Test Lab Guide: Windows Server 2012 R2 Base Configuration in Windows Azure

Microsoft Corporation

Abstract This Microsoft Test Lab Guide (TLG) provides you with step-by-step instructions to create the Base Configuration test lab in a Windows Azure Virtual Network, using computers running Windows Server 2012 R2. With the resulting test lab, you can experiment with the new environment of Windows Azure, use it as a basis for application development, or build test labs based on other TLGs or one of your own design.

Copyright Information
This document is provided for informational purposes only and Microsoft makes no warranties, either express or implied, in this document. Information in this document, including URL and other Internet Web site references, is subject to change without notice. The entire risk of the use or the results from the use of this document remains with the user. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.

2014 Microsoft Corporation. All rights reserved. Date of last update: 2/25/2014 Microsoft, Windows, Active Directory, Internet Explorer, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.

All other trademarks are property of their respective owners.

Contents
Introduction ..................................................................................................................................... 5 In this guide .................................................................................................................................. 5 Test lab overview ......................................................................................................................... 5 User account control ................................................................................................................ 7 Ongoing costs of test lab virtual machines in Windows Azure ....................................................... 7 Step 1: Create the Windows Azure Virtual Network ....................................................................... 8 Create a virtual network named Corpnet .................................................................................... 8 Create a new cloud service for the Corpnet subnet .................................................................... 8 Step 2: Configure DC1 ..................................................................................................................... 8 Create a Windows Azure Virtual Machine for DC1 ...................................................................... 9 Add the data disk ....................................................................................................................... 10 Configure TCP/IP properties ...................................................................................................... 10 Configure DC1 as a domain controller and DNS server ............................................................. 11 Create a user account in Active Directory ................................................................................. 11 Configure DC1 to run a Windows PowerShell startup script ..................................................... 12 Step 3: Configure APP1 .................................................................................................................. 13 Create a Windows Azure Virtual Machine for APP1 .................................................................. 13 Configure TCP/IP properties ...................................................................................................... 14 Join APP1 to the CORP domain .................................................................................................. 14 Install the Web Server (IIS) role on APP1 ................................................................................... 15 Create a shared folder on APP1 ................................................................................................. 15 Configure APP1 to run a Windows PowerShell startup script ................................................... 16 Step 4: Configure CLIENT1 ............................................................................................................. 17 Create a Windows Azure Virtual Machine for CLIENT1 ............................................................. 17 Configure TCP/IP properties ...................................................................................................... 18 Join CLIENT1 to the CORP domain ............................................................................................. 18 Test access to intranet resources from the logical Corpnet subnet .......................................... 19 Configure CLIENT1 to run a Windows PowerShell startup script .............................................. 19 Additional Resources ..................................................................................................................... 20 Appendix........................................................................................................................................ 20 Set UAC behavior of the elevation prompt for administrators.................................................. 21 Starting the test lab virtual machines after being shut down ................................................... 21

Introduction
Test Lab Guides (TLGs) allow you to get hands-on experience with new products and technologies using a pre-defined and tested methodology that results in a working configuration. When you use a TLG to create a test lab, instructions tell you what servers to create, how to configure the operating systems and platform services, and how to install and configure any additional products or technologies. A TLG experience enables you to perform all of the configuration steps on both the front-end and back-end that go into a single- or multi-product or technology solution. The purpose of this TLG is to enable you to create the Windows Server 2012 R2 Base Configuration test lab as a set of virtual machines in a Windows Azure Virtual Network.

In this guide
This document contains instructions for setting up the Windows Server 2012 R2 Base Configuration test lab by deploying three server computers running Windows Server 2012 R2 as Windows Azure virtual machines. The resulting configuration simulates a private intranet that is connected to the Internet. Important The following instructions are for configuring the Windows Server 2012 R2 Base Configuration in Windows Azure test lab. Individual computers are needed to separate the services provided on the network and to clearly show the desired functionality. This configuration is neither designed to reflect best practices nor does it reflect a desired or recommended configuration for a production network. The configuration, including IP addresses and all other configuration parameters, is designed only to work on this test lab network.

