TJ Hoag
Hands-on

Lab Walkthroughs

Step-by-step breakdowns of real builds - Active Directory, hybrid identity, home lab infrastructure, and security tooling. Not theory, just what I built and how.

Walkthroughs
Labs

These walkthroughs come from my own home lab: a Docker host running 31 containers organized into logical stacks, plus Windows Server virtual machines for Active Directory and hybrid identity testing. Each lab below is being written up as a full step-by-step guide - the commands, the screenshots, and the mistakes I hit along the way - so you can rebuild the same environment yourself.

The first guides cover the identity fundamentals I use every day supporting 30+ higher education institutions: standing up an Active Directory domain from scratch, syncing it to Entra ID with Entra Connect, and enforcing MFA with Conditional Access policies. An Okta lab is planned after those - connecting a developer tenant to the same directory to compare SSO and provisioning against Entra ID. On the infrastructure side, the Docker walkthrough expands on how I organized 31 containers into 7 stacks with monitoring and secrets management.

Until each guide ships, the blog covers the same ground in story form - see a real hybrid identity lockout or the MFA chicken-and-egg loop for the kinds of failures these labs are built to reproduce.

IAM Infrastructure COMING SOON

Active Directory Domain Build

Stand up a Windows Server domain controller from scratch, create OUs, configure Group Policy, join workstations, and set up a basic user provisioning workflow. The foundation for every hybrid identity lab that follows.

Windows Server, AD DS, DNS, Group Policy
IAM COMING SOON

Entra ID Connect and Hybrid Join

Connect an on-prem Active Directory to Entra ID with Entra Connect Sync, configure hybrid join for devices, and test password hash sync and seamless SSO in a real lab environment.

Entra ID, Entra Connect, Hybrid Join, SSO
Infrastructure COMING SOON

Docker Stack Organization

Organize containers into logical stacks with shared networking, secrets management, Prometheus and Grafana monitoring, and automated backups. Based on the approach from the 31-container reorganization blog post.

Docker, Compose, Prometheus, Grafana
Security IAM COMING SOON

MFA and Conditional Access Policies

Configure Entra ID Conditional Access policies, enforce MFA for specific user groups, set up break-glass accounts, and test the authentication flow end to end.

Entra ID, Conditional Access, MFA, Security