TOPE Georges-Emmanuel

Dec 28, 2017

8 min read

Installing an Active Directory Domain on Azure VMs

Originally published at https://www.supinfo.com/articles/single/5991-installing-an-active-directory-domain-in-azure-iaas

Introduction

This article is a step-by-step guide to guide you through the installation and configuration of an Active Directory domain in Microsoft Azure in IaaS mode.

The deployment of an ADDS domain presupposes the existence of a computer network and the need to centralize the identities of users and resources using this computer network.

Active Directory Domain Services is the backbone of an IT infrastructure in a Microsoft-based environment, as it is essential to implement enterprise messaging services with Microsoft Exchange , or communication services with Skype for Business.

We will assume that you already have a valid Azure subscription. Otherwise, you can follow the instructions at this address to create a new one: https://azure.microsoft.com/en-us/free/

We will use Windows Server 2016 for all of our demonstrations, with a view to highlighting any new features that have emerged since the release of version 2012 R2.

We will endeavor to prioritize clear and concise instructions rather than catches to minimize the length of this guide.

Objectives

At the end of this guide, you will be able to perform the following actions :

  • Using the Azure portal to manage your resources
  • Create a resource group
  • Create a virtual network
  • Configure DNS Settings for a Virtual Network
  • Create a virtual machine
  • Secure your resources by using network security groups
  • Connect to a virtual machine from the internet
  • Installing Active Directory Roles in Windows Server 2016
  • Create an ADDS Domain on Windows Server 2016
  • Add a secondary domain controller to your ADDS domain

Overview of Azure Portal

The Azure portal at http://portal.azure.com was officially launched in December 2015. Its main interest in the previous portal is how to deploy resources in Azure.

Where the old portal provided only granular resource management, this new portal provides the ability to logically pool resources sharing the same lifecycle into clusters called resource groups.

In addition to those features, it is more user-friendly, responsive and powerful compared to its predecessor.

Also, this new portal introduces new management paradigms for Azure administrators, introducing tools such as:

  • New PowerShell modules prefixed by AzureRM, which you can install with the AzureRM Install-Module command under Windows 10
  • New set of APIs for interaction from your applications
  • Ability to deploy your resources from templates via Azure Resource Manager
  • Ability to export your deployment for reuse (with a few changes) as templates via Azure Resource Manager

You can imagine, the list is much longer, but not to derive our main subject, we limit ourselves to these.

On the visual level, this portal Azure groups in its left side panel, the different types of resources that it is possible to create and manage there.

You will find on the right a customizable dashboard made up of tiles and slabs that are reminiscent of the experience introduced already with Windows 8.

The tiles here are the elements with an overview of the resources where the notifications go, and the tiles are the larger containers with a more detailed view of the resources and options available to manage them.

Creating resources from the Azure portal in visual mode

Although the Azure portal gives us the ability to create and deploy a set of resources directly from templates, in this article, we will simply create our resources by hand and step by step, rather than automating the deployment.

At this point, be sure to log in to the Azure portal at http://portal.azure.com

Creating a resource group

Follow these steps to create the resource group:

  • From the portal, click New in the left side of the portal
  • In the slab that appears, look for the term group to filter the list of available items
  • Click Resource Group, and then click the Create button
  • Name your resource group, and specify a subscription and a location for the resources you want to create later, and click Create to validate
  • You will be able to monitor the progress of your deployment from the notification area accessible by clicking on the bell located in the top bar of the portal

Creating a virtual network

Follow these steps to create a virtual network:

  • From the portal, click New
  • In the slab that appears, select Networking and then Virtual Network
  • In the Create virtual network panel, complete the following:
  • — The name of the network to be created (eg myKWS-VNet)
  • — An address space in CIDR format (eg 192.168.0.0/24)
  • — The subscription containing the previously created resource group The resource group created earlier, by selecting the option
  • — Use the same location as the resource group
  • — A name for the subnet that will be created by default as part of your deployment
  • — The address range to be allocated to the default subnet (eg 192.168.0.0/25)
  • Click the Create button to validate the operation
  • Check the actual creation of the virtual network before continuing

Configuring the virtual network DNS settings

It will still be possible to modify the DNS settings of the virtual network after adding VMs, however, you would have to shut down all the machines connected to the network before turning them back on so that the Azure DHCP service starts to distribute the new DNS settings to the VMs.

So much to bother to do now.