Test lab overview

The Windows Server 2012 R2 Base Configuration in Windows Azure test lab consists of the following: One Windows Azure virtual machine running Windows Server 2012 R2 named DC1 that is configured as an intranet domain controller and Domain Name System (DNS) server. One Windows Azure virtual machine running Windows Server 2012 R2 named APP1 that is configured as a general application and web server. One Windows Azure virtual machine running Windows Server 2012 R2 named CLIENT1 that will act as an intranet client. The Windows Server 2012 R2 Base Configuration in Windows Azure test lab consists of one subnet in a Windows Azure Virtual Network named Corpnet that simulates a simplified intranet, as shown in Figure 1.

Figure 1 Windows Server 2012 R2 Base Configuration in Windows Azure

This configuration allows DC1, APP1, CLIENT1, and additional Corpnet subnet computers to be: Connected to the Internet to install updates, access Internet resources in real time, and participate in public cloud technologies such as Microsoft Office 365 and other Windows Azure services. Remotely managed using Remote Desktop Connections by your computer that is connected to the Internet or your organization network.

Key differences from the Test Lab Guide: Windows Server 2012 R2 Base Configurationwhich configures DC1, APP1, and CLIENT1 on an isolated subnetare the following: DC1 is no longer a DHCP server. It obtains its IPv4 address allocation from Windows Azure through DHCP. APP1 is now a DHCP client like DC1, rather than statically configured. APP1 and CLIENT1 are manually configured to use the IPv4 address of DC1 as their DNS server and with the DNS domain suffix corp.contoso.com. To provide name resolution for Internet resources, the DNS Server service on DC1 forwards DNS queries to the addresses of Internet DNS servers. Because Windows Azure does not currently offer a Windows 8.1 or Windows 8 virtual machine image, CLIENT1 runs Windows Server 2012 R2. Operating system configuration procedures are done almost exclusively through Windows PowerShell.

There are four steps to setting up the logical Corpnet subnet of the Windows Server 2012 R2 Base Configuration test lab in Windows Azure. 1. Create the Windows Azure Virtual Network.
6

2. Configure DC1. 3. Configure APP1. 4. Configure CLIENT1. Note You must be logged on as a member of the Domain Admins group or a member of the Administrators group on each computer to complete the tasks described in this guide. If you cannot complete a task while you are logged on with an account that is a member of the Administrators group, try performing the task while you are logged on with an account that is a member of the Domain Admins group. Important: The instructions for configuring the computers of the Corpnet subnet of the Base Configuration test lab are designed to be as simple as possible and require as few computers as possible. In some cases, servers provide multiple roles that would normally be placed on different servers. This configuration is neither designed to reflect best practices nor does it reflect a desired or recommended configuration for a production network. If you do not already have a Windows Azure account, you can sign up for a free trial at Try Windows Azure. User account control When you configure Windows 2012 R2, you are required to click Continue or Yes in the User Account Control (UAC) dialog box for some tasks. Several of the configuration tasks require UAC approval. When you are prompted, always click Continue or Yes to authorize these changes. Alternatively, see the Appendix of this guide for instructions about how to set the UAC behavior of the elevation prompt for administrators.

Ongoing costs of test lab virtual machines in Windows Azure

Virtual machines in Windows Azure incur an ongoing monetary cost when they are running. This cost is billed against your free trial or your paid subscription. For more information about the costs of running Windows Azure virtual machines, see Virtual Machines Pricing Details and Windows Azure Pricing Calculator. To minimize the cost of running the test lab virtual machines, you can do one of the following: Create the test lab and perform your needed testing and demonstration as quickly as possible. When complete, delete the test lab virtual machines from the Virtual Machines page of the Windows Azure Management Portal. Shut down your test lab virtual machines into a deallocated state from the Virtual Machines page of the Windows Azure Management Portal. The virtual machines in this test lab have been configured
7

to reconfigure their custom settings upon startup. However, the virtual machines must be started in a specific order. For more information, see Starting the test lab virtual machines after being shut down.

Step 1: Create the Windows Azure Virtual Network

First, you create the Windows Azure Virtual Network that will host the Corpnet subnet of the base configuration. Then, you create a Windows Azure cloud service. The cloud service acts as a security boundary and logical container for the virtual machines placed in the virtual network. It also provides a way for you to remotely connect to and manage the virtual machines on the Corpnet subnet.

