC01-HOMELAB" -Restart
# Configure static IP address
New-NetIPAddress -InterfaceAlias "Ethernet" `
-IPAddress 192.168.10.10 `
-PrefixLength 24 `
-DefaultGateway 192.168.10.1
Set-DnsClientServerAddress -InterfaceAlias "Ethernet" `
-ServerAddresses 192.168.10.1
# Enable Remote Desktop
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' `
-name "fDenyTSConnections" -Value 0
Enable-NetFirewallRule -DisplayGroup "Remote Desktop"
Step 3: Install Active Directory Domain Services
# Install AD DS role
Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools
# Import AD DS Deployment module
Import-Module ADDSDeployment
# Promote to Domain Controller
Install-ADDSForest `
-CreateDnsDelegation:$false `
-DatabasePath "C:\Windows\NTDS" `
-DomainMode "Win2022" `
-DomainName "homelab.local" `
-DomainNetbiosName "HOMELAB" `
-ForestMode "Win2022" `
-InstallDns:$true `
-LogPath "C:\Windows\NTDS" `
-NoRebootOnCompletion:$false `
-SysvolPath "C:\Windows\SYSVOL" `
-Force:$true `
-SafeModeAdministratorPassword (ConvertTo-SecureString "ComplexP@ssw0rd123!" -AsPlainText -Force)
Step 4: Post-Installation Configuration
# Verify domain controller installation
Get-ADDomainController
Get-ADDomain
Get-ADForest
# Configure DNS forwarders
Add-DnsServerForwarder -IPAddress 1.1.1.1
Add-DnsServerForwarder -IPAddress 8.8.8.8
# Verify DNS zones
Get-DnsServerZone
# Test DNS resolution
Resolve-DnsName homelab.local
Resolve-DnsName google.com
DHCP Configuration
Step 1: Install DHCP Server Role
Install-WindowsFeature -Name DHCP -IncludeManagementTools
Step 2: Authorize DHCP Server
# Authorize DHCP server in Active Directory
Add-DhcpServerInDC -DnsName DC01-HOMELAB.homelab.local -IPAddress 192.168.10.10
Step 3: Create DHCP Scope for VLAN 10
# Create DHCP scope
Add-DhcpServerv4Scope `
-Name "VLAN10-Management" `
-StartRange 192.168.10.100 `
-EndRange 192.168.10.200 `
-SubnetMask 255.255.255.0 `
-State Active
# Configure scope options
Set-DhcpServerv4OptionValue `
-ScopeId 192.168.10.0 `
-DnsDomain homelab.local `
-DnsServer 192.168.10.10 `
-Router 192.168.10.1
# Set lease duration (8 days)
Set-DhcpServerv4Scope -ScopeId 192.168.10.0 -LeaseDuration 8.00:00:00
# Create reservation for critical device
Add-DhcpServerv4Reservation `
-ScopeId 192.168.10.0 `
-IPAddress 192.168.10.50 `
-ClientId "AA-BB-CC-DD-EE-FF" `
-Description "Management Workstation"
Challenges Encountered and Solutions
Challenge 1: DNS Resolution Failures
Symptoms:
- External DNS queries failing
- Internal domain name resolution inconsistent
- Event ID 4013 in DNS Server log
Root Cause: DNS forwarders not properly configured, causing recursive queries to fail
Solution:
# Removed incorrect forwarders
Remove-DnsServerForwarder -IPAddress 192.168.10.1 -Force
# Added reliable public DNS forwarders
Add-DnsServerForwarder -IPAddress 1.1.1.1
Add-DnsServerForwarder -IPAddress 8.8.8.8
# Verified forwarder configuration
Get-DnsServerForwarder
# Tested resolution
Resolve-DnsName google.com -Server 192.168.10.10
Challenge 2: DHCP Authorization Issues
Symptoms:
- DHCP server not responding to client requests
- Event ID 1046: DHCP server not authorized
- Clients unable to obtain IP addresses
Root Cause: DHCP server not authorized in Active Directory
Solution:
# Authorized DHCP server
Add-DhcpServerInDC -DnsName DC01-HOMELAB.homelab.local -IPAddress 192.168.10.10
# Verified authorization
Get-DhcpServerInDC
# Restarted DHCP service
Restart-Service DHCPServer
# Tested DHCP functionality
Get-DhcpServerv4Lease -ScopeId 192.168.10.0
Phase 2: Hyper-V Virtualization Infrastructure
Hyper-V Installation and Configuration
Step 1: Install Hyper-V Role
# Check Hyper-V requirements
Get-ComputerInfo | Select-Object HyperV*
# Install Hyper-V role with management tools
Install-WindowsFeature -Name Hyper-V -IncludeManagementTools -Restart
# Verify installation
Get-WindowsFeature -Name Hyper-V
Step 2: Configure Virtual Switches
# Create external virtual switch for VLAN 20
New-VMSwitch -Name "VLAN20-Servers" `
-NetAdapterName "Ethernet" `
-AllowManagementOS $true
# Configure VLAN ID on virtual switch
Set-VMSwitch -Name "VLAN20-Servers" -VlanId 20
# Verify switch configuration
Get-VMSwitch
Get-VMSwitchExtensionPortFeature -FeatureName "Ethernet Switch Port Security Settings"
Step 3: Configure Hyper-V Settings
# Set default virtual hard disk location (using C: drive on budget setup)
Set-VMHost -VirtualHardDiskPath "C:\VMs\Virtual Hard Disks"
Set-VMHost -VirtualMachinePath "C:\VMs"
# Configure NUMA spanning
Set-VMHost -NumaSpanningEnabled $true
# Configure MAC address ranges
Set-VMHost -MacAddressMinimum "00155D000000"
Set-VMHost -MacAddressMaximum "00155DFFFFFF"
# Enable Enhanced Session Mode
Set-VMHost -EnableEnhancedSessionMode $true
Virtual Machine Deployment
VM 1: Ubuntu Server 22.04 LTS
# Create VM (Budget-optimized configuration)
New-VM -Name "Ubuntu-Server-01" `
-MemoryStartupBytes 2GB `
-Generation 2 `
-NewVHDPath "C:\VMs\Ubuntu-Server-01.vhdx" `
-NewVHDSizeBytes 30GB `
