Elyse DOMAIN IN A BOX

OVERVIEW

This guide provides step-by-step instructions for building a complete Elyse test environment from scratch using Hyper-V virtual machines on a single physical computer. This is intended for lab, testing, and demonstration purposes.

What is Hyper-V? Hyper-V is a feature built into Windows that lets you create “virtual machines” (VMs) — essentially computers running inside your computer. Each VM behaves like a separate physical machine with its own operating system, but they all share your physical hardware. This allows you to build an entire network of servers on a single PC.

How to enable Hyper-V: Click Start, type Turn Windows features on or off, tick Hyper-V, click OK, and restart your PC. If the Hyper-V checkbox is greyed out, you may need to enable virtualisation (Intel VT-x or AMD-V) in your PC’s BIOS/UEFI settings. Note that Windows Home editions do not include Hyper-V — you need Windows 10/11 Pro or Enterprise.

The environment consists of five virtual machines:

VM NameRoleIPRAMDisk
ELYSE-DC01Domain Controller (manages user identities)10.0.0.104 GB60 GB
ELYSE-SQL01SQL Server (stores the database)10.0.0.208 GB80 GB
ELYSE-BE01Backend (IIS/.NET application server)10.0.0.304 GB60 GB
ELYSE-FE01Frontend (IIS web server)10.0.0.404 GB60 GB
ELYSE-WK01Workstation (Windows 11 user PC)10.0.0.504 GB64 GB

Domain: elyse.local | Network: 10.0.0.0/24 (Internal switch, no internet)

This appendix cross-references:

PREREQUISITES

Downloading SQL Server Express for offline use (or use a higher edition if you have one): The lab VMs will not have internet access, so download the full installer on your host PC first.
  1. Go to the SQL Server Downloads page and download the Express installer.
  2. Run the downloaded installer on your host PC. Instead of clicking “Basic” or “Custom”, select Download Media.
  3. Choose Express Advanced (approximately 700–800 MB). This downloads a single file containing the full engine.
  4. Save this file somewhere you can find it later (e.g., C:\Lab-Elyse\ISOs\).

PHASE 1: NETWORK AND STORAGE PREPARATION

Step 1: Create the Hyper-V Internal Switch

A virtual switch is like a virtual network cable that connects your VMs together. An “Internal” switch allows the VMs to communicate with each other and with your host PC, but does not give them internet access — perfect for an isolated lab.

  1. Open Hyper-V Manager (click Start, type Hyper-V Manager, click the result).
  2. On the right-hand side of the window, in the Actions pane, click Virtual Switch Manager...
  3. A new window opens. On the left, “New virtual network switch” should already be highlighted.
  4. On the right, select Internal.
  5. Click Create Virtual Switch.
  6. In the Name field, type: Elyse-Internal-Switch
  7. Leave all other settings as they are.
  8. Click OK.
What just happened? You created a virtual network. When you create VMs in the next steps, you will connect them to this switch so they can “talk” to each other using IP addresses, just like real computers on a real network.

Step 2: Create VM Storage Folders

Each VM stores its files (virtual hard drives, configuration, etc.) in a folder. We create a dedicated folder for each VM to keep things organised.

  1. Open File Explorer (click the folder icon on your taskbar, or press Windows Key + E).
  2. Navigate to your fastest drive (usually C:). Click This PC in the left pane, then double-click your C: drive.
  3. Right-click in an empty area > New > Folder. Name it Lab-Elyse and press Enter.
  4. Double-click Lab-Elyse to open it.
  5. Create six sub-folders inside it (right-click > New > Folder for each): DC01, SQL01, BE01, FE01, WK01, ISOs
  6. Copy your downloaded ISO files into C:\Lab-Elyse\ISOs\. (Navigate to your Downloads folder, right-click each ISO > Copy, then navigate to the ISOs folder, right-click > Paste.)
C:\Lab-Elyse\DC01\
C:\Lab-Elyse\SQL01\
C:\Lab-Elyse\BE01\
C:\Lab-Elyse\FE01\
C:\Lab-Elyse\WK01\
C:\Lab-Elyse\ISOs\     (contains your ISO files)

PHASE 2: DOMAIN CONTROLLER (ELYSE-DC01)

The Domain Controller (DC) is the most critical server. It manages user identities, passwords, and security for the entire network. We build this first because all other servers need to “join” the domain it creates.