Create a virtual network named Corpnet

1. In the Windows Azure Management Portal, click NETWORKS in the navigation pane, then click NEW -> NETWORK SERVICES -> VIRTUAL NETWORK -> CUSTOM CREATE. 2. On the Virtual Network Details page, type Corpnet in NAME. 3. In AFFINITY GROUP, select the appropriate affinity group. If you do not have an affinity group or need to create a new one, select Create a new affinity group, select the appropriate region in REGION, and then type the new group name in AFFINITY GROUP NAME. 4. Click the Next arrow icon . . . Wait until the virtual

5. On the DNS Servers and VPN Connectivity page, click the Next arrow icon 6. On the Virtual Network Address Spaces page, click the Complete icon network is created before continuing.

Create a new cloud service for the Corpnet subnet

1. In the Windows Azure Management Portal, click CLOUD SERVICES in the navigation pane, then click NEW -> COMPUTE -> CLOUD SERVICE -> QUICK CREATE. 2. In URL, type a unique name. For example, you could name it Corpnet-UniqueSequence, in which UniqueSequence is an abbreviation of your organization. For example, if your organization is named Tailspin Toys, you could name the cloud service Corpnet-Tailspin. Ensure that there is a green checkmark next to the name. This indicates that the name is unique. If you see a red exclamation and the message "The specified URL is already in use", you must choose another name. 3. In REGION OR AFFINITY GROUP, select the appropriate affinity group, as created in the previous procedure, or leave the affinity group set to its default value. DO NOT select a region. 4. Click the CREATE CLOUD SERVICE complete icon. Wait until the cloud service is created before continuing.

Step 2: Configure DC1

DC1 provides the following services: A domain controller for the corp.contoso.com Active Directory Domain Services (AD DS) domain.
8

A DNS server for virtual machines of the Windows Azure virtual network.

DC1 configuration consists of the following: Create a Windows Azure Virtual Machine for DC1. Add the data disk. Configure TCP/IP properties. Configure DC1 as a domain controller and DNS server. Create a user account in Active Directory. Configure DC1 to run a Windows PowerShell startup script.

Create a Windows Azure Virtual Machine for DC1

1. In the Windows Azure Management Portal, click VIRTUAL MACHINES in the navigation pane. 2. In the task bar, click NEW->COMPUTE->VIRTUAL MACHINE->FROM GALLERY. 3. On the Choose an Image page, click Windows Server 2012 R2 Datacenter, and then click the Next arrow icon. 4. On the Virtual machine configuration page: In VIRTUAL MACHINE NAME, type DC1. In SIZE, select Medium. In NEW USER NAME, type the name of a local administrator account. You will use this account when initially connecting and as an alternate set of credentials when DC1 becomes a domain controller. Choose a name that is not easy to guess. In NEW PASSWORD and CONFIRM, type a strong password for the local administrator account. 5. Click the Next arrow icon. 6. On the second Virtual machine configuration page: In CLOUD SERVICE, select the cloud service that you created in "Step 1: Create the Windows Azure Virtual Network." In REGION/AFFINITY GROUP/VIRTUAL NETWORK, select Corpnet. 7. Click the Next arrow icon. 8. On the third Virtual machine configuration page, in the PowerShell row, delete the default port number in the PUBLIC PORT column. 9. Click the Complete icon. Wait until Windows Azure creates the virtual machine. 10. On the virtual machines page of the Windows Azure Management Portal, click Running in the STATUS column for the DC1 virtual machine. 11. On the command bar, click Attach, and then select Attach Empty Disk. The Attach Empty Disk dialog box appears. The Storage Location and File Name boxes contain automatically generated names that do not need to be altered. 12. In the Size box, type 20. 13. Leave the Host Cache Preference set to the default value of NONE. 14. Click the Complete icon to attach the empty data disk. Wait until the status is Running before continuing (a few minutes). 15. In the task bar, click CONNECT.
9

16. When prompted to open DC1.rdp, click Open. 17. When prompted with a Remote Desktop Connection message box, click Connect. 18. When prompted for credentials, use the following: Name: DC1\[Local administrator account name] (from step 4) Password: [Local administrator account password] (from step 4) 19. When prompted with a Remote Desktop Connection message box referring to certificates, click Yes.

