This post will show how to install a new Active Directory forest on an Azure Virtual Network. We will use this domain controller and virtual network in subsequent posts.
DISCLAIMER: This post does not contain definitive guidance on the correct way to create a domain controller in Azure. For more definitive guidance, please see TechNet guidance, including Guidelines for Deploying Windows Server Active Directory on Azure Virtual Machines. Please don’t expect that I will be able to answer support issues for your particular AD deployment scenario.
I am going to loosely follow along with the article “Install a new Active Directory forest on an Azure virtual network” to show how to set up a new forest, just adding pictures along the way.
That said, let’s just dive in.
Create an Affinity Group
I am going to use an affinity group because I want the compute and storage resources located closely together. I created an affinity group named “kirke-java-east”, but the name can be whatever you want.
Create a Storage Account
You can create a storage account as part of the wizard to create a new virtual machine, but I prefer to create it ahead of time. I made sure to use the affinity group that we just created as the location.
Note that you can use zone redundant storage or geo-replicated storage, but I chose to use locally redundant to reduce costs. In a production scenario, I would provision according to requirements.
Create the Virtual Network
Start by creating a virtual network. Go to Networks / Virtual Networks and choose “Create a virtual network”. Provide the name and region and click next. The virtual network doesn’t participate in the affinity group, so we choose the same region as our affinity group.
Leave DNS servers blank, and don’t worry about creating a VPN just yet.
For the subnet address space, I chose to use a 10.0.0.0 start address with a CIDR of /24 (256).
Create the Cloud Service
Again, you could do this as part of the wizard to create a virtual machine, but I am showing the cloud service creation separately for completeness. Create a new cloud service. I used the custom create option, but quick create does the same thing. Use the same affinity group you chose previously.
Note that the name can be anything you want, what matters is the affinity group.
Create the Virtual Machine
Now create the virtual machine. Choose the latest Windows Server image from the gallery.
Next we’ll give some properties, including the size, login name, and password.
Now I can use the VNet, cloud service, and storage account that were created previously. I choose not to use an availability set for the VM.
Note that we could have skipped the affinity group, because the virtual machine will be created in the same location as the virtual network. I will use the affinity group in a subsequent post.
Finally, choose to install the VM Agent.
Click finish, and after some time your virtual machine will be created.
Set a Static IP Address
The IP address will remain for the duration that the VM is running, but can change if the VM is shut down. We can use PowerShell to assign a static IP to our previously created VM. We use Test-AzureStaticVNetIP to test if it’s available (IsAvailable=true, if it’s not available then we see the list of available addresses).
We then assign the static IP.
The script I used is:
Create an Empty Disk and Format
The next screen is where you specify the size, for example 10 GB. Make sure to leave the other settings as the default.
Once the virtual machine is done updating, connect to the VM using remote desktop. Once connected, choose Tools / Computer Management.
Choose Disk Management, and you will be prompted to initialize the disk. Choose OK.
Once initialized, right-click the new disk and choose “New Simple Volume”.
Next, next, next, Finish.
You are then prompted to format the disk. Choose “Format disk”.
Bob’s yer uncle, a new disk is now available.
Install Active Directory Domain Services
In the Server Manager dashboard, choose Add Roles and Features. Choose role-based.
Use the local server (pretty cool, notice the IP address is the static one that we used previously).
Choose Active Directory Domain Services.
You will be prompted to add features. You need these, so click “Add Features”.
Click Next, and when prompted to add additional features just click Next.
You are prompted to install the selected roles and features. Click Install. Optionally you can automatically restart the server. A restart is not required to install ADDS, but is required after you promote the machine to a domain controller.
You can view progress while ADDS is being installed.
If you aren’t a fan of watching progress bars, you can close the wizard or wait for it to complete.
Once complete, you will see a warning icon in the dashboard. Click it to see the additional steps required.
Promote to a Domain Controller
The next step is to promote the VM to a domain controller. I am following along with the TechNet documentation, “Install a New Windows Server 2012 Active Directory Forest (Level 200)”.Choose Add a new forest, and I used the name “corp.blueskyabove.us”. Use your own name, of course.
I then leave the default functional levels, and provide a password.
On the delegation options screen, just click Next.
Leave the NetBIOS domain name.
Now change the drive letter to the drive we created before. Instead of putting the files on the OS drive, we will use our new data disk, the E drive.
Next, Next, Install, and the server will automatically restart.
You can now log into your new domain controller, using the domain credentials. You can see that I now have Active Directory Users and Computers, and can see that I am logged in as corp\myadmin.
Set the DNS Server for the Virtual Network
Now that we’ve created the domain controller, we can set it as the DNS server for the virtual network. Go to the virtual network in the Azure management portal and go to the Configure tab. Set the name and IP of the virtual machine and click Save.
Finally, select the VM and click Restart to trigger the VM to configure DNS resolver settings with the IP address of the new DNS server.
Congratulations, you now have a domain controller in Azure, and it is configured as the DNS server for the virtual network. We’ll use this in a subsequent post.