On October second, I wrote about Deploying Active Directory to Azure. However, after re-reading it i realized it was heavy on getting the Point-to-Site VPN going and light on the actual AD deployment part. Let me fix that right now.
In this article we’re going to go over the AD part in great details.
Before we start. I recommend you setup your own lab and try this for yourselves. If you’re anything like me you learn by doing it, getting your hand dirty and getting down to brass tax.
- Download Windows Server 2012 or Windows Server 2012 R2 Preview
- Use the info in this post to setup your own lab
- consume the following MVA modules (they’re full of great info you can access at your convenience.)
- Upgrading Skills to Windows Server 2012 Jump Start
- Windows Server 2012: Identity and Access
- Windows Server 2012 Training: Networking
- Windows Server 2012 Training: Technical Overview
1- All right, we have our site-to-site VPN to Azure, the first thing we need to do is define this new network as a new site within AD. In the Active Directory Sites and Services right-click the top level Site container on the left pane and click New, Site.
2- in the New Object – Site dialogue box, we’re entering a meaningful name, that will define the new site. in our case, Lab-Azr and click OK.
3- In the Subnet container, we will define the subnets we have created in our virtual network on Azure.
and link both of those to the Lab-Azr site we created in step 2.
4- To speed up the process we created a Windows Server 2012 server from the gallery in Azure.
5- We gave it the AZR_DC2 name and gave it some credential that will be use until we join it to the domain.
6- In the machine configuration, ensure that the virtual network subnet is pointing to one of the ones we assigned to the Lab-Azr AD site in step 3.
7- The Azure endpoints are left as defaults and click the check mark in the lower right corner to start the provisioning process.
The machine will be created and started (it took about 10 minutes on our end.)
8- Once the machine is created, on the virtual machine details page for AZR-DC2, click the Attach button located on the bottom navigation toolbar and select Attach Empty Disk.
9- Complete the following fields on the Attach an empty disk to the virtual machine form:
- Name: AZR-DC2-Data1
- Size: 10 GB
- Host Cache Preference: None
Once logged on, create a new partition on the additional data disk we attached earlier and format this partition as a new F: NTFS volume. This volume will be used for our NTDS DIT database, log and SYSVOL folder locations.
11- Using the Server Manager tool, install Active Directory Domain Services and promote this server to the newly created machine and promote it as a new Dc in an existing Active Directory domain with the following parameters:
- Active Directory domain name: DNS name of on-premise Active Directory domain. in our case Contoso.com
- Active Directory site name: LabAzr
12- when asked to specify the AD DS database, log files and SYSVOL, point them to the F: drive as shown below.
13- The machine will be promoted and once rebooted will appear in our AD, as view below on premise, on DC1.
14- In order to be able to manage it using our Server Manger on premise, logon to the AZR-DC2 machine and ensure that Remote Management is enabled in server manager.
15- All there is left to do at this point is to add it to our console on the server we use to manage our environment. For me that would be the DC1 machine in my lab.
Now that we have clearly demonstrated how to extend our network and our AD to Azure, we can start using it for other workloads such as VM failovers, file replications, rapid deployment of application servers to support the business units and allow all of it to identify and authenticate our users and service accounts.
we will cover some of these workloads in the following weeks. Feel free to leave a comment if there is a particular workload you want us to look at.