Add the data disk

Add the data disk as a new volume with the drive letter E:. 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. On the desktop of DC1, click the Server Manager icon ( ) in the taskbar. In the left pane of Server Manager, click File and Storage Services, and then click Disks. In the contents pane, in the DISKS group, click disk 2 (with the Partition set to Unknown). Click Tasks, and then click New Volume. On the Before you begin page of the New Volume Wizard, click Next. On the Select the server and disk, click Disk 2, and then click Next. When prompted, click OK. On the Specify the size of the volume page, click Next. On the Assign to a drive letter or folder page, click Next. On the Select file system settings page, click Next. On the Confirm selections page, click Create. When complete, click Close.

Configure TCP/IP properties

Configure the TCP/IP protocol with DNS settings and configure the Windows Firewall to allow traffic for the Ping tool. To open a Windows PowerShell command prompt, from the desktop, right-click the Windows PowerShell icon ( ), click Run as Administrator, and then click OK when prompted. From the Windows PowerShell command prompt, run the following commands:

10

Windows PowerShell commands

Set-DnsClient InterfaceAlias "Ethernet 2" ConnectionSpecificSuffix corp.contoso.com Set-NetFirewallRule -DisplayName "File and Printer Sharing (Echo Request - ICMPv4-In)" -enabled True

Configure DC1 as a domain controller and DNS server

To configure DC1 as a domain controller and DNS server for the corp.contoso.com domain, run the following commands:

Windows PowerShell commands

Note that you will be prompted to supply a Directory Services Restore Mode (DSRM) password and to restart DC1.
Install-WindowsFeature AD-Domain-Services -IncludeManagementTools Install-ADDSForest -DomainName corp.contoso.com -DatabasePath "E:\NTDS" -SysvolPath "E:\SYSVOL" -LogPath "E:\Logs"

After DC1 restarts, reconnect to the DC1 virtual machine. 1. On the virtual machines page of the Windows Azure Management Portal, click Running in the STATUS column for the DC1 virtual machine. 2. In the task bar, click CONNECT. 3. When prompted to open DC1.rdp, click Open. 4. When prompted with a Remote Desktop Connection message box, click Connect. 5. When prompted for credentials, use the following: Name: CORP\[Local administrator account name] (from step 4 of the "Create a Windows Azure Virtual Machine for DC1" procedure) Password: [Local administrator account password] (from step 4 of the "Create a Windows Azure Virtual Machine for DC1" procedure) 6. When prompted by a Remote Desktop Connection message box referring to certificates, click Yes.

Create a user account in Active Directory

To create a user account in Active Directory that will be used when logging in to CORP domain member computers, run the following commands at an administrator-level Windows PowerShell command prompt:
11

Windows PowerShell commands

Note that the first command results in a prompt to supply the User1 account password. Because this account will be used for remote desktop connections for all CORP domain member computers, choose a strong password.
New-ADUser -SamAccountName User1 -AccountPassword (read-host "Set user password" -assecurestring) -name "User1" enabled $true -PasswordNeverExpires $true -ChangePasswordAtLogon $false Add-ADPrincipalGroupMembership -Identity "CN=User1,CN=Users,DC=corp,DC=contoso,DC=com" -MemberOf "CN=Enterprise Admins,CN=Users,DC=corp,DC=contoso,DC=com","CN=Domain Admins,CN=Users,DC=corp,DC=contoso,DC=com"

Reconnect to the DC1 virtual machine using the CORP\User1 account. 1. Close the Remote Desktop Connection window for DC1. 2. On the virtual machines page of the Windows Azure Management Portal, click Running in the STATUS column for the DC1 virtual machine. 3. In the task bar, click CONNECT. 4. When prompted to open DC1.rdp, click Open. 5. When prompted with a Remote Desktop Connection message box, click Connect. 6. When prompted for credentials, use the following: Name: CORP\User1 Password: [User1 account password] 7. When prompted by a Remote Desktop Connection message box referring to certificates, click Yes.