Step 3: Create the ELYSE-DC01 Virtual Machine

  1. Open Hyper-V Manager if not already open.
  2. In the left pane, right-click your computer name and select New > Virtual Machine...
  3. The “New Virtual Machine Wizard” opens:
    1. Before You Begin: Click Next.
    2. Specify Name and Location: Name: ELYSE-DC01. Tick Store the virtual machine in a different location. Click Browse... and select C:\Lab-Elyse\DC01. Click Next.
    3. Specify Generation: Select Generation 2 (supports modern UEFI and security features). Click Next.
    4. Assign Memory: Set to 4096 MB (4 GB). Uncheck “Use Dynamic Memory”. Click Next.
    5. Configure Networking: Select Elyse-Internal-Switch from the dropdown. Click Next.
    6. Connect Virtual Hard Disk: Leave defaults, set Size to 60 GB. Click Next.
    7. Installation Options: Select “Install an operating system from a bootable image file”. Click Browse... and select your Windows Server 2022 ISO from C:\Lab-Elyse\ISOs\. Click Next.
    8. Summary: Click Finish.

The VM is created but not running. You should see ELYSE-DC01 listed in Hyper-V Manager with state “Off”.

Step 4: Hardware Configuration (ELYSE-DC01)

Before starting the VM, adjust two settings:

  1. Right-click ELYSE-DC01 in Hyper-V Manager > Settings...
  2. Click Security in the left-hand list. Ensure Enable Trusted Platform Module is ticked.
  3. Click Processor in the left-hand list. Change Number of virtual processors to 2.
  4. Click OK.

Step 5: Install Windows Server (ELYSE-DC01)

  1. Right-click ELYSE-DC01 > Connect.... A console window opens (black screen — the VM is off).
  2. Click the green Start button (▶) in the toolbar at the top of the console window.
  3. IMPORTANT: When “Press any key to boot from CD or DVD...” appears, immediately press any key (e.g., spacebar). If you miss it, click the Reset button in the toolbar and try again.
  4. The Windows Setup screen appears:
    1. Language/Keyboard: Leave defaults. Click Next, then Install now.
    2. Select Windows Server 2022 Standard Evaluation (Desktop Experience).
      Do NOT select the version without “Desktop Experience” — that is Server Core (command-line only, no graphical interface).
    3. Accept the license terms. Click Next.
    4. Select Custom: Install Microsoft Server Operating System only (advanced).
    5. Select Drive 0 (60 GB). Click Next.
  5. Wait for installation (5–10 minutes). The VM restarts automatically. Do not press a key during the restart — let it boot from the hard drive.
  6. Set the Administrator password (e.g., ElyseLab2026!). Write this password down — you will use it for every VM.
  7. At the lock screen, send Ctrl+Alt+Delete to the VM: in the console toolbar, click the keyboard icon or go to Action > Ctrl+Alt+Delete. Then type your password and press Enter.

You should now see the Windows Server desktop with Server Manager open.

Step 6: Configure Static IP and Rename (ELYSE-DC01)

Every server needs a fixed (static) IP address so other servers can always find it.

Set the Static IP Address

  1. In Server Manager (opens automatically on login; if not, click Start and type Server Manager), click Local Server in the left sidebar.
  2. Find the Ethernet row (shows “IPv4 address assigned by DHCP”). Click that blue link.
  3. A “Network Connections” window opens. Right-click the Ethernet adapter > Properties.
  4. Click Internet Protocol Version 4 (TCP/IPv4) to highlight it, then click Properties.
  5. Select Use the following IP address and enter:
    IP address10.0.0.10
    Subnet mask255.255.255.0
    Default gateway(leave blank)
  6. Select Use the following DNS server addresses:
    Preferred DNS server127.0.0.1
    Why 127.0.0.1? This is the “loopback” address — it tells the server to use itself for DNS. Once this server becomes a Domain Controller, it will run its own DNS service.
  7. Click OK, then Close.

Rename the Computer

  1. Back in Server Manager > Local Server, find the Computer name row (shows a random name like WIN-ASDF1234). Click that blue link.
  2. A “System Properties” window opens. Click Change...
  3. In the Computer name field, type: ELYSE-DC01
  4. Click OK. A prompt says a restart is required. Click OK, then Close, then Restart Now.