Follow these steps to configure the DNS settings for the virtual network:

  • From the Azure portal, select the Other services option in the left side of the portal to list all Azure services available from the portal
  • Filter the list by searching for virtual networks; you can pin it to the pane by clicking on the star next to the name of the service
  • In the resulting list, be careful to select the option virtual networks rather than virtual (virtual) networks,
  • In the slab that appears, click your virtual network, and then click the DNS Servers option under Settings
  • In the right pane, select the Custom option and specify the IP addresses that you would like to use for your ADDS domain controllers (ex: 192.168.0.4 and 192.168.0.5).
  • — Please note that the Microsoft Azure DHCP service will reserve the first IP and last IP of your range, respectively, as the network address and broadcast address; as well as the first 3 addresses usable for the infrastructure services needs of Microsoft Azure.
  • Click Save to validate the operation
  • As usual, you can follow the progress of the operation from the notification area

Creating a virtual machine

Follow these steps to create a virtual machine:

  • From the portal, select the New option in the left side pane
  • In the slab that appears, locate and select Windows Server 2016 Datacenter and click Create
  • In the Create Virtual Machine wizard, specify the following information:
  • — The name of the VM to be created (eg SRV-KWS-ADDS-01)
  • — The type of disc to use (choose here HDD rather than SSD)
  • — The username of the default administrator of the VM (ex: kws-admin)
  • — The password (eg EB7369C7–5295-B825–9818–26A2C4F8AB02)
  • — The subscription and the resource group created in the first step
  • — The location of the VM as well as the license options, knowing that the location of the VM must match that of the resource group and the virtual network, which makes good sense
  • Click OK to confirm and continue with the wizard
  • In the Choose a size pane, select the Show All option to list all available virtual machine sizes
  • Choose a size that suits you (eg A2M_V2) and click OK if you are not automatically redirected to the next step
  • In the Settings section, make the following settings:
  • — Use managed disks
  • — Disable automatic shutdown if necessary
  • Click OK to proceed to the next step
  • Review the options you chose earlier and accept the terms of use if you wish to continue.
  • Finally, validate the operation by clicking Buy As usual, you can follow the evolution of the deployment from the notification area

Secure your resources by using network security groups

Virtual machines created from the Azure portal are automatically associated with a public IP address and a preconfigured network security group to allow remote desktop access from the Internet via the RDP protocol.

At this stage, we will not need to modify the settings of the network security group.

Connect to a virtual machine from the internet

To connect to the virtual machine, you will need an RDP client such as the Microsoft Remote Desktop client on Windows and Mac or Remmina on Linux.

Once this condition is met, log in to the portal and follow these steps:

  • From the Azure portal, select your resource group, then your virtual machine
  • Select the Overview option, then click the Connect button
  • You can also log the IP address and use it directly with your remote desktop client.

Installing Active Directory Roles in Windows Server 2016

After the connection is established to the virtual machine, we can now install the roles required to create an Active Directory domain controller.

From the Server Manager, click Manage, and then click Add Roles and Features

In the window that appears, click Next until you reach the step to select the roles to install, then choose Active Directory Domain Services, and then click Add Features in the window that automatically appears to list dependencies.

Click Next until the wizard finishes, and then click the Install button to start the installation of the roles and features required for Active Directory Domain Services.

It is also possible to perform these steps using the PowerShell command below:

Install-WindowsFeature AD-Domain-Services -IncludeManagementTools

Create an ADDS Domain on Windows Server 2016

After you properly install the roles needed to run the Active Directory Domain Services on the server, you only need to promote it as an ADDS domain controller.

To do this from the GUI, click the Promote this server as a domain controller link

Since this is the very first domain controller to be installed, we need to create a new forest.

Select the Add New Forest option and specify the name of the forest, which will also match the name of the first domain in the Active Directory forest, and then click Next

Specify a password for the Active Directory Domain Services Restore mode, and then click Next until the prerequisite check step.

Click Install to start promoting the server as a domain controller and at the same time creating the forest and domain.

This can also be done via PowerShell using the following commands:

Install-ADDSForest -CreateDnsDelegation:$false -DatabasePath C:\Windows\NTDS" -DomainMode "Win2016" -DomainName "kws.domain.com" -DomainNetbiosName "KWS" -ForestMode "Win2016" -InstallDns:$true -LogPath "C:\Windows\NTDS" -NoRebootOnCompletion:$false -SysvolPath "C:\Windows\SYSVOL" -Force:$true
Microsoft
Azure
Active Directory
Powershell
DNS

--

--

AboutHelpTermsPrivacy

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
TOPE Georges-Emmanuel

TOPE Georges-Emmanuel

22 Followers

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech