Install a New Active Directory forest on an Azure Virtual Network

  • [アーティクル]

This post will show how to install a new Active Directory forest on an Azure Virtual Network.  We will use this domain controller and virtual network in subsequent posts.

DISCLAIMER: This post does not contain definitive guidance on the correct way to create a domain controller in Azure.  For more definitive guidance, please see TechNet guidance, including Guidelines for Deploying Windows Server Active Directory on Azure Virtual Machines.  Please don’t expect that I will be able to answer support issues for your particular AD deployment scenario. 

I am going to loosely follow along with the article “Install a new Active Directory forest on an Azure virtual network” to show how to set up a new forest, just adding pictures along the way. 

That said, let’s just dive in.

Create an Affinity Group

I am going to use an affinity group because I want the compute and storage resources located closely together.  I created an affinity group named “kirke-java-east”, but the name can be whatever you want. 

image

Create a Storage Account

You can create a storage account as part of the wizard to create a new virtual machine, but I prefer to create it ahead of time.  I made sure to use the affinity group that we just created as the location.

image

Note that you can use zone redundant storage or geo-replicated storage, but I chose to use locally redundant to reduce costs.  In a production scenario, I would provision according to requirements.

Create the Virtual Network

Start by creating a virtual network.  Go to Networks / Virtual Networks and choose “Create a virtual network”.  Provide the name and region and click next.  The virtual network doesn’t participate in the affinity group, so we choose the same region as our affinity group.

image

Leave DNS servers blank, and don’t worry about creating a VPN just yet.

image

For the subnet address space, I chose to use a 10.0.0.0 start address with a CIDR of /24 (256).

image

Create the Cloud Service

Again, you could do this as part of the wizard to create a virtual machine, but I am showing the cloud service creation separately for completeness.  Create a new cloud service.  I used the custom create option, but quick create does the same thing.  Use the same affinity group you chose previously.

image

Note that the name can be anything you want, what matters is the affinity group.

Create the Virtual Machine

Now create the virtual machine.  Choose the latest Windows Server image from the gallery.

image

Next we’ll give some properties, including the size, login name, and password.

image

Now I can use the VNet, cloud service, and storage account that were created previously.  I choose not to use an availability set for the VM.

image

Note that we could have skipped the affinity group, because the virtual machine will be created in the same location as the virtual network.  I will use the affinity group in a subsequent post. 

Finally, choose to install the VM Agent.

image

Click finish, and after some time your virtual machine will be created.

Set a Static IP Address

The IP address will remain for the duration that the VM is running, but can change if the VM is shut down.  We can use PowerShell to assign a static IP to our previously created VM.  We use Test-AzureStaticVNetIP to test if it’s available (IsAvailable=true, if it’s not available then we see the list of available addresses).

image

We then assign the static IP.

image

The script I used is:

Code Snippet

  1. Test-AzureStaticVNetIP –VNetName KirkE-Java-VNet –IPAddress 10.0.0.5
  2. Get-AzureVM -ServiceName kirke-java-east -Name DC1 | Set-AzureStaticVNetIP -IPAddress 10.0.0.5 | Update-AzureVM

 

Create an Empty Disk and Format

image

The next screen is where you specify the size, for example 10 GB.  Make sure to leave the other settings as the default.

image

Once the virtual machine is done updating, connect to the VM using remote desktop.  Once connected, choose Tools / Computer Management.

image

Choose Disk Management, and you will be prompted to initialize the disk.  Choose OK.

image

Once initialized, right-click the new disk and choose “New Simple Volume”.

image

Next, next, next, Finish. 

image

You are then prompted to format the disk.  Choose “Format disk”.

image

image

Bob’s yer uncle, a new disk is now available.

Install Active Directory Domain Services

In the Server Manager dashboard, choose Add Roles and Features.  Choose role-based.

image

Use the local server (pretty cool, notice the IP address is the static one that we used previously).

image

Choose Active Directory Domain Services.

image

You will be prompted to add features.  You need these, so click “Add Features”.

image

Click Next, and when prompted to add additional features just click Next.

You are prompted to install the selected roles and features.  Click Install.  Optionally you can automatically restart the server.  A restart is not required to install ADDS, but is required after you promote the machine to a domain controller. 

image

You can view progress while ADDS is being installed. 

image

If you aren’t a fan of watching progress bars, you can close the wizard or wait for it to complete. 

Once complete, you will see a warning icon in the dashboard.  Click it to see the additional steps required.

image

Promote to a Domain Controller

The next step is to promote the VM to a domain controller.  I am following along with the TechNet documentation, “Install a New Windows Server 2012 Active Directory Forest (Level 200)”.Choose Add a new forest, and I used the name “corp.blueskyabove.us”.  Use your own name, of course.

image

I then leave the default functional levels, and provide a password.

image

On the delegation options screen, just click Next.

image

Leave the NetBIOS domain name.

image

Now change the drive letter to the drive we created before.  Instead of putting the files on the OS drive, we will use our new data disk, the E drive.

image

Next, Next, Install, and the server will automatically restart.

Log In

You can now log into your new domain controller, using the domain credentials.  You can see that I now have Active Directory Users and Computers, and can see that I am logged in as corp\myadmin.

image

Set the DNS Server for the Virtual Network

Now that we’ve created the domain controller, we can set it as the DNS server for the virtual network.  Go to the virtual network in the Azure management portal and go to the Configure tab.  Set the name and IP of the virtual machine and click Save.

image

Finally, select the VM and click Restart to trigger the VM to configure DNS resolver settings with the IP address of the new DNS server.

Congratulations, you now have a domain controller in Azure, and it is configured as the DNS server for the virtual network.  We’ll use this in a subsequent post.

For More Information

Guidelines for Deploying Windows Server Active Directory on Azure Virtual Machines

Install a new Active Directory forest on an Azure virtual network

Configure a Static Internal IP Address for a VM

Install a New Windows Server 2012 Active Directory Forest (Level 200)

Comments

  • Anonymous
    October 08, 2015
    Used this post from beginning to setup my first DC on Azure and everything worked exactly as described. Great post and thanks! Learned a lot.

  • Anonymous
    April 04, 2016
    How should the second DC be set up?I presume that it should have its own static IP address and have the same name for the root domain as the first one.In this case, I can't see the application servers as computers under the second DC, and if the first DC machine is restarting or it is down, I can't log in on the application server using domain usernameAny help appreciated

    • Anonymous
      June 06, 2016
      The comment has been removed

  • Anonymous
    November 26, 2016
    Hey ,Good post Thank you very much.I have query on this post. Forest =corp.blueskyabove.us, Then what will be the domain ?I am confused between domain and forest.RegardsKoti Reddy