-SwitchName "VLAN20-Servers"
# Configure VM settings (minimal resources for budget setup)
Set-VMProcessor -VMName "Ubuntu-Server-01" -Count 1
Set-VMMemory -VMName "Ubuntu-Server-01" -DynamicMemoryEnabled $false `
-StartupBytes 2GB
# Configure network adapter VLAN
Set-VMNetworkAdapterVlan -VMName "Ubuntu-Server-01" -Access -VlanId 20
# Attach Ubuntu Server 22.04 LTS ISO (downloaded free)
Set-VMDvdDrive -VMName "Ubuntu-Server-01" `
-Path "C:\ISOs\ubuntu-22.04.3-live-server-amd64.iso"
# Start VM
Start-VM -Name "Ubuntu-Server-01"
Ubuntu Server Installation Configuration:
- Hostname:
ubuntu-server-01
- Static IP:
192.168.20.10/24
- Gateway:
192.168.20.1
- DNS:
192.168.10.10
- Packages: OpenSSH Server, Samba, bind9 (minimal installation)
VM 2: Windows Server 2022 File Server
# Create VM (Budget-optimized configuration)
New-VM -Name "FileServer-01" `
-MemoryStartupBytes 4GB `
-Generation 2 `
-NewVHDPath "C:\VMs\FileServer-01.vhdx" `
-NewVHDSizeBytes 60GB `
-SwitchName "VLAN20-Servers"
# Configure VM settings (reduced resources for budget constraints)
Set-VMProcessor -VMName "FileServer-01" -Count 1
Set-VMMemory -VMName "FileServer-01" -DynamicMemoryEnabled $false `
-StartupBytes 4GB
# Configure network adapter VLAN
Set-VMNetworkAdapterVlan -VMName "FileServer-01" -Access -VlanId 20
# Attach Windows Server 2022 Evaluation ISO (free 180-day trial)
Set-VMDvdDrive -VMName "FileServer-01" `
-Path "C:\ISOs\Windows_Server_2022_Evaluation.iso"
# Start VM
Start-VM -Name "FileServer-01"
VM 3: Windows 10 Test Client
# Create VM (Budget-optimized configuration)
New-VM -Name "Win10-TestClient" `
-MemoryStartupBytes 2GB `
-Generation 2 `
-NewVHDPath "C:\VMs\Win10-TestClient.vhdx" `
-NewVHDSizeBytes 40GB `
-SwitchName "VLAN20-Servers"
# Configure VM settings (minimal resources)
Set-VMProcessor -VMName "Win10-TestClient" -Count 1
Set-VMMemory -VMName "Win10-TestClient" -DynamicMemoryEnabled $false `
-StartupBytes 2GB
# Configure network adapter VLAN
Set-VMNetworkAdapterVlan -VMName "Win10-TestClient" -Access -VlanId 20
# Attach Windows 10 ISO (evaluation copy or existing license)
Set-VMDvdDrive -VMName "Win10-TestClient" `
-Path "C:\ISOs\Windows_10_22H2.iso"
# Start VM
Start-VM -Name "Win10-TestClient"
Budget Considerations for VMs:
- All VMs stored on single 500GB SATA SSD (shared with host OS)
- Reduced VM disk sizes to fit within budget storage constraints
- Single vCPU per VM to maximize VM count on 4-core host
- Fixed memory allocation (no dynamic memory) for predictable resource usage
- Total VM storage: ~130GB (leaving ~370GB for host OS and other files)
Hyper-V Management Scripts
PowerShell Script: VM Health Check
# VM-HealthCheck.ps1
# Checks status of all VMs and reports issues
$VMs = Get-VM
$Report = @()
foreach ($VM in $VMs) {
$VMInfo = [PSCustomObject]@{
Name = $VM.Name
State = $VM.State
CPUUsage = $VM.CPUUsage
MemoryAssigned = $VM.MemoryAssigned
Uptime = (Get-Date) - $VM.Uptime
Status = if ($VM.State -eq 'Running') { 'Healthy' } else { 'Warning' }
}
$Report += $VMInfo
}
$Report | Format-Table -AutoSize
$Report | Export-Csv -Path "C:\Reports\VM-Health-$(Get-Date -Format 'yyyyMMdd').csv" -NoTypeInformation
PowerShell Script: Automated VM Backup
# VM-Backup.ps1
# Creates checkpoints for all VMs before updates
$VMs = Get-VM | Where-Object { $_.State -eq 'Running' }
$BackupPath = "C:\Backups\VM-Checkpoints"
foreach ($VM in $VMs) {
$CheckpointName = "$($VM.Name)-$(Get-Date -Format 'yyyyMMdd-HHmmss')"
Write-Host "Creating checkpoint for $($VM.Name)..." -ForegroundColor Yellow
Checkpoint-VM -VM $VM -SnapshotName $CheckpointName
Write-Host "Checkpoint created: $CheckpointName" -ForegroundColor Green
}
Write-Host "Backup completed for $($VMs.Count) VMs" -ForegroundColor Green
Phase 3: Linux Integration with Active Directory
Ubuntu Server Domain Join Process
Step 1: Install Required Packages
# Update system
sudo apt update && sudo apt upgrade -y
# Install required packages
sudo apt install -y realmd sssd sssd-tools libnss-sss libpam-sss \
adcli samba-common-bin samba-common packagekit
# Verify packages installed
dpkg -l | grep -E 'realmd|sssd|samba'
Step 2: Configure Network Settings
# Configure static IP address
sudo nano /etc/netplan/00-installer-config.yaml
# Network configuration:
network:
version: 2
ethernets:
eth0:
addresses:
- 192.168.20.10/24
routes:
- to: default
via: 192.168.20.1
nameservers:
addresses:
- 192.168.10.10
- 192.168.20.1
search:
- homelab.local
# Apply network configuration
sudo netplan apply
# Verify network configuration
ip addr show
ip route show
Step 3: Configure DNS Resolution
# Edit resolv.conf
sudo nano /etc/resolv.conf
# DNS configuration:
nameserver 192.168.10.10
nameserver 192.168.20.1
search homelab.local
# Prevent NetworkManager from overwriting resolv.conf
sudo nano /etc/NetworkManager/NetworkManager.conf
# Add to [main] section:
dns=none
# Restart NetworkManager
sudo systemctl restart NetworkManager
# Test DNS resolution
nslookup homelab.local