Configure DC1 to run a Windows PowerShell startup script

To ensure that DC1 keeps its custom DNS settings when it is started from a Stopped (Deallocated) state, you need to create a Windows PowerShell script and then configure it to run at startup. 1. From the desktop, open an administrator-level Windows PowerShell command prompt and run the Set-ExecutionPolicy Unrestricted command. 2. From the Start screen, type Notepad, and then click the Notepad icon. 3. In Notepad, type or copy the following lines:
$a=Get-NetAdapter Set-DNSClientServerAddress -InterfaceIndex $a.ifIndex -ServerAddresses 127.0.0.1 Set-DNSClient -InterfaceIndex $a.ifIndex -ConnectionSpecificSuffix corp.contoso.com

4. Click File, and then click Save As.

12

5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16.

In the Save As window, click Local Disc (C:), and then click New Folder. Type Scripts for the folder name, and then press Enter. Double-click the new Scripts folder. In File name, type DNSConfig.ps1, and then click Save. Close Notepad. From the Start screen, type mmc.exe, press Enter, and then click Yes when prompted. In the Console1 window, click File, and then click Add/Remove Snap-in. In Add or Remove Snap-ins, in the Available snap-ins list, click Group Policy Object Editor, click Add, click Finish, and then click OK. In the tree pane, open Local Computer Policy -> Computer Configuration -> Windows Settings, and then click Scripts (Startup/Shutdown). In the contents pane, double-click Startup. In Startup Properties, click the PowerShell Scripts tab, and then click Add. In Add a Script, click Browse, point to the C:\Scripts\DNSConfig.ps1 file, and then click OK twice. Close the Console1 window without saving changes.

Step 3: Configure APP1

APP1 provides web and file sharing services. APP1 configuration consists of the following: Create a Windows Azure Virtual Machine for APP1. Configure TCP/IP properties. Join APP1 to the CORP domain. Install the Web Server (IIS) role on APP1. Create a shared folder on APP1. Configure APP1 to run a Windows PowerShell startup script.

Create a Windows Azure Virtual Machine for APP1

1. In the Windows Azure Management Portal, click VIRTUAL MACHINES in the navigation pane. 2. In the task bar, click NEW->COMPUTE->VIRTUAL MACHINE->FROM GALLERY. 3. On the Choose an Image page, click Windows Server 2012 R2 Datacenter, and then click the Next arrow icon. 4. On the Virtual machine configuration page: In VIRTUAL MACHINE NAME, type APP1. In SIZE, select Small. In NEW USER NAME, type the name of a local administrator account. You will use this account when initially connecting and as an alternate set of credentials once APP1 has joined the CORP domain. Choose a name that is not easy to guess. In NEW PASSWORD and CONFIRM, type a strong password for the local administrator account. 5. Click the Next arrow icon. 6. On the second Virtual machine configuration page:
13

7. 8. 9. 10. 11. 12. 13. 14. 15.

16.

In CLOUD SERVICE, select the cloud service that you created in "Step 1: Create the Windows Azure Virtual Network." In REGION/AFFINITY GROUP/VIRTUAL NETWORK, select Corpnet. Click the Next arrow icon. On the third Virtual machine configuration page, in the PowerShell row, delete the default port number in the PUBLIC PORT column. Click the complete icon. Wait until Windows Azure creates the virtual machine. On the virtual machines page of the Windows Azure Management Portal, click Running in the STATUS column for the APP1 virtual machine. In the task bar, click CONNECT. When prompted to open APP1.rdp, click Open. When prompted with a Remote Desktop Connection message box, click Connect. When prompted for credentials, use the following: Name: APP1\[Local administrator account name] (from step 4) Password: [Local administrator account password] (from step 4) When prompted with a Remote Desktop Connection message box referring to certificates, click Yes.

Configure TCP/IP properties

On APP1, open an administrator-level Windows PowerShell command prompt. Configure TCP/IP to use the IP address of DC1 as its primary DNS server and the corp.contoso.com connection-specific suffix with the following commands:

Windows PowerShell commands

Set-DnsClientServerAddress -InterfaceAlias "Ethernet 2" ServerAddresses 10.0.0.4 Set-DnsClient InterfaceAlias "Ethernet 2" ConnectionSpecificSuffix corp.contoso.com

To check name resolution and network communication between APP1 and DC1, run the ping dc1.corp.contoso.com command at the Windows PowerShell command prompt and verify that there are four replies.