Wait for the reboot. Log back in. Verify the computer name shows ELYSE-DC01 in Server Manager > Local Server.

Step 7: Install Active Directory Domain Services

Active Directory Domain Services (AD DS) is the feature that turns a server into a Domain Controller.

  1. In Server Manager, click Manage (top-right) > Add Roles and Features.
  2. The wizard opens:
    1. Before You Begin: Click Next.
    2. Installation Type: Leave “Role-based” selected. Click Next.
    3. Server Selection: Your server should be selected. Click Next.
    4. Server Roles: Find and tick Active Directory Domain Services.
    5. A popup asks to add required features. Click Add Features.
    6. Click Next through the remaining screens without changing anything.
    7. Click Install. Wait for completion. Do not close this window.

Step 8: Promote to Domain Controller

After AD DS installs, you will see a link: “Promote this server to a domain controller” (or a yellow warning flag at the top of Server Manager). Click it.

  1. Deployment Configuration: Select Add a new forest. Root domain name: elyse.local. Click Next.
  2. Domain Controller Options: Functional levels: Windows Server 2016. Check DNS server. DSRM Password: use the same Administrator password. Click Next.
  3. DNS Options: Ignore the yellow “DNS Delegation” warning. Click Next.
  4. Additional Options: NetBIOS name auto-fills as ELYSE. Click Next.
  5. Paths: Leave defaults. Click Next.
  6. Prerequisites Check: Verify the green checkmark (“All prerequisite checks passed successfully”). Click Install.
The server restarts automatically. The first login after promotion takes longer than usual. Log in with your Administrator password.

Step 9: Post-Promotion Health Check

Verify DNS Configuration

  1. Press Windows Key + R. Type ncpa.cpl and press Enter. (This opens the Network Connections window.)
  2. Right-click the Ethernet adapter > Properties.
  3. Select Internet Protocol Version 4 (TCP/IPv4) > Properties.
  4. Verify Preferred DNS server is 127.0.0.1. (Windows sometimes changes this to ::1 during DC promotion — change it back if needed.)
  5. Click OK and Close.

Verify the Domain is Active

  1. In Server Manager, click the Tools menu (top-right area).
  2. Select Active Directory Users and Computers. A new window opens.
  3. In the left pane, you should see elyse.local. Click the arrow next to it to expand. You should see folders: Builtin, Computers, Domain Controllers, Users.

If you can see these folders, your Domain Controller is working correctly.

Step 10: Configure Active Directory for Elyse

Now follow the Domain Setup guide completely to create the service accounts and security group required by Elyse.

Lab substitutions: When following the Domain Setup guide:
  • Replace yourdomain.com with elyse.local
  • Replace YOURDOMAIN with ELYSE
  • Use your lab password for the service account passwords
Complete all steps before proceeding.

PHASE 3: SQL SERVER (ELYSE-SQL01)

Step 11: Create the ELYSE-SQL01 Virtual Machine

  1. In Hyper-V Manager (on your host PC), right-click your computer name > New > Virtual Machine...
  2. Walk through the wizard:
    1. Before You Begin: Click Next.
    2. Name and Location: Name: ELYSE-SQL01. Tick “Store in a different location” and browse to C:\Lab-Elyse\SQL01. Click Next.
    3. Generation: Select Generation 2. Click Next.
    4. Memory: 8192 MB (8 GB). Uncheck Dynamic Memory. (SQL Server performs better with fixed RAM.) Click Next.
    5. Networking: Select Elyse-Internal-Switch. Click Next.
    6. Hard Disk: 80 GB (SQL needs more room than the DC). Click Next.
    7. Installation Options: Browse to your Windows Server 2022 ISO. Click Next.
    8. Summary: Click Finish.

Step 12: Hardware Configuration (ELYSE-SQL01)

  1. Right-click ELYSE-SQL01 > Settings...
  2. Processor: Set to 4 virtual processors (SQL Server benefits from more CPU cores).
  3. Security: Ensure Enable Trusted Platform Module is ticked.
  4. (Optional) Checkpoints: Change to Standard Checkpoints for easier rollback.
  5. Click OK.