nslookup DC01-HOMELAB.homelab.local
Step 4: Configure Time Synchronization
# Install NTP
sudo apt install -y ntp
# Configure NTP to sync with domain controller
sudo nano /etc/ntp.conf
# Add server line:
server 192.168.10.10 iburst
# Restart NTP service
sudo systemctl restart ntp
# Verify time sync
ntpq -p
timedatectl status
Step 5: Join Domain
# Discover domain
sudo realm discover homelab.local
# Join domain (interactive)
sudo realm join homelab.local -U Administrator
# Verify domain join
realm list
id [email protected]
Step 6: Configure SSSD
# Edit SSSD configuration
sudo nano /etc/sssd/sssd.conf
# Configuration:
[sssd]
domains = homelab.local
config_file_version = 2
services = nss, pam
[domain/homelab.local]
ad_domain = homelab.local
krb5_realm = HOMELAB.LOCAL
realmd_tags = manages-system joined-with-adcli
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = False
fallback_homedir = /home/%u
access_provider = ad
# Set proper permissions
sudo chmod 600 /etc/sssd/sssd.conf
# Restart SSSD
sudo systemctl restart sssd
# Verify SSSD status
sudo systemctl status sssd
Step 7: Configure Samba for File Sharing
# Install Samba
sudo apt install -y samba samba-client
# Configure Samba
sudo nano /etc/samba/smb.conf
# Add to [global] section:
workgroup = HOMELAB
realm = HOMELAB.LOCAL
security = ads
domain master = no
local master = no
preferred master = no
idmap backend = tdb
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
template shell = /bin/bash
template homedir = /home/%U
winbind use default domain = yes
winbind offline logon = yes
# Join Samba to domain
sudo net ads join -U Administrator
# Restart Samba services
sudo systemctl restart smbd nmbd winbind
# Verify Samba domain join
sudo net ads info
sudo wbinfo -u
sudo wbinfo -g
Troubleshooting Linux Domain Integration
Issue 1: Time Synchronization Failures
Symptoms: Authentication failures, “Clock skew too great” errors
Solution:
# Verify NTP synchronization
ntpq -p
# Force time sync
sudo ntpdate -s 192.168.10.10
# Verify time difference
timedatectl timesync-status
# Configure chrony as alternative
sudo apt install -y chrony
sudo nano /etc/chrony/chrony.conf
# Add server:
server 192.168.10.10 iburst
sudo systemctl restart chronyd
Issue 2: DNS Resolution Failures
Symptoms: Cannot resolve domain controller, domain join fails
Solution:
# Test DNS resolution
nslookup homelab.local
nslookup _ldap._tcp.homelab.local SRV
# Verify DNS server connectivity
dig @192.168.10.10 homelab.local
# Check DNS configuration
cat /etc/resolv.conf
systemd-resolve --status
# Manually add DNS server if needed
sudo resolvectl dns eth0 192.168.10.10
Issue 3: SSSD Authentication Failures
Symptoms: Users cannot log in, “Permission denied” errors
Solution:
# Check SSSD logs
sudo tail -f /var/log/sssd/sssd.log
sudo tail -f /var/log/sssd/sssd_homelab.local.log
# Clear SSSD cache
sudo sss_cache -E
# Restart SSSD
sudo systemctl restart sssd
# Test user lookup
getent passwd [email protected]
id [email protected]
# Verify PAM configuration
sudo pam-auth-update
Phase 4: Network Services Deployment
DHCP Configuration Details
Windows Server DHCP - VLAN 10 Scope
# Detailed scope configuration
$ScopeId = "192.168.10.0"
# Create scope with detailed options
Add-DhcpServerv4Scope `
-Name "VLAN10-Management" `
-StartRange 192.168.10.100 `
-EndRange 192.168.10.200 `
-SubnetMask 255.255.255.0 `
-State Active `
-LeaseDuration 8.00:00:00
# Configure scope options
Set-DhcpServerv4OptionValue `
-ScopeId $ScopeId `
-DnsDomain "homelab.local" `
-DnsServer 192.168.10.10 `
-Router 192.168.10.1 `
-WinsServer 192.168.10.10
# Configure vendor classes
Add-DhcpServerv4Class `
-Name "Hyper-V-VMs" `
-Type Vendor `
-Data "MSFT 5.0"
# Create reservations
$Reservations = @(
@{IP="192.168.10.50"; MAC="00-15-5D-01-23-45"; Name="Mgmt-WS"},
@{IP="192.168.10.51"; MAC="00-15-5D-01-23-46"; Name="Backup-Server"}
)
foreach ($Res in $Reservations) {
Add-DhcpServerv4Reservation `
-ScopeId $ScopeId `
-IPAddress $Res.IP `
-ClientId $Res.MAC `
-Description $Res.Name
}
# Configure DHCP failover (if secondary DHCP server available)
Add-DhcpServerv4Failover `
-Name "VLAN10-Failover" `
-PartnerServer "192.168.20.10" `
-ScopeId $ScopeId `
-SharedSecret "SecurePassword123!" `
-Mode LoadBalance `
-LoadBalancePercent 50
Ubuntu Server DHCP - VLAN 20 Scope
# Install ISC DHCP server
sudo apt install -y isc-dhcp-server
# Configure DHCP server
sudo nano /etc/dhcp/dhcpd.conf
# Configuration:
option domain-name "homelab.local";
option domain-name-servers 192.168.10.10, 192.168.20.1;
default-lease-time 691200;
max-lease-time 1209600;
subnet 192.168.20.0 netmask 255.255.255.0 {
range 192.168.20.100 192.168.20.200;
option routers 192.168.20.1;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.20.255;
option domain-name-servers 192.168.10.10, 192.168.20.1;
option domain-name "homelab.local";
# Reservations
host ubuntu-server-01 {
hardware ethernet aa:bb:cc:dd:ee:01;
fixed-address 192.168.20.10;
}
host fileserver-01 {