Join APP1 to the CORP domain

To join APP1 to the CORP domain, run the following commands at the Windows PowerShell command prompt:
14

Windows PowerShell commands

Note that you must supply your CORP\User1 account domain credentials after entering the AddComputer command.
Add-Computer -DomainName corp.contoso.com Restart-Computer

Reconnect to the APP1 virtual machine. 1. After APP1 restarts, on the virtual machines page of the Windows Azure Management Portal, click Running in the STATUS column for the APP1 virtual machine. 2. In the task bar, click CONNECT. 3. When prompted to open APP1.rdp, click Open. 4. When prompted with a Remote Desktop Connection message box, click Connect. 5. When prompted for credentials, use the following: Name: CORP\User1 Password: [User1 account password] 6. When prompted by a Remote Desktop Connection message box referring to certificates, click Yes.

Install the Web Server (IIS) role on APP1

On APP1, open an administrator-level Windows PowerShell command prompt. To install the Web Server (IIS) role and make APP1 a web server, run the following command:

Windows PowerShell command

Install-WindowsFeature Web-WebServer -IncludeManagementTools

Create a shared folder on APP1

To create a shared folder and a text file within the folder on APP1, run the following commands:

Windows PowerShell commands 15

New-Item -path c:\files -type directory Write-Output "This is a shared file." | out-file c:\files\example.txt New-SmbShare -name files -path c:\files -changeaccess CORP\User1

Configure APP1 to run a Windows PowerShell startup script

To ensure that APP1 keeps its custom DNS settings when it is started from a Stopped (Deallocated) state, you need to create a Windows PowerShell script and then configure it to run at startup. 1. From the desktop, open an administrator-level Windows PowerShell command prompt as needed and run the Set-ExecutionPolicy Unrestricted command. 2. From the Start screen, type Notepad, and then click the Notepad icon. 3. In Notepad, type or copy the following lines:
$a=Get-NetAdapter Set-DNSClientServerAddress -InterfaceIndex $a.ifIndex -ServerAddresses 10.0.0.4 Set-DNSClient -InterfaceIndex $a.ifIndex -ConnectionSpecificSuffix corp.contoso.com

4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16.

Click File, and then click Save As. In the Save As window, click Local Disc (C:), and then click New Folder. Type Scripts for the folder name, and then press Enter. Double-click the new Scripts folder. In File Name, type DNSConfig.ps1, and then click Save. Close Notepad. From the Start screen, type mmc.exe, press Enter, and then click Yes when prompted. In the Console1 window, click File, and then click Add/Remove Snap-in. In Add or Remove Snap-ins, in the Available snap-ins list, click Group Policy Object Manager, click Add, click Finish, and then click OK. In the tree pane, open Local Computer Policy -> Computer Configuration -> Windows Settings, and then click Scripts (Startup/Shutdown). In the contents pane, double-click Startup. In Startup Properties, click the PowerShell Scripts tab, and then click Add. In Add a Script, click Browse, point to the C:\Scripts\DNSConfig.ps1 file, and then click OK twice. Close the Console1 window without saving changes.

Note that the Create a Windows Azure Virtual Machine, Configure TCP/IP properties, Join APP1 to the CORP domain, and Configure APP1 to run a Windows PowerShell startup script procedures in this section can also be used to add more Windows Server R2 2012-based computers to the Corpnet subnet.

16

Step 4: Configure CLIENT1

CLIENT1 configuration consists of the following: Create a Windows Azure Virtual Machine. Configure TCP/IP properties. Join CLIENT1 to the CORP domain. Test access to intranet resources on the logical Corpnet subnet. Configure CLIENT1 to run a Windows PowerShell startup script.

Windows Azure does not currently offer a Windows 8.1 or Windows 8 image. Therefore, the CLIENT1 computer will be running Windows Server 2012 R2.

