Active directory journey to the cloud, Part-1: Setup

Introduction

While working in an organization on any cloud platform, did you ever think of what makes it possible to use the same credentials while logging in to your organization’s domain (laptop/desktop) as well as the cloud platform on which you work on ? This is possible only because your organizational AD is in sync with the Cloud provider’s AD. In this article we will try to have a high level understanding on how the integration happens between any organization’s AD and the Azure AD.

In this document, we will discuss the below points:

• Prerequisites
• Workflow
• Steps to be followed as per designed workflow
• Summary
• Alias
• References

Prerequisites

• Azure Account- Can use pay as you go or free trial Azure account as well.
• Custom Domain Name- You can purchase any custom domain name through any domain provider such as freenom.com, godaddy.com and many more.

Workflow

We will divide the entire setup into two parts-

1. Purchase the custom domain and do the DNS related configuration.
2. Create the VM’s at Azure cloud level and install the AD role on it so as to simulate it as On-premise AD.

Steps to be followed as per designed workflow-

1. Purchase the custom domain and do the DNS related configuration.

• Purchase a domain from any domain provider and make a note of it.
  I will be using chiragpilane.tk domain throughout this activity.

• Create a public DNS zone in the Azure with the same name (chiragpilane.tk) as the domain name purchased and click on create. NS and the SOA records will be created automatically within the DNS zone, but this will add an additional cost in Azure. Alternatively you can also use the DNS manager provided by the domain provider as it will not incur any cost.

• From the domain provider DNS manager click on manage DNS and map the NS record of our domain to the NS record of the public DNS zone created in the Azure so that all the requests for our domain will go to the Azure provided name servers.

• You can also validate whether updated NS records are reflected for your domain using any DNS checker website such as dnschecker.org, mxtoolbox.com.

2. Create the VM’s at Azure cloud level and install the ad role on it so as to simulate it as On-premise AD.

• Create a Windows VM using Windows Server 2019 Datacenter Image in Azure as shown in the screenshot below keeping rest of the settings as default. Once done click on Review+create.

• Login into the VM using RDP and install the AD role on the VM from the server manager.

• Once the AD role is installed, configure the AD and add your custom domain.

• Keep everything as default and click on install.

• Once our custom on-premise AD is configured, we will add the private IP of our DNS server as the custom DNS IP of the Vnet in which the server is deployed so that any server deployed in that Vnet will use our custom DNS for domain resolution instead of the Azure provided DNS.

• Create another VM in the Azure portal and join it to your custom-created domain.

• Add the server to our custom domain.

• Kindly refer the Part-2 of this article to know the further process of AD Integration.

Summary

Through this article, we were able to setup all the required prerequisites for integrating on-premise AD with the Azure AD using a custom domain. The article also explains the usage of DNS zone, one of the resources of Azure.

Alias

• AD - Active Directory
• DNS - Domain Name Service
• NS - Name Server Record
• SOA - Start Of Authority Record
• VM - Virtual Machine
• Vnet - Virtual Network

References

https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/identity/azure-ad

How synchronization works in Azure AD Domain Services

Globant CloudOps