hardware ethernet aa:bb:cc:dd:ee:02;
fixed-address 192.168.20.15;
}
}
# Configure DHCP interface
sudo nano /etc/default/isc-dhcp-server
# Set interface:
INTERFACESv4="eth0"
# Start DHCP service
sudo systemctl enable isc-dhcp-server
sudo systemctl start isc-dhcp-server
sudo systemctl status isc-dhcp-server
DNS Configuration Details
Windows Server DNS Configuration
# Create forward lookup zone
Add-DnsServerPrimaryZone `
-Name "homelab.local" `
-ZoneFile "homelab.local.dns" `
-DynamicUpdate Secure
# Create reverse lookup zones for each VLAN
Add-DnsServerPrimaryZone `
-NetworkId "192.168.10.0/24" `
-ZoneFile "10.168.192.in-addr.arpa.dns" `
-DynamicUpdate Secure
Add-DnsServerPrimaryZone `
-NetworkId "192.168.20.0/24" `
-ZoneFile "20.168.192.in-addr.arpa.dns" `
-DynamicUpdate Secure
Add-DnsServerPrimaryZone `
-NetworkId "192.168.30.0/24" `
-ZoneFile "30.168.192.in-addr.arpa.dns" `
-DynamicUpdate Secure
# Create DNS records
Add-DnsServerResourceRecordA `
-Name "DC01" `
-ZoneName "homelab.local" `
-IPv4Address "192.168.10.10" `
-AllowUpdateAny
Add-DnsServerResourceRecordA `
-Name "ubuntu-server-01" `
-ZoneName "homelab.local" `
-IPv4Address "192.168.20.10" `
-AllowUpdateAny
# Create SRV records for Active Directory
Add-DnsServerResourceRecord `
-ZoneName "homelab.local" `
-Name "_ldap._tcp.dc._msdcs" `
-Srv `
-DomainName "DC01-HOMELAB.homelab.local" `
-Port 389 `
-Priority 0 `
-Weight 100
# Configure conditional forwarders
Add-DnsServerConditionalForwarderZone `
-Name "contoso.com" `
-MasterServers "10.0.0.10" `
-ReplicationScope Forest
# Configure DNS scavenging
Set-DnsServerScavenging `
-ScavengingState $true `
-ScavengingInterval "7.00:00:00" `
-RefreshInterval "7.00:00:00" `
-NoRefreshInterval "7.00:00:00"
DNS Monitoring Script
# DNS-HealthCheck.ps1
# Comprehensive DNS health check script
$Report = @()
# Check DNS server status
$DnsStatus = Get-DnsServer
$Report += [PSCustomObject]@{
Check = "DNS Server Status"
Result = "Running"
Details = $DnsStatus.ComputerName
}
# Check all zones
$Zones = Get-DnsServerZone
foreach ($Zone in $Zones) {
$ZoneHealth = Test-DnsServer -ZoneName $Zone.ZoneName
$Report += [PSCustomObject]@{
Check = "Zone: $($Zone.ZoneName)"
Result = if ($ZoneHealth) { "Healthy" } else { "Warning" }
Details = "Zone Type: $($Zone.ZoneType)"
}
}
# Test DNS resolution
$TestQueries = @("homelab.local", "DC01-HOMELAB.homelab.local", "google.com")
foreach ($Query in $TestQueries) {
try {
$Result = Resolve-DnsName $Query -ErrorAction Stop
$Report += [PSCustomObject]@{
Check = "DNS Resolution: $Query"
Result = "Success"
Details = $Result[0].IPAddress
}
} catch {
$Report += [PSCustomObject]@{
Check = "DNS Resolution: $Query"
Result = "Failed"
Details = $_.Exception.Message
}
}
}
$Report | Format-Table -AutoSize
$Report | Export-Csv -Path "C:\Reports\DNS-Health-$(Get-Date -Format 'yyyyMMdd').csv"
File Services Configuration
Windows File Server Setup
# Install File Server role
Install-WindowsFeature -Name FS-FileServer, FS-Resource-Manager
# Create shared folders (using C: drive on budget setup)
$Shares = @(
@{Name="Shared"; Path="C:\Shares\Shared"; Description="General shared files"},
@{Name="Departments"; Path="C:\Shares\Departments"; Description="Department folders"},
@{Name="Users"; Path="C:\Shares\Users"; Description="User home directories"},
@{Name="Software"; Path="C:\Shares\Software"; Description="Software repository"}
)
foreach ($Share in $Shares) {
# Create folder
New-Item -Path $Share.Path -ItemType Directory -Force
# Create share
New-SmbShare `
-Name $Share.Name `
-Path $Share.Path `
-Description $Share.Description `
-FullAccess "HOMELAB\Domain Admins" `
-ChangeAccess "HOMELAB\Domain Users"
# Configure NTFS permissions
$Acl = Get-Acl $Share.Path
$AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule(
"HOMELAB\Domain Users",
"Modify",
"ContainerInherit,ObjectInherit",
"None",
"Allow"
)
$Acl.SetAccessRule($AccessRule)
Set-Acl -Path $Share.Path -AclObject $Acl
}
# Enable folder redirection via Group Policy
# (Configured in Group Policy Management Console)
Samba File Sharing Configuration
# Configure Samba shares
sudo nano /etc/samba/smb.conf
# Add share configuration:
[Shared]
path = /srv/samba/shared
valid users = @homelab.local\Domain Users
writable = yes
browseable = yes
create mask = 0664
directory mask = 2775
[Software]
path = /srv/samba/software
valid users = @homelab.local\Domain Admins
writable = yes
browseable = yes
# Create share directories
sudo mkdir -p /srv/samba/{shared,software}
sudo chmod 2775 /srv/samba/shared
sudo chmod 2770 /srv/samba/software
# Set ownership
sudo chown root:"Domain Users" /srv/samba/shared
sudo chown root:"Domain Admins" /srv/samba/software
# Test Samba configuration
sudo testparm
# Restart Samba
sudo systemctl restart smbd nmbd
Phase 5: Network Segmentation & Security
VLAN Configuration
Switch Configuration (TP-Link TL-SG108E - Budget 8-Port Managed Switch)
# VLAN Configuration (Budget Setup)
VLAN 10 - Management
Ports: 1-2 (Tagged)
