agentskills.codes
SC

sca-server-vm-setup

|

Install

mkdir -p .claude/skills/sca-server-vm-setup && curl -L -o skill.zip "https://agentskills.codes/api/skills/download/15206" && unzip -o skill.zip -d .claude/skills/sca-server-vm-setup && rm skill.zip

Installs to .claude/skills/sca-server-vm-setup

Activation

This is the description your AI agent reads to decide when to run this skill — the better it matches your request, the more reliably it fires.

SCA track project #3. Learner spins up a Windows Server 2022 VM (Hyper-V on a Pro/Enterprise laptop, or an Azure VM if Hyper-V isn't available), installs the Active Directory Domain Services role, and promotes the VM to the first domain controller of a new forest. By the end they have a real DC named DC01 in a domain like `mssa.lab`, with DNS working and a baseline OU structure. Auto-load when the learner is in `server-cloud-admin/sca-server-vm-setup` or asks to learn how to set up a Windows Server, install Active Directory, promote a domain controller, or build their first lab domain.
592 chars✓ has a “when” triggerlonger than Claude Code's old 250-char listing cap (fine on current versions)

About this skill

Project: sca-server-vm-setup

Track: Server & Cloud Administration · Project: 3 of 9 · Time: ~120 minutes (longer the first time)

The first real server. By the end of this project the learner has a Windows Server 2022 VM running, joined to a brand-new Active Directory forest as the first domain controller. Everything in projects #4 and #6 (group policy, hybrid identity) depends on the DC built here.

Project goal

When this project is done, the learner can:

  • Create a Hyper-V virtual machine (or Azure VM) running Windows Server 2022 Datacenter, give it a static IP, and RDP into it.
  • Install the AD DS server role from PowerShell, then promote the server to the first domain controller of a brand-new forest (mssa.lab or learner's choice).
  • Explain what a forest, domain, OU, and DC each are — and why we picked the names we did.
  • Create a baseline OU structure inside the new domain ready for project #4.

Scope guardrail

This is one server, one domain, one DC. We are not building a second site, not configuring read-only DCs, not federating with Azure (that's project #6), not joining a workstation to the domain yet. The lesson is "go from zero infrastructure to a functioning AD forest" — everything else is project #4 and later.

If the learner asks "how does this work in a real enterprise with 50 DCs?" — answer honestly: the same way, with replication and site links layered on top. The single-DC version is the kernel of the same design.

Prerequisites

PrereqVerify with
Completed sca-powershell-foundations and sca-local-system-adminLearner is comfortable with services, Get-Help, pipeline
Either Windows 10/11 Pro/Enterprise with Hyper-V enabled or an Azure subscriptionGet-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V (must be Enabled) OR az account show
8 GB+ free RAM, 60 GB+ free disk (Hyper-V path)Get-PSDrive C
Windows Server 2022 ISO downloaded (Hyper-V path) — from Microsoft Evaluation CenterFile on disk

Two paths through this project. The mentor picks based on what the learner has:

  • Path A (Hyper-V) — free, local, fast iteration, requires Pro/Enterprise Windows. Best for learners with a personal machine.
  • Path B (Azure VM) — costs ~$3-5/day if left running (so deallocate when done), no Hyper-V needed, works on Home edition. Best for learners on a locked-down corporate laptop.

Confirm the path before phase 1.

Phases

Phase 1 — Enable Hyper-V (Path A) OR create Azure VM (Path B) (~30 min)

Goal: Have a Windows Server 2022 VM booted to the OOBE (out-of-box experience) screen, network connected.

Path A — Hyper-V (PowerShell as Admin):

# Enable Hyper-V if it isn't already (REBOOT after this)
Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V -All

# After reboot, create an internal switch so the VM can talk to your laptop and the internet
New-VMSwitch -Name "LabSwitch" -SwitchType Internal

# Create the VM (point -Path to where you want VMs stored)
$vmName = "DC01"
$vmPath = "C:\HyperV"
New-VM -Name $vmName -MemoryStartupBytes 4GB -Path $vmPath -NewVHDPath "$vmPath\$vmName.vhdx" -NewVHDSizeBytes 60GB -Generation 2 -SwitchName "LabSwitch"

# Attach the ISO
Set-VMDvdDrive -VMName $vmName -Path "C:\path\to\WindowsServer2022.iso"

# Tell it to boot from the DVD first
Set-VMFirmware -VMName $vmName -FirstBootDevice (Get-VMDvdDrive -VMName $vmName)

# Start the VM and connect to the console
Start-VM -Name $vmName
vmconnect.exe localhost $vmName

Path B — Azure VM (PowerShell with Az module):

# One-time: install the Az module
Install-Module -Name Az -Scope CurrentUser -Force -AllowClobber

# Connect
Connect-AzAccount

# Variables
$rg       = "rg-mssa-lab"
$location = "eastus"
$vmName   = "DC01"
$vnetName = "vnet-mssa-lab"
$adminUser = "labadmin"
$adminPwd = Read-Host "VM admin password (12+ chars, complex)" -AsSecureString

# Resource group
New-AzResourceGroup -Name $rg -Location $location

# Network
$vnet = New-AzVirtualNetwork -ResourceGroupName $rg -Location $location -Name $vnetName -AddressPrefix "10.0.0.0/16"
$subnet = Add-AzVirtualNetworkSubnetConfig -Name "default" -AddressPrefix "10.0.0.0/24" -VirtualNetwork $vnet
$vnet | Set-AzVirtualNetwork