Create a Windows Azure Virtual Machine for CLIENT1

1. In the Windows Azure Management Portal, click VIRTUAL MACHINES in the navigation pane. 2. In the task bar, click NEW->COMPUTE->VIRTUAL MACHINE->FROM GALLERY. 3. On the Choose an Image page, click Windows Server 2012 R2 Datacenter, and then click the Next arrow icon. 4. On the Virtual machine configuration page: In VIRTUAL MACHINE NAME, type CLIENT1. In SIZE, select Small. In NEW USER NAME, type the name of a local administrator account. You will use this account when initially connecting and as an alternate set of credentials once CLIENT1 has joined the CORP domain. Choose a name that is not easy to guess. In NEW PASSWORD and CONFIRM, type a strong password for the local administrator account. 5. Click the Next arrow icon. 6. On the second Virtual machine configuration page: In CLOUD SERVICE, select the cloud service that you created in "Step 1: Create the Windows Azure Virtual Network." In REGION/AFFINITY GROUP/VIRTUAL NETWORK, select Corpnet. 7. Click the Next arrow icon. 8. On the third Virtual machine configuration page, in the PowerShell row, delete the default port number in the PUBLIC PORT column. 9. Click the Complete icon. 10. Wait until Windows Azure creates the virtual machine. 11. On the virtual machines page of the Windows Azure Management Portal, click Running in the STATUS column for the CLIENT1 virtual machine. 12. In the task bar, click CONNECT. 13. When prompted to open CLIENT1.rdp, click Open. 14. When prompted with a Remote Desktop Connection message box, click Connect. 15. When prompted for credentials, use the following: Name: CLIENT1\[Local administrator account name] (from step 4) Password: [Local administrator account password] (from step 4)
17

16. When prompted with a Remote Desktop Connection message box referring to certificates, click Yes.

Configure TCP/IP properties

On CLIENT1, open an administrator-level Windows PowerShell command prompt. To configure TCP/IP to use the IP address of DC1 as its primary DNS server and the corp.contoso.com connection-specific suffix., run the following commands:

Windows PowerShell commands

Set-DnsClientServerAddress -InterfaceAlias "Ethernet 2" ServerAddresses 10.0.0.4 Set-DnsClient InterfaceAlias "Ethernet 2" ConnectionSpecificSuffix corp.contoso.com

To check name resolution and network communication between CLIENT1 and DC1, run the ping dc1.corp.contoso.com command at the Windows PowerShell command prompt and verify that there are four replies.

Join CLIENT1 to the CORP domain

To join CLIENT1 to the corp.contoso.com domain, run the following commands:

Windows PowerShell commands

Note that you must supply the CORP\User1 account domain credentials after entering the AddComputer command.
Add-Computer -DomainName corp.contoso.com Restart-Computer

Reconnect to the CLIENT1 virtual machine. 1. After CLIENT1 restarts, on the virtual machines page of the Windows Azure Management Portal, click Running in the STATUS column for the CLIENT1 virtual machine.
18

2. 3. 4. 5.

In the task bar, click CONNECT. When prompted to open CLIENT1.rdp, click Open. When prompted with a Remote Desktop Connection message box, click Connect. When prompted for credentials, use the following: Name: CORP\User1 Password: [User1 account password] 6. When prompted by a Remote Desktop Connection message box referring to certificates, click Yes.

Test access to intranet resources from the logical Corpnet subnet

Verify that you can access web and file share resources on APP1 from CLIENT1. 1. From the Start screen, click the Internet Explorer icon. 2. In the Address bar, type http://app1.corp.contoso.com/, and then press ENTER. You should see the default IIS 8 web page for APP1. 3. From the Start screen or the desktop taskbar, click the File Explorer icon. 4. In the address bar, type \\app1\Files, and then press ENTER. 5. You should see a folder window with the contents of the Files shared folder. 6. In the Files shared folder window, double-click the Example.txt file. You should see the contents of the Example.txt file. 7. Close the example.txt - Notepad and the Files shared folder windows.