IP: 192.168.10.0/24
Gateway: 192.168.10.1
VLAN 20 - Servers
Ports: 3-4 (Tagged)
IP: 192.168.20.0/24
Gateway: 192.168.20.1
VLAN 30 - Clients
Ports: 5-8 (Untagged)
IP: 192.168.30.0/24
Gateway: 192.168.30.1
Trunk Port (Port 8)
VLANs: 10, 20, 30 (Tagged)
Connected to: ISP Router (if VLAN-capable) or existing router
Router Configuration (ISP Router or Budget Alternative)
# Configuration depends on router capabilities:
# Option 1: ISP Router with VLAN support (if available)
# Option 2: Used enterprise router (Cisco, Mikrotik, etc.) - ~$30-50
# Option 3: Software router on existing hardware (pfSense, OPNsense)
# VLAN Interfaces (if router supports VLANs)
VLAN 10 (Management)
IP: 192.168.10.1/24
DHCP: Disabled (Windows Server DHCP)
VLAN 20 (Servers)
IP: 192.168.20.1/24
DHCP: Disabled (Ubuntu Server DHCP)
VLAN 30 (Clients)
IP: 192.168.30.1/24
DHCP: Enabled (Router DHCP or Windows Server DHCP)
# Firewall Rules (if supported)
VLAN 10 -> VLAN 20: Allow (Management to Servers)
VLAN 20 -> VLAN 10: Allow (Servers to Management)
VLAN 30 -> VLAN 10: Deny (Clients cannot access Management)
VLAN 30 -> VLAN 20: Allow specific ports (Clients to Servers)
VLAN 20 -> Internet: Allow (Servers to Internet)
VLAN 30 -> Internet: Allow (Clients to Internet)
# Note: If ISP router doesn't support VLANs, inter-VLAN routing
# can be handled by the managed switch or a software router solution
Security Implementation
Windows Firewall Configuration
# Configure Windows Firewall rules
# Allow RDP from management VLAN only
New-NetFirewallRule `
-DisplayName "RDP from Management VLAN" `
-Direction Inbound `
-LocalPort 3389 `
-Protocol TCP `
-RemoteAddress 192.168.10.0/24 `
-Action Allow
# Allow DNS from all VLANs
New-NetFirewallRule `
-DisplayName "DNS from All VLANs" `
-Direction Inbound `
-LocalPort 53 `
-Protocol UDP `
-RemoteAddress 192.168.0.0/16 `
-Action Allow
# Allow DHCP from management VLAN
New-NetFirewallRule `
-DisplayName "DHCP from Management VLAN" `
-Direction Inbound `
-LocalPort 67,68 `
-Protocol UDP `
-RemoteAddress 192.168.10.0/24 `
-Action Allow
# Block all other inbound traffic by default
Set-NetFirewallProfile -Profile Domain,Private,Public -DefaultInboundAction Block
Ubuntu Server Firewall (UFW) Configuration
# Enable UFW
sudo ufw enable
# Allow SSH from management VLAN only
sudo ufw allow from 192.168.10.0/24 to any port 22 proto tcp
# Allow DNS
sudo ufw allow 53/udp
sudo ufw allow 53/tcp
# Allow DHCP
sudo ufw allow 67/udp
# Allow Samba
sudo ufw allow from 192.168.0.0/16 to any port 139,445 proto tcp
# Deny all other traffic
sudo ufw default deny incoming
sudo ufw default allow outgoing
# View firewall status
sudo ufw status verbose
Group Policy Security Configuration
# Create GPO for security baseline
New-GPO -Name "Security Baseline" -Comment "Enterprise security baseline"
# Password Policy
Set-GPRegistryValue `
-Name "Security Baseline" `
-Key "HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters" `
-ValueName "RequireStrongKey" `
-Type DWord `
-Value 1
# Configure account lockout policy
Set-GPRegistryValue `
-Name "Security Baseline" `
-Key "HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters" `
-ValueName "LockoutBadCount" `
-Type DWord `
-Value 5
# Disable guest account
Set-GPRegistryValue `
-Name "Security Baseline" `
-Key "HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" `
-ValueName "AutoShareServer" `
-Type DWord `
-Value 0
# Link GPO to domain
New-GPLink -Name "Security Baseline" -Target "DC=homelab,DC=local"
Monitoring & Management
Windows Admin Center Setup
# Install Windows Admin Center
# Download from: https://aka.ms/WACDownload
# Install with gateway mode
# Allows remote management via web browser
# Add servers to Windows Admin Center:
# - DC01-HOMELAB.homelab.local (Domain Controller)
# - Hyper-V Host (Virtualization)
# - FileServer-01 (File Services)
PowerShell Monitoring Scripts
Complete Infrastructure Health Check
# Infrastructure-HealthCheck.ps1
# Comprehensive health check for entire infrastructure
$Report = @()
$Timestamp = Get-Date -Format "yyyy-MM-dd HH:mm:ss"
# Check Domain Controller Health
try {
$DC = Get-ADDomainController
$DCHealth = Test-Connection $DC.HostName -Count 2 -Quiet
$Report += [PSCustomObject]@{
Component = "Domain Controller"
Status = if ($DCHealth) { "Healthy" } else { "Unhealthy" }
Details = $DC.HostName
Timestamp = $Timestamp
}
} catch {
$Report += [PSCustomObject]@{
Component = "Domain Controller"
Status = "Error"
Details = $_.Exception.Message
Timestamp = $Timestamp
}
}
# Check DNS Health
try {
$DnsZones = Get-DnsServerZone
$DnsHealth = $true
foreach ($Zone in $DnsZones) {
$ZoneTest = Test-DnsServer -ZoneName $Zone.ZoneName
if (-not $ZoneTest) { $DnsHealth = $false }
}
$Report += [PSCustomObject]@{
Component = "DNS Service"
Status = if ($DnsHealth) { "Healthy" } else { "Warning" }
Details = "$($DnsZones.Count) zones configured"
Timestamp = $Timestamp
}
} catch {
$Report += [PSCustomObject]@{
Component = "DNS Service"