Step 13: Install Windows Server (ELYSE-SQL01)

Follow the same process as Step 5 (ELYSE-DC01):

  1. Right-click ELYSE-SQL01 > Connect.... Click the green Start button.
  2. Immediately press any key when “Press any key to boot from CD or DVD” appears.
  3. Language defaults > Next > Install now.
  4. Select Windows Server 2022 Standard Evaluation (Desktop Experience). Click Next.
  5. Accept license > Custom install > Drive 0 (80 GB) > Next.
  6. Wait for installation. Do not press a key during reboots.
  7. Set the Administrator password (same lab password). Log in.

Step 14: Configure Networking (ELYSE-SQL01)

  1. Press Windows Key + R, type ncpa.cpl, press Enter.
  2. Right-click Ethernet > Properties.
  3. Select Internet Protocol Version 4 (TCP/IPv4) > Properties.
  4. Select Use the following IP address:
    IP address10.0.0.20
    Subnet mask255.255.255.0
    Default gateway(leave blank)
  5. Select Use the following DNS server addresses:
    Preferred DNS server10.0.0.10
    Why 10.0.0.10? This points to your Domain Controller (ELYSE-DC01), which runs the DNS service. If this is wrong, the domain join in the next step will fail.
  6. Click OK, then Close.

Step 15: Join the Domain (ELYSE-SQL01)

  1. Open Server Manager. Click Local Server in the left sidebar.
  2. Click the blue link next to Computer name (shows a random name like WIN-XXXX).
  3. Click Change...
  4. Computer name: ELYSE-SQL01
  5. Under Member of, select Domain and type: elyse.local
  6. Click OK. A credentials dialog appears:
    User nameELYSE\Administrator
    Password(your lab password)
  7. You should see: “Welcome to the elyse.local domain.”
  8. Click OK and Restart Now.
  9. After reboot, log in as ELYSE\Administrator.

Step 16: Transfer SQL Server Installer to the VM

Since the lab has no internet, transfer the SQL Server Express installer from your host PC to the VM:

Option A — Copy/Paste (easiest): If Enhanced Session Mode is enabled in Hyper-V (usually on by default), right-click the installer file on your host > Copy, then right-click the VM desktop > Paste.

Option B — ISO Mount: In Hyper-V Manager, right-click ELYSE-SQL01 > Settings... > SCSI Controller > DVD Drive. Select Image file and browse to the installer. Inside the VM, it appears as a DVD drive in File Explorer.

Step 17: Install SQL Server and Restore Database

Follow the SQL Server & Database guide completely.

Lab substitutions:
  • Replace YOURDOMAIN with ELYSE
  • Replace yourdomain.com with elyse.local
  • The svc_sql account was created in Step 10 (via the Domain Setup guide)
  • Transfer the Elyse database backup (.bak file) to the VM using the same method as Step 16
Complete all steps before proceeding.

Step 18: Configure KCD

Follow the KCD Configuration guide. Perform these steps on ELYSE-DC01 (not on the SQL server).

Lab substitutions:
  • Replace YOURDOMAIN with ELYSE
  • Replace yourdomain.com with elyse.local
  • SQL Server hostname: ELYSE-SQL01
  • Backend hostname: ELYSE-BE01
  • Frontend hostname: ELYSE-FE01 (for the frontend proxy SPNs — required because the frontend and backend are on separate servers)
Complete all steps before proceeding.

PHASE 4: BACKEND SERVER (ELYSE-BE01)

Step 19: Create the ELYSE-BE01 Virtual Machine

  1. In Hyper-V Manager, right-click your computer name > New > Virtual Machine...
  2. Walk through the wizard:
    1. Before You Begin: Click Next.
    2. Name and Location: Name: ELYSE-BE01. Tick “Store in a different location”, browse to C:\Lab-Elyse\BE01. Click Next.
    3. Generation: Generation 2. Click Next.
    4. Memory: 4096 MB. Uncheck Dynamic Memory. Click Next.
    5. Networking: Elyse-Internal-Switch. Click Next.
    6. Hard Disk: 60 GB. Click Next.
    7. Installation Options: Browse to your Windows Server 2022 ISO. Click Next.
    8. Summary: Click Finish.
  3. Hardware Tweaks: Right-click ELYSE-BE01 > Settings...
    • Processor: Set to 2.
    • Security: Enable TPM.
    Click OK.

Step 19b: Install Windows Server (ELYSE-BE01)

Follow the same Windows Server installation process as Step 5 / Step 13:

  1. Connect to the VM and click Start. Press a key immediately to boot from the ISO.
  2. Select Windows Server 2022 Standard Evaluation (Desktop Experience).
  3. Custom install > Drive 0 (60 GB) > Next. Wait for installation.
  4. Set the Administrator password (same lab password). Log in.