Configure CLIENT1 to run a Windows PowerShell startup script

To ensure that CLIENT1 keeps its custom DNS settings when it is started from a Stopped (Deallocated) state, you need to create a Windows PowerShell script and then configure it to run at startup. 1. From the desktop, open an administrator-level Windows PowerShell command prompt as needed and run the Set-ExecutionPolicy Unrestricted command. 2. From the Start screen, type Notepad, and then click the Notepad icon. 3. In Notepad, type or copy the following lines:
$a=Get-NetAdapter Set-DNSClientServerAddress -InterfaceIndex $a.ifIndex -ServerAddresses 10.0.0.4 Set-DNSClient -InterfaceIndex $a.ifIndex -ConnectionSpecificSuffix corp.contoso.com

4. 5. 6. 7. 8. 9. 10.

Click File, and click then Save As. In the Save As window, click Local Disc (C:), and then click New Folder. Type Scripts for the folder name, and then press Enter. Double-click the new Scripts folder. In File Name, type DNSConfig.ps1, and then click Save. Close Notepad. From the Start screen, type mmc.exe, press Enter, and then click Yes when prompted. In the Console1 window, click File, and then click Add/Remove Snap-in.
19

11. In Add or Remove Snap-ins, in the Available snap-ins list, click Group Policy Object Manager, click Add, click Finish, and then click OK. 12. In the tree pane, open Local Computer Policy > Computer Configuration > Windows Settings, and then click Scripts (Startup/Shutdown). 13. In the contents pane, double-click Startup. 14. In Startup Properties, click the PowerShell Scripts tab, and then click Add. 15. In Add a Script, click Browse, point to the C:\Scripts\DNSConfig.ps1 file, and then click OK twice. 16. Close the Console1 window without saving changes.

Note that the Create the Windows Azure Virtual Machine, Configure TCP/IP properties, Join CLIENT1 to the CORP domain, and Configure CLIENT1 to run a Windows PowerShell startup script procedures in this section can also be used to add more client computers to the Corpnet subnet. Your base configuration in Windows Azure is now ready for experimentation and additional TLGs.

Additional Resources
For more information about Windows Azure infrastructure services, see Infrastructure Services | Windows Azure. To provide the authors of this guide with feedback or suggestions for improvement, send an email message to tlgfb@microsoft.com. We strongly encourage you to develop and publish your own TLG content, either in the TechNet Wiki (example: Test Lab Guide: Demonstrate Remote Access VPNs) or in your own publishing forum (example: Test Lab Guide (Part 1) - Demonstrate TMG PPTP, L2TP/IPsec and SSTP Remote Access VPN Server). If you want to publish your TLG content in the TechNet wiki, see the How to contribute series of TLG blog posts for information about the types of content you can create and for links to templates, guidance, and examples. For a list of additional Microsoft TLGs, see Test Lab Guides in the TechNet Wiki.

Appendix
This appendix describes how to change the default User Account Control (UAC) behavior and starting the test lab virtual machines after being shut down.
20

Set UAC behavior of the elevation prompt for administrators

By default, UAC is enabled in Windows Server 2012 R2 and Windows 8.1. This service will prompt for permission to continue during several of the configuration tasks described in this guide. In all cases, you can click Continue in the UAC dialog box to grant this permission, or you can use the following procedure to change the UAC behavior of the elevation prompt for administrators. To set UAC behavior of the elevation prompt for administrators 1. From the Start screen, type secpol.msc, and press ENTER. 2. In the console tree, open Local Policies, and then click Security Options. 3. In the contents pane, double-click User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode. 4. Select Elevate without prompting in the list, and then click OK. 1. 6. Close the Local Security Policy window.

Starting the test lab virtual machines after being shut down
To ensure that your virtual machines work properly when starting them from the Stopped (Deallocated) state, do the following. 1. From the Virtual Machines page of the Windows Azure Management Portal, click Running next to DC1, and then click Start. Wait for DC1 to complete its start-up process. 2. From the Virtual Machines page of the Windows Azure Management Portal, click Running next to APP1, and then click Start. 3. From the Virtual Machines page of the Windows Azure Management Portal, click Running next to CLIENT1, and then click Start. Based on the commands in the Windows PowerShell startup scripts, DC1, APP1, and CLIENT1 are now running and correctly configured for the corp.contoso.com domain within the Corpnet virtual network. For additional computers in the Corpnet virtual network, repeat step 3 in this procedure, substituting CLIENT1 for the test lab computer name.

21