Status = "Error"
Details = $_.Exception.Message
Timestamp = $Timestamp
}
}
# Check DHCP Health
try {
$DhcpScopes = Get-DhcpServerv4Scope
$DhcpLeases = Get-DhcpServerv4Lease -ScopeId $DhcpScopes[0].ScopeId -ErrorAction SilentlyContinue
$Report += [PSCustomObject]@{
Component = "DHCP Service"
Status = "Healthy"
Details = "$($DhcpScopes.Count) scopes, $($DhcpLeases.Count) active leases"
Timestamp = $Timestamp
}
} catch {
$Report += [PSCustomObject]@{
Component = "DHCP Service"
Status = "Error"
Details = $_.Exception.Message
Timestamp = $Timestamp
}
}
# Check Hyper-V Health
try {
$VMs = Get-VM
$RunningVMs = ($VMs | Where-Object { $_.State -eq 'Running' }).Count
$Report += [PSCustomObject]@{
Component = "Hyper-V"
Status = "Healthy"
Details = "$RunningVMs of $($VMs.Count) VMs running"
Timestamp = $Timestamp
}
} catch {
$Report += [PSCustomObject]@{
Component = "Hyper-V"
Status = "Error"
Details = $_.Exception.Message
Timestamp = $Timestamp
}
}
# Check Disk Space
try {
$Disks = Get-PSDrive -PSProvider FileSystem
foreach ($Disk in $Disks) {
$FreeSpace = [math]::Round(($Disk.Free / $Disk.Used) * 100, 2)
$Status = if ($FreeSpace -lt 10) { "Warning" } else { "Healthy" }
$Report += [PSCustomObject]@{
Component = "Disk: $($Disk.Name)"
Status = $Status
Details = "$FreeSpace% free space"
Timestamp = $Timestamp
}
}
} catch {
$Report += [PSCustomObject]@{
Component = "Disk Space"
Status = "Error"
Details = $_.Exception.Message
Timestamp = $Timestamp
}
}
# Display and export report
$Report | Format-Table -AutoSize
$Report | Export-Csv -Path "C:\Reports\Infrastructure-Health-$(Get-Date -Format 'yyyyMMdd-HHmmss').csv" -NoTypeInformation
# Send alert if any component is unhealthy
$Unhealthy = $Report | Where-Object { $_.Status -ne "Healthy" }
if ($Unhealthy) {
Write-Warning "Unhealthy components detected: $($Unhealthy.Component -join ', ')"
# Add email notification here if needed
}
Automated User Management Script
# User-Management.ps1
# Automated user account creation and management
param(
[Parameter(Mandatory=$true)]
[string]$FirstName,
[Parameter(Mandatory=$true)]
[string]$LastName,
[Parameter(Mandatory=$true)]
[string]$Department,
[Parameter(Mandatory=$false)]
[string]$OU = "OU=Users,DC=homelab,DC=local"
)
# Generate username
$Username = "$FirstName.$LastName"
$DisplayName = "$FirstName $LastName"
$Email = "$Username@homelab.local"
# Generate secure password
$Password = -join ((65..90) + (97..122) + (48..57) | Get-Random -Count 12 | ForEach-Object {[char]$_})
$SecurePassword = ConvertTo-SecureString $Password -AsPlainText -Force
# Create user account
try {
New-ADUser `
-Name $DisplayName `
-GivenName $FirstName `
-Surname $LastName `
-SamAccountName $Username `
-UserPrincipalName $Email `
-DisplayName $DisplayName `
-Path $OU `
-AccountPassword $SecurePassword `
-Enabled $true `
-PasswordNeverExpires $false `
-ChangePasswordAtLogon $true
Write-Host "User account created successfully: $Username" -ForegroundColor Green
# Add to department group
$GroupName = "Department-$Department"
if (Get-ADGroup -Filter {Name -eq $GroupName}) {
Add-ADGroupMember -Identity $GroupName -Members $Username
Write-Host "User added to group: $GroupName" -ForegroundColor Green
}
# Create home directory
$HomePath = "\\FileServer-01\Users\$Username"
Set-ADUser -Identity $Username -HomeDirectory $HomePath -HomeDrive "H:"
# Create folder and set permissions (using C: drive on budget setup)
New-Item -Path "C:\Shares\Users\$Username" -ItemType Directory -Force
$Acl = Get-Acl "C:\Shares\Users\$Username"
$AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule(
"HOMELAB\$Username",
"FullControl",
"ContainerInherit,ObjectInherit",
"None",
"Allow"
)
$Acl.SetAccessRule($AccessRule)
Set-Acl -Path "C:\Shares\Users\$Username" -AclObject $Acl
Write-Host "Home directory created: $HomePath" -ForegroundColor Green
Write-Host "Temporary password: $Password" -ForegroundColor Yellow
} catch {
Write-Error "Failed to create user account: $($_.Exception.Message)"
}
Linux Monitoring Scripts
BASH Infrastructure Monitoring
#!/bin/bash
# infrastructure-monitor.sh
# Monitor Linux services and system health
LOG_FILE="/var/log/infrastructure-monitor.log"
TIMESTAMP=$(date '+%Y-%m-%d %H:%M:%S')
echo "[$TIMESTAMP] Starting infrastructure health check" >> $LOG_FILE
# Check SSSD service
if systemctl is-active --quiet sssd; then
echo "[$TIMESTAMP] SSSD: Running" >> $LOG_FILE
else
echo "[$TIMESTAMP] SSSD: FAILED" >> $LOG_FILE
systemctl restart sssd
fi
# Check Samba services
if systemctl is-active --quiet smbd && systemctl is-active --quiet nmbd; then
echo "[$TIMESTAMP] Samba: Running" >> $LOG_FILE
else
echo "[$TIMESTAMP] Samba: FAILED" >> $LOG_FILE
systemctl restart smbd nmbd
fi
# Check DHCP service
if systemctl is-active --quiet isc-dhcp-server; then
echo "[$TIMESTAMP] DHCP: Running" >> $LOG_FILE
else
echo "[$TIMESTAMP] DHCP: FAILED" >> $LOG_FILE
systemctl restart isc-dhcp-server
fi
# Check disk space
DISK_USAGE=$(df -h / | awk 'NR==2 {print $5}' | sed 's/%//')