Step 20: Configure Networking and Join Domain (ELYSE-BE01)

Set the Static IP

  1. Press Windows Key + R, type ncpa.cpl, press Enter.
  2. Right-click Ethernet > Properties.
  3. Select IPv4 > Properties. Enter:
    IP address10.0.0.30
    Subnet mask255.255.255.0
    Default gateway(leave blank)
    Preferred DNS10.0.0.10
  4. Click OK, then Close.

Join the Domain

  1. Open Server Manager. Click Local Server.
  2. Click the blue link next to Computer name. Click Change...
  3. Computer name: ELYSE-BE01. Member of: Domain: elyse.local. Click OK.
  4. Credentials: ELYSE\Administrator / (lab password).
  5. You should see: “Welcome to the elyse.local domain.”
  6. Click OK and Restart Now. After reboot, log in as ELYSE\Administrator.

Step 21: Deploy the Backend

Transfer the backend deployment zip to ELYSE-BE01 (using copy/paste or ISO mount as in Step 16) and follow the Backend Installation (Server) instructions.

When configuring the .env file, use these lab values:

DB_HOST=ELYSE-SQL01
DB_NAME=Elyse_DB
USE_KCD=true

PHASE 5: FRONTEND SERVER (ELYSE-FE01)

Step 22: Create the ELYSE-FE01 Virtual Machine

  1. In Hyper-V Manager, right-click your computer name > New > Virtual Machine...
  2. Walk through the wizard:
    1. Before You Begin: Click Next.
    2. Name and Location: Name: ELYSE-FE01. Tick “Store in a different location”, browse to C:\Lab-Elyse\FE01. Click Next.
    3. Generation: Generation 2. Click Next.
    4. Memory: 4096 MB. Uncheck Dynamic Memory. Click Next.
    5. Networking: Elyse-Internal-Switch. Click Next.
    6. Hard Disk: 60 GB. Click Next.
    7. Installation Options: Browse to your Windows Server 2022 ISO. Click Next.
    8. Summary: Click Finish.
  3. Hardware Tweaks: Right-click ELYSE-FE01 > Settings...
    • Processor: Set to 2.
    • Security: Enable TPM.
    • Firmware: Ensure DVD Drive is at the top of the boot order. (If not, select it and click “Move Up”.)
    Click OK.

Step 22b: Install Windows Server (ELYSE-FE01)

Follow the same Windows Server installation process:

  1. Connect to the VM and click Start. Press a key immediately to boot from the ISO.
  2. Select Windows Server 2022 Standard Evaluation (Desktop Experience).
  3. Custom install > Drive 0 (60 GB) > Next. Wait for installation.
  4. Set the Administrator password (same lab password). Log in.

Step 23: Configure Networking and Join Domain (ELYSE-FE01)

Set the Static IP

  1. Press Windows Key + R, type ncpa.cpl, press Enter.
  2. Right-click Ethernet > Properties.
  3. Uncheck Internet Protocol Version 6 (TCP/IPv6) to prevent DNS interference.
  4. Select IPv4 > Properties. Enter:
    IP address10.0.0.40
    Subnet mask255.255.255.0
    Default gateway(leave blank)
    Preferred DNS10.0.0.10
  5. Click OK, then Close.

Join the Domain

  1. Open Server Manager. Click Local Server.
  2. Click the blue link next to Computer name. Click Change...
  3. Computer name: ELYSE-FE01. Member of: Domain: elyse.local. Click OK.
  4. Credentials: ELYSE\Administrator / (lab password).
  5. You should see: “Welcome to the elyse.local domain.”
  6. Click OK and Restart Now. After reboot, log in as ELYSE\Administrator.

Step 24: Deploy the Frontend

Transfer the frontend deployment zip to ELYSE-FE01 (using copy/paste or ISO mount) and follow the Frontend Installation instructions.

