Install A New Active Directory Forest On An Azure Virtual Network

01/01/2019 Install a New Active Directory forest on an Azure Virtual Network | Kirk Evans Blog
Sign in
Developer Network
Kirk Evans Blog
.NET From a Markup Perspective
Install a New Active Directory forest on
an Azure Virtual Network
★
★★
★★★
★★★★
★★★★★
January 21, 2015 by Kirk Evans[MSFT] // 4 Comments
Share 0 0 0
This post will show how to install a new Active Directory forest on an Azure Virtual Network. We will use this
domain controller and virtual network in subsequent posts.
DISCLAIMER: This post does not contain definitive guidance on the correct way to create a domain controller
in Azure. For more definitive guidance, please see TechNet guidance, including Guidelines for Deploying Win‐
dows Server Active Directory on Azure Virtual Machines. Please don’t expect that I will be able to answer sup‐
port issues for your particular AD deployment scenario.
I am going to loosely follow along with the article “Install a new Active Directory forest on an Azure virtual
network” to show how to set up a new forest, just adding pictures along the way.
That said, let’s just dive in.
Create an Affinity Group
I am going to use an affinity group because I want the compute and storage resources located closely togeth‐
er. I created an affinity group named “kirke‐java‐east”, but the name can be whatever you want.
https://blogs.msdn.microsoft.com/kaevans/2015/01/21/install-a-new-active-directory-forest-on-an-azure-virtual-network/ 1/13
Create a Storage Account
You can create a storage account as part of the wizard to create a new virtual machine, but I prefer to create it
ahead of time. I made sure to use the affinity group that we just created as the location.
Note that you can use zone redundant storage or geo‐replicated storage, but I chose to use locally redundant
to reduce costs. In a production scenario, I would provision according to requirements.
Create the Virtual Network
Start by creating a virtual network. Go to Networks / Virtual Networks and choose “Create a virtual network”.
Provide the name and region and click next. The virtual network doesn’t participate in the affinity group, so
we choose the same region as our affinity group.
Leave DNS servers blank, and don’t worry about creating a VPN just yet.
For the subnet address space, I chose to use a 10.0.0.0 start address with a CIDR of /24 ﴾256﴿.
Create the Cloud Service
Again, you could do this as part of the wizard to create a virtual machine, but I am showing the cloud service
creation separately for completeness. Create a new cloud service. I used the custom create option, but quick
create does the same thing. Use the same affinity group you chose previously.
Note that the name can be anything you want, what matters is the affinity group.
Create the Virtual Machine
Now create the virtual machine. Choose the latest Windows Server image from the gallery.
Next we’ll give some properties, including the size, login name, and password.
Now I can use the VNet, cloud service, and storage account that were created previously. I choose not to use
an availability set for the VM.
Note that we could have skipped the affinity group, because the virtual machine will be created in the same
location as the virtual network. I will use the affinity group in a subsequent post.
Finally, choose to install the VM Agent.
Click finish, and after some time your virtual machine will be created.
Set a Static IP Address
The IP address will remain for the duration that the VM is running, but can change if the VM is shut down. We
can use PowerShell to assign a static IP to our previously created VM. We use Test‐AzureStaticVNetIP to test if
it’s available ﴾IsAvailable=true, if it’s not available then we see the list of available addresses﴿.
We then assign the static IP.
The script I used is:
Code Snippet
1. TestAzureStaticVNetIP –VNetName KirkEJavaVNet –IPAddress 10.0.0.5
2. GetAzureVM ServiceName kirkejavaeast Name DC1 | SetAzureStaticVNetIP
IPAddress 10.0.0.5 | UpdateAzureVM