if [ $DISK_USAGE -gt 80 ]; then
echo "[$TIMESTAMP] WARNING: Disk usage at ${DISK_USAGE}%" >> $LOG_FILE
else
echo "[$TIMESTAMP] Disk usage: ${DISK_USAGE}%" >> $LOG_FILE
fi
# Check memory usage
MEM_USAGE=$(free | grep Mem | awk '{printf "%.0f", $3/$2 * 100}')
echo "[$TIMESTAMP] Memory usage: ${MEM_USAGE}%" >> $LOG_FILE
# Check domain connectivity
if realm list | grep -q "homelab.local"; then
echo "[$TIMESTAMP] Domain: Connected" >> $LOG_FILE
else
echo "[$TIMESTAMP] Domain: DISCONNECTED" >> $LOG_FILE
fi
echo "[$TIMESTAMP] Health check completed" >> $LOG_FILE
Combined Domain Controller & Hyper-V Host Performance (Budget Hardware):
- CPU Usage (Average): 40-60% (higher due to combined roles and older CPU)
- Memory Usage: 12GB / 16GB (75% - optimized for budget constraints)
- Disk I/O: 10-15% average (SATA SSD provides adequate performance)
- Network Throughput: < 100 Mbps average (gigabit Ethernet)
- DNS Query Response Time: < 15ms average
- Authentication Response Time: < 75ms average
- VM Density: 3 VMs running simultaneously (limited by 16GB RAM)
- VM Startup Time: 2-3 minutes average (slower due to SATA SSD vs NVMe)
Resource Allocation Strategy:
- Domain Controller: 4GB RAM reserved
- Hyper-V Host: 2GB RAM reserved
- Ubuntu Server VM: 2GB RAM
- Windows File Server VM: 4GB RAM
- Windows 10 Test Client VM: 2GB RAM
- Remaining: ~2GB for overhead and buffer
Ubuntu Server Performance:
- CPU Usage (Average): 15-20%
- Memory Usage: 2GB / 2GB (100% - fully utilized)
- Disk I/O: < 10% average
- Service Response Times: All < 150ms
Performance Notes: While the budget hardware performs adequately for learning and testing, it demonstrates resource optimization skills. The single-server approach requires careful resource allocation and monitoring to ensure all services remain responsive.
- Inter-VLAN Routing Latency: < 2ms (slightly higher due to budget switch)
- DNS Resolution Time: < 15ms (internal), < 50ms (external)
- DHCP Lease Assignment Time: < 1 second
- File Transfer Speed (SMB): ~80-90 MB/s (gigabit network, SATA SSD limitation)
Results & Achievements
Technical Outcomes
✅ Fully Functional Active Directory Domain
- Windows Server 2022 domain controller operational
- DNS and DHCP services running reliably
- Group Policy management implemented
- User authentication and authorization working
✅ Successful Network Segmentation
- Three VLANs configured and isolated
- Inter-VLAN routing configured with firewall rules
- Network traffic properly segmented
✅ Linux-Windows Integration
- Ubuntu Server successfully joined to Active Directory
- Single sign-on (SSO) working for domain users
- Samba file sharing integrated with Windows shares
✅ Virtualization Infrastructure
- Hyper-V hosting 3 virtual machines
- VMs running stable and performant
- Resource allocation optimized
✅ Monitoring and Automation
- Health check scripts operational
- Automated user management implemented
- Infrastructure monitoring in place
Skills Demonstrated
Windows Server Administration:
- Domain controller deployment and configuration
- Active Directory management (users, groups, OUs)
- Group Policy creation and management
- DNS and DHCP server configuration
- File server setup and share management
- PowerShell scripting and automation
Linux System Administration:
- Ubuntu Server installation and configuration
- Active Directory integration (SSSD, realmd)
- Samba file sharing configuration
- Service management (systemd)
- BASH scripting
- Network configuration (netplan)
Network Infrastructure:
- VLAN design and implementation
- Subnet planning and IP addressing
- Router and switch configuration
- Firewall rule creation
- Network troubleshooting
Virtualization:
- Hyper-V installation and configuration
- Virtual machine creation and management
- Virtual switch configuration
- Resource allocation and optimization
- VM backup and checkpoint management
Troubleshooting:
- DNS resolution issues
- Authentication problems
- Network connectivity issues
- Service failures
- Performance optimization
Documentation:
- Comprehensive case study documentation
- Network diagrams
- Configuration records
- Script documentation
- Troubleshooting guides
Learning Outcomes
- Deep Understanding: Gained comprehensive hands-on experience with enterprise networking and system administration concepts
- Problem Solving: Successfully resolved complex integration challenges between Windows and Linux systems
- Best Practices: Implemented enterprise security measures, monitoring solutions, and automation
- Real-World Application: Applied classroom knowledge to practical, production-like environment
- Continuous Learning: Established foundation for ongoing skill development and technology exploration
Future Enhancements
Planned Improvements
-
Backup Solution
- Implement Veeam Backup & Replication or Windows Server Backup
- Automated daily backups of all VMs and critical data
- Off-site backup replication
-
Advanced Monitoring