When configuring assets/config.json:

{ "apiUrl": "http://ELYSE-FE01:8080/api" }

Because the backend is on a separate server (ELYSE-BE01), you must also edit the web.config file in C:\inetpub\wwwroot\Elyse\frontend\:

  1. Open File Explorer and navigate to C:\inetpub\wwwroot\Elyse\frontend\.
  2. Right-click the web.config file and select Open with > Notepad.
  3. Find the line containing http://127.0.0.1:5000/api/{R:1} (this is the BackEndProxy rewrite rule).
  4. Change it to: http://ELYSE-BE01:5000/api/{R:1}
  5. Save the file (Ctrl+S) and close Notepad.

This tells the frontend IIS site to proxy API requests to the backend server on ELYSE-BE01.

PHASE 6: WORKSTATION (ELYSE-WK01)

The workstation VM provides a domain-joined Windows 11 client for testing the application as an end user would experience it.

Important: While this phase is optional for production environments (where users already have domain-joined PCs), it is required for lab testing. Kerberos pass-through authentication can only be properly tested from a domain-joined workstation — not from the server itself. Without this VM, you cannot verify that the complete authentication chain (browser → frontend → backend → SQL Server) works transparently.

Step 25: Download Windows 11 Enterprise ISO

If not already downloaded:

  1. On your physical host machine (not inside a VM), open a web browser.
  2. Go to the Microsoft Evaluation Center — Windows 11 Enterprise.
  3. Click the download link for the 64-bit ISO. You may need to fill out a brief registration form.
  4. The download is approximately 6–7 GB. Save it to C:\Lab-Elyse\ISOs\.

Step 26: Create the ELYSE-WK01 Virtual Machine

  1. In Hyper-V Manager, right-click your computer name > New > Virtual Machine...
  2. Walk through the wizard:
    1. Before You Begin: Click Next.
    2. Name and Location: Name: ELYSE-WK01. Tick “Store in a different location”, browse to C:\Lab-Elyse\WK01. Click Next.
    3. Generation: Generation 2 (required for Windows 11). Click Next.
    4. Memory: 4096 MB. Uncheck Dynamic Memory. Click Next.
    5. Networking: Elyse-Internal-Switch. Click Next.
    6. Hard Disk: 64 GB. Click Next.
    7. Installation Options: Browse to your Windows 11 Enterprise ISO. Click Next.
    8. Summary: Click Finish.
  3. Hardware Tweaks (critical for Windows 11): Right-click ELYSE-WK01 > Settings...
    • Security: Ensure Enable Trusted Platform Module (TPM) is ticked. Windows 11 will refuse to install without this.
    • Processor: Set to 2.
    Click OK.

Step 27: Install Windows 11

  1. Right-click ELYSE-WK01 > Connect.... Click the green Start button.
  2. Immediately press any key when “Press any key to boot from CD or DVD” appears.
  3. Follow the installer prompts:
    1. Select your language and keyboard. Click Next.
    2. Click Install now.
    3. If asked for a product key, click “I don’t have a product key” (the Enterprise Evaluation usually skips this).
    4. Select Windows 11 Enterprise. Click Next.
    5. Accept the license terms. Click Next.
    6. Select Custom: Install Windows only (advanced).
    7. Select Drive 0 (64 GB). Click Next.
  4. Wait for installation. The VM will restart.
  5. When asked “How would you like to set up this device?”, choose Set up for work or school.
  6. On the sign-in screen, look for Sign-in options and choose Domain join instead (or “Local account”). We want a local desktop first so we can set the IP and join the domain properly.

OOBE Network Bypass

Windows 11 may insist on a network connection before letting you continue. Since our lab has no internet, you need to bypass this:

  1. On the “Let’s connect you to a network” screen, press Shift + F10 on your keyboard. (On some laptops, you may need Shift + Fn + F10.) A black Command Prompt window opens.
  2. Type the following command exactly and press Enter: OOBE\BYPASSNRO
  3. The VM will automatically reboot and return to the beginning of setup.
  4. Go through the Region and Keyboard screens again.
  5. This time, on the “Let’s connect you to a network” screen, you will see a new option: “I don’t have internet”. Click it.
  6. On the next screen, click “Continue with limited setup”.

Create a local user (e.g., LabAdmin) and set a password. Complete the remaining setup screens to reach the desktop.