# Deploy the VM (this takes ~5 min)
New-AzVM `
  -ResourceGroupName $rg `
  -Location $location `
  -Name $vmName `
  -VirtualNetworkName $vnetName `
  -SubnetName "default" `
  -SecurityGroupName "nsg-$vmName" `
  -PublicIpAddressName "pip-$vmName" `
  -OpenPorts 3389 `
  -Image "Win2022Datacenter" `
  -Size "Standard_B2ms" `
  -Credential (New-Object PSCredential($adminUser, $adminPwd))

# Get the public IP and connect via RDP
Get-AzPublicIpAddress -ResourceGroupName $rg -Name "pip-$vmName" | Select-Object IpAddress

Concepts to name out loud:

  • This is virtualization — your laptop's hardware (CPU, RAM, disk) is partitioned and exposed to the VM as if it were its own physical machine. Hyper-V is Microsoft's hypervisor (the layer that does this partitioning).
  • This is a Generation 2 VM — UEFI boot, secure boot capable, supports modern OS features. Always pick Gen 2 for new Windows Server VMs.
  • This is an Internal switch — Hyper-V networking has three switch types: External (bridges to your physical NIC, VM joins your home network), Internal (VM ↔ host only), Private (VM ↔ VM only, no host). Internal is the safest learning choice.
  • This is the Azure marketplace imageWin2022Datacenter resolves to a Microsoft-published Windows Server 2022 base image. Saves you the ISO install.

Common gotchas:

  • Hyper-V refuses to enable → CPU virtualization disabled in BIOS. Reboot into BIOS, enable Intel VT-x or AMD-V, save, reboot.
  • VM has no network → in Hyper-V you need to manually assign an IP to the new switch on the host side, or also create an External switch. Path B sidesteps this entirely.
  • Forgot to deallocate the Azure VM overnight → ~$3-5 surprise. Teach Stop-AzVM -Force at the end of every session and write a habit reminder.

After-action prompt: "You have a Windows Server VM booted up. Walk me through what's running where: which CPU, which RAM, which disk. What's physical, what's virtual, and where does the boundary live?"

Phase 2 — Initial OS configuration (~20 min)

Goal: Complete OOBE, set a strong admin password, set a static IP (Hyper-V path), rename the computer, install updates, reboot.

On first boot (console for Hyper-V, RDP for Azure):

  1. Pick Windows Server 2022 Datacenter (Desktop Experience) — Desktop Experience gives you the GUI; Core is for advanced learners.
  2. Accept license, set admin password (≥12 chars, complex).
  3. Log in.

Inside the VM (PowerShell as Admin):

# Rename the computer (the OS default is random)
Rename-Computer -NewName "DC01" -Force
# Restart-Computer -Force   # Wait — do the IP step first, then one reboot for both

# Set a static IP (Hyper-V path only — Azure handles this for you)
# First find your interface
Get-NetAdapter
# Note the InterfaceIndex (often 5 or 6)

New-NetIPAddress `
  -InterfaceIndex 5 `
  -IPAddress "192.168.10.10" `
  -PrefixLength 24 `
  -DefaultGateway "192.168.10.1"

Set-DnsClientServerAddress -InterfaceIndex 5 -ServerAddresses "127.0.0.1"
# Note: We point DNS at LOCALHOST because this server will BE the DNS server (DC = DNS)

# Verify
Get-NetIPAddress -InterfaceIndex 5
Get-DnsClientServerAddress -InterfaceIndex 5

# Install updates (recommended before DCpromo)
Install-Module PSWindowsUpdate -Force -SkipPublisherCheck
Install-WindowsUpdate -AcceptAll -AutoReboot
# The -AutoReboot flag handles both the rename and the patch reboot together

Concepts to name out loud:

  • This is a static IP for a domain controller — DCs must have static IPs. DHCP would change the IP on lease renewal, and every client and replication partner would lose them. Static IP is non-negotiable for DCs.
  • This is DNS pointing at the DC itself — once we promote this box to DC, it becomes the authoritative DNS server for the domain. Every DC must use itself (or another DC in the domain) as its primary DNS server. Pointing at Google's 8.8.8.8 will break AD spectacularly.
  • This is why we rename before DCpromo — changing a DC's name after promotion is painful (involves removing it from the domain and re-promoting). Rename now, while it's cheap.

Common gotchas:

  • Picked Server Core by accident → no GUI. You can admin Core entirely from PowerShell (and many shops do), but for a first lab use Desktop Experience.
  • Set DNS to public (8.8.8.8) → DCpromo will warn or fail. Always 127.0.0.1 on the DC itself.
  • Updates take 30+ minutes the first time. That's normal for a fresh ISO; reduce friction by using a recent ISO if available.

After-action prompt: "You set the DNS server to 127.0.0.1 instead of a public DNS. Why is that the right answer for a domain controller — and what would break tomorrow if you set it to 8.8.8.8?"

Phase 3 — Install AD DS role (~10 min)

Goal: The Active Directory Domain Services role is installed (but not yet configured) on the VM.

Inside the VM (PowerShell as Admin):

# Inspect what roles are available and installed
Get-WindowsFeature | Where-Object Installed

# Install AD DS plus the management tools
Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools

# Verify
Get-WindowsFeature -Name AD-Domain-Services
# Installed = True

Concepts to name out loud:

  • This is a server role — a role is a bundle of services Windows Server provides. AD DS, DNS, DHCP, IIS, File Server — each is a role you install separately. Keeping a server minimal (only the roles it needs)

Content truncated.

Search skills

Search the agent skills registry