- Deploy PRTG Network Monitor or Zabbix
- Real-time alerting for critical issues
- Performance trend analysis
-
Certificate Services
- Set up Active Directory Certificate Services (AD CS)
- Issue certificates for internal services
- Implement PKI infrastructure
-
Remote Access
- Configure VPN server (OpenVPN or WireGuard)
- Secure remote access to infrastructure
- Multi-factor authentication
-
Containerization
- Explore Docker containers for application deployment
- Kubernetes cluster for container orchestration
- Container registry setup
-
Automation Expansion
- Implement Ansible for configuration management
- Expand PowerShell DSC usage
- CI/CD pipeline for infrastructure as code
Expansion Opportunities
- Additional VLANs: IoT devices VLAN, guest network VLAN
- Windows Server Update Services (WSUS): Centralized patch management
- Exchange Server / Microsoft 365: Email and collaboration services
- SharePoint: Document management and collaboration
- Development Environment: GitLab or GitHub Enterprise Server
- Monitoring Stack: ELK stack (Elasticsearch, Logstash, Kibana) for log aggregation
- Backup and DR: Disaster recovery site replication
Conclusion
This home network infrastructure project successfully demonstrates proficiency in enterprise-level system administration, network design, and infrastructure management, all achieved on a budget-friendly setup suitable for a new graduate. The comprehensive implementation covered Windows Server administration, Active Directory management, Linux integration, network segmentation, virtualization, and automation.
Budget-Conscious Approach: By utilizing used/refurbished hardware, evaluation software, and a single-server design, this project demonstrates the ability to:
- Maximize learning value while minimizing costs
- Optimize resource allocation on constrained hardware
- Work within realistic budget limitations
- Make cost-effective technology choices without sacrificing functionality
The hands-on experience gained through this project directly translates to real-world IT environments, showcasing the ability to:
- Design and implement complex network infrastructures on a budget
- Integrate heterogeneous systems (Windows and Linux)
- Troubleshoot and resolve technical challenges
- Implement security best practices
- Automate routine administrative tasks
- Document infrastructure comprehensively
- Optimize resource usage in constrained environments
The project demonstrates that enterprise-level IT skills can be developed and demonstrated without requiring expensive hardware, making it accessible to new graduates and those building their home labs on a limited budget. This foundation provides a solid base for continued growth and advancement in IT infrastructure roles.
Technical Specifications Summary
| Component | Specification |
|---|
| Domain Name | homelab.local |
| Domain Controller | Windows Server 2022 Evaluation |
| Domain Functional Level | Windows Server 2022 |
| Forest Functional Level | Windows Server 2022 |
| Server Hardware | Intel Core i5-4590, 16GB DDR3, 500GB SATA SSD |
| Virtualization Platform | Hyper-V (Windows Server 2022) |
| Linux Distribution | Ubuntu Server 22.04 LTS |
| Network Segments (VLANs) | 3 (Management, Servers, Clients) |
| Network Switch | TP-Link TL-SG108E (8-port managed) |
| Router | ISP Router or Used Enterprise Router |
| DHCP Servers | 2 (Windows Server, Ubuntu Server) |
| DNS Servers | 2 (Primary: Windows Server, Secondary: Ubuntu Server) |
| Virtual Machines | 3 (Ubuntu: 2GB RAM/30GB disk, File Server: 4GB RAM/60GB disk, Win10: 2GB RAM/40GB disk) |
| Total Project Cost | ~$295 (hardware only, used/refurbished components) |
| Total Implementation Time | ~120 hours |
| Project Duration | 3 months (September - November 2024) |
Appendix: Useful Commands Reference
Windows Server Commands
# Active Directory
Get-ADDomain
Get-ADDomainController
Get-ADUser -Filter *
Get-ADGroup -Filter *
# DNS
Get-DnsServerZone
Get-DnsServerResourceRecord -ZoneName "homelab.local"
Resolve-DnsName homelab.local
# DHCP
Get-DhcpServerv4Scope
Get-DhcpServerv4Lease -ScopeId 192.168.10.0
Get-DhcpServerInDC
# Hyper-V
Get-VM
Get-VMSwitch
Get-VMNetworkAdapter -VMName "Ubuntu-Server-01"
# File Services
Get-SmbShare
Get-SmbShareAccess -Name "Shared"
Linux Commands
# Domain Management
realm list
realm join homelab.local -U Administrator
realm leave
# SSSD
sudo systemctl status sssd
sudo sss_cache -E
getent passwd [email protected]
# Samba
sudo systemctl status smbd nmbd
sudo testparm
sudo net ads join -U Administrator
sudo wbinfo -u
# Network
ip addr show
ip route show
nslookup homelab.local
dig @192.168.10.10 homelab.local
# Services
sudo systemctl status isc-dhcp-server
sudo systemctl status sssd
sudo ufw status
This comprehensive case study demonstrates the depth of knowledge and practical skills required for enterprise IT infrastructure management, making it an excellent showcase of capabilities for potential employers in the IT field.