Step 28: Configure Networking and Join Domain (ELYSE-WK01)

Set the Static IP

  1. Right-click the Start button > Run. (Or press Windows Key + R.)
  2. Type ncpa.cpl and press Enter.
  3. Right-click Ethernet > Properties.
  4. Uncheck Internet Protocol Version 6 (TCP/IPv6) to prevent DNS interference.
  5. Select Internet Protocol Version 4 (TCP/IPv4) > Properties. Enter:
    IP address10.0.0.50
    Subnet mask255.255.255.0
    Default gateway(leave blank)
    Preferred DNS10.0.0.10
  6. Click OK, then Close.

Join the Domain (Windows 11 method)

Important: The domain join process on Windows 11 is different from Windows Server. Follow these steps carefully.
  1. Click Start > Settings (the gear icon).
  2. Click Accounts in the left sidebar.
  3. Click Access work or school.
  4. Click the Connect button.
  5. CRITICAL: Do NOT type anything in the email box at the top. Instead, look at the very bottom of the pop-up window for the link: “Join this device to a local Active Directory domain”. Click that link.
  6. Type the domain name: elyse.local. Click Next.
  7. Enter credentials:
    User nameELYSE\Administrator
    Password(your lab password)
  8. Click OK through any prompts and Restart the VM.

Verify the Domain Join

  1. After the reboot, at the login screen, click Other User (bottom-left).
  2. Look at the bottom of the screen — it should say “Sign in to: ELYSE”.
  3. Log in as:
    User nameELYSE\Administrator
    Password(your lab password)

If you see “Sign in to: ELYSE” and can log in, the domain join was successful.

PHASE 7: POST-DEPLOYMENT

Step 29: Create Test User Accounts

Before you can test the application, you need regular domain user accounts. The Administrator account should not be used for application testing — it is not a member of the Elyse_Users group and is not representative of how real users will access the system.

Switch to ELYSE-DC01 and open Active Directory Users and Computers (Server Manager > Tools > Active Directory Users and Computers).

  1. In the left panel, expand elyse.local and click on the Elyse OU.
  2. Right-click the Elyse OU > New > User.
  3. Create the first test user:
    First nameJane
    Last nameSmith
    User logon namejsmith
    Click Next. Set the password to your lab password. Uncheck “User must change password at next logon” and check “Password never expires” (for lab convenience). Click Next, then Finish.
  4. Repeat to create a second test user:
    First nameJohn
    Last nameDoe
    User logon namejdoe
  5. Add both users to the Elyse_Users security group:
    1. In the right panel of ADUC, double-click the Elyse_Users group to open its properties.
    2. Click the Members tab.
    3. Click Add...
    4. Type: jsmith; jdoe and click Check Names. Both names should become underlined.
    5. Click OK, then OK again.

Step 30: Bootstrap and Test the System

Follow Bootstrapping to:

Important: Log in to ELYSE-WK01 as a test user (e.g., ELYSE\jsmith), not as ELYSE\Administrator. The Administrator account is not a member of the Elyse_Users group and cannot access the application. Testing as a regular user is essential to verify that Kerberos pass-through authentication is working correctly.

In this lab context:

LAB ENVIRONMENT SUMMARY

When all phases are complete:

VMIPRole
ELYSE-DC0110.0.0.10Domain Controller for elyse.local
ELYSE-SQL0110.0.0.20SQL Server with Elyse_DB database
ELYSE-BE0110.0.0.30.NET backend on IIS with KCD
ELYSE-FE0110.0.0.40Angular frontend on IIS
ELYSE-WK0110.0.0.50Windows 11 workstation for testing

Service Accounts

AccountPurpose
ELYSE\svc_sqlSQL Server Database Engine
ELYSE\svc_elyse_beIIS Application Pool (backend)

Security Group

ELYSE\Elyse_Users — Users permitted to access Elyse

SPNs

SPNAccountPurpose
MSSQLSvc/ELYSE-SQL01.elyse.local:1433svc_sqlSQL Server (FQDN)
MSSQLSvc/ELYSE-SQL01:1433svc_sqlSQL Server (short name)
HTTP/ELYSE-BE01.elyse.localsvc_elyse_beBackend HTTP (FQDN)
HTTP/ELYSE-BE01svc_elyse_beBackend HTTP (short name)
HTTP/ELYSE-FE01.elyse.localsvc_elyse_beFrontend proxy (FQDN) — allows backend to accept Kerberos tickets sent to the frontend hostname
HTTP/ELYSE-FE01svc_elyse_beFrontend proxy (short name)

KCD

svc_elyse_be is trusted for delegation to MSSQLSvc on svc_sql.