Create an Empty Disk and Format
The next screen is where you specify the size, for example 10 GB. Make sure to leave the other settings as the
default.
Once the virtual machine is done updating, connect to the VM using remote desktop. Once connected,
choose Tools / Computer Management.
Choose Disk Management, and you will be prompted to initialize the disk. Choose OK.
Once initialized, right‐click the new disk and choose “New Simple Volume”.
Next, next, next, Finish.
You are then prompted to format the disk. Choose “Format disk”.
Bob’s yer uncle, a new disk is now available.
Install Active Directory Domain Services
In the Server Manager dashboard, choose Add Roles and Features. Choose role‐based.
Use the local server ﴾pretty cool, notice the IP address is the static one that we used previously﴿.
Choose Active Directory Domain Services.
You will be prompted to add features. You need these, so click “Add Features”.
Click Next, and when prompted to add additional features just click Next.
You are prompted to install the selected roles and features. Click Install. Optionally you can automatically
restart the server. A restart is not required to install ADDS, but is required after you promote the machine to a
domain controller.
You can view progress while ADDS is being installed.
If you aren’t a fan of watching progress bars, you can close the wizard or wait for it to complete.
Once complete, you will see a warning icon in the dashboard. Click it to see the additional steps required.
Promote to a Domain Controller
The next step is to promote the VM to a domain controller. I am following along with the TechNet documen‐
tation, “Install a New Windows Server 2012 Active Directory Forest ﴾Level 200﴿”.Choose Add a new forest, and I
used the name “corp.blueskyabove.us”. Use your own name, of course.
I then leave the default functional levels, and provide a password.
On the delegation options screen, just click Next.
Leave the NetBIOS domain name.
Now change the drive letter to the drive we created before. Instead of putting the files on the OS drive, we
will use our new data disk, the E drive.
Next, Next, Install, and the server will automatically restart.
Log In
You can now log into your new domain controller, using the domain credentials. You can see that I now have
Active Directory Users and Computers, and can see that I am logged in as corp\myadmin.
Set the DNS Server for the Virtual Network
Now that we’ve created the domain controller, we can set it as the DNS server for the virtual network. Go to
the virtual network in the Azure management portal and go to the Configure tab. Set the name and IP of the
virtual machine and click Save.
Finally, select the VM and click Restart to trigger the VM to configure DNS resolver settings with the IP ad‐
dress of the new DNS server.
Congratulations, you now have a domain controller in Azure, and it is configured as the DNS server for the vir‐
tual network. We’ll use this in a subsequent post.
For More Information
Guidelines for Deploying Windows Server Active Directory on Azure Virtual Machines
Install a new Active Directory forest on an Azure virtual network
Configure a Static Internal IP Address for a VM
Install a New Windows Server 2012 Active Directory Forest ﴾Level 200﴿
Recent Posts
Join a Virtual Machine to Existing Domain with Key Vault and ARM templates
Losing 100 Pounds in 5 Months
Join a SUSE Linux Enterprise Server to an Azure AD Domain Services Managed Domain
Creating a Node.js Application Secured by Azure AD
Using Azure KeyVault to Store Secrets
Tags Active Directory Architecture Azure Interoperability PowerShell Security
Windows
Configuring a DC on Azure 3 years ago
Used this post from beginning to setup my first DC on Azure and everything worked exactly as described.
Great post and thanks! Learned a lot.
Kristina T 3 years ago
How should the second DC be set up?
I presume that it should have its own static IP address and have the same name for the root domain as the first
one.
In this case, I can’t see the application servers as computers under the second DC, and if the first DC machine
is restarting or it is down, I can’t log in on the application server using domain username
Any help appreciated
Kirk Evans[MSFT] 3 years ago
To create a second domain controller, create a new VM in the virtual network and set its IP to static. Up‐
date the custom DNS setting of the virtual network to set the secondary DNS server, all machines in the
virtual network will require a reboot for this change to take effect. If this is production, you should create
the new VM in an availability set to protect against outages. Finally, configure the new machine as a new
domain controller in an existing domain.
koti 2 years ago
Hey ,
Good post Thank you very much.
I have query on this post. Forest =corp.blueskyabove.us, Then what will be the domain ?
I am confused between domain and forest.
Regards
Koti Reddy
Comments are closed.
Dev centers Learning resources
Microsoft Virtual Academy
Windows
Channel 9
Interoperability Bridges
Office
MSDN Magazine
Visual Studio
Community
Nokia Forums
Blogs
Microsoft Azure Codeplex
More... Support
Self support
Programs
BizSpark ﴾for startups﴿
DreamSpark
Imagine Cup
Newsletter Privacy Terms of use Trademarks
© 2019 Microsoft

Install A New Active Directory Forest On An Azure Virtual Network

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Install A New Active Directory Forest On An Azure Virtual Network

Hochgeladen von

Copyright:

Verfügbare Formate

01/01/2019 Install a New Active Directory forest on an Azure Virtual Network | Kirk Evans Blog

Tags Active Directory Architecture Azure Interoperability PowerShell Security

Newsletter Privacy Terms of use Trademarks

Das könnte Ihnen auch gefallen