Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
branch: master
144 lines (90 sloc) 12.377 kb

Install a new Active Directory forest on an Azure virtual network

This topic shows how to create a new Windows Server Active Directory environment on an Azure virtual network on a virtual machine (VM) on an Azure virtual network. In this case, the Azure virtual network is not connected to an on-premises network.

You might also be interested in these related topics:

How does this differ from on-premises?

There is not much difference between installing a domain controller on Azure versus on-premises. The main differences are listed in the following table.

To configure... On-premises Azure virtual network
IP address for the domain controller Assign static IP address on the network adapter properties Run the Set-AzureStaticVNetIP cmdlet to assign a static IP address
DNS client resolver Set Preferred and Alternate DNS server address on the network adapter properties of domain members Set DNS server address on the the virtual network properties
Active Directory database storage Optionally change the default storage location from C:\ You need to change default storage location from C:\

Create an Azure virtual network

  1. Sign in to the Azure Management Portal.
  2. Create a virtual network. Click Networks > Create a virtual network. Use the values in the following table to complete the wizard.

    On this wizard page… Specify these values
    Virtual Network Details

    Name: Enter a name for your virtual network

    Region: Choose the closest region

    DNS and VPN

    Leave DNS server blank

    Don't select either VPN option

    Virtual network address spaces

    Subnet name: Enter a name for your subnet

    Starting IP: 10.0.0.0

    CIDR: /24 (256)

Create VMs to run the domain controller and DNS server roles

Repeat the following steps to create VMs to host the DC role as needed. You should deploy at least two virtual DCs to provide fault tolerance and redundancy. If the Azure virtual network includes at least two DCs that are similarly configured (that is, they are both GCs, run DNS server, and neither holds any FSMO role, and so on) then place the VMs that run those DCs in an availability set for improved fault tolerance.

To create the VMs by using Windows PowerShell instead of the UI, see Use Azure PowerShell to create and preconfigure Windows-based Virtual Machines.

  1. In the Azure Management portal, click New > Compute > Virtual Machine > From Gallery. Use the following values to complete the wizard. Accept the default value for a setting unless another value is suggested or required.

    On this wizard page… Specify these values
    Choose an Image Windows Server 2012 R2 Datacenter
    Virtual Machine Configuration

    Virtual Machine Name: Type a single label name (such as AzureDC1).

    New User Name: Type the name of a user. This user will be a member of the local Administrators group on the VM. You will need this name to sign in to the VM for the first time. The built-in account named Administrator will not work.

    New Password/Confirm: Type a password

    Virtual Machine Configuration

    Cloud Service: Choose Create a new cloud service for the first VM and select that same cloud service name when you create more VMs that will host the DC role.

    Cloud Service DNS Name: Specify a globally unique name

    Region/Affinity Group/Virtual Network: Specify the virtual network name (such as WestUSVNet).

    Storage Account: Choose Use an automatically generated storage account for the first VM and then select that same storage account name when you create more VMs that will host the DC role.

    Availability Set: Choose Create an availability set.

    Availability set name: Type a name for the availability set when you create the first VM and then select that same name when you create more VMs.

    Virtual Machine Configuration

    Select Install the VM Agent and any other extensions you need.

  2. Attach a disk to each VM that will run the DC server role. The additional disk is needed to store the AD database, logs, and SYSVOL. Specify a size for the disk (such as 10 GB) and leave the Host Cache Preference set to None. For the steps, see How to Attach a Data Disk to a Windows Virtual Machine.
  3. After you first sign in to the VM, open Server Manager > File and Storage Services to create a volume on this disk using NTFS.
  4. Reserve a static IP address for VMs that will run the DC role. To reserve a static IP address, download the Microsoft Web Platform Installer and install Azure PowerShell and run the Set-AzureStaticVNetIP cmdlet. For example:

    'Get-AzureVM -ServiceName AzureDC1 -Name AzureDC1 | Set-AzureStaticVNetIP -IPAddress 10.0.0.4 | Update-AzureVM

For more information about setting a static IP address, see Configure a Static Internal IP Address for a VM.

Install Windows Server Active Directory

Use the same routine to install AD DS that you use on-premises (that is, you can use the UI, an answer file, or Windows PowerShell). You need to provide Administrator credentials to install a new forest. To specify the location for the Active Directory database, logs, and SYSVOL, change the default storage location from the operating system drive to the additional data disk that you attached to the VM.

After the DC installation finishes, connect to the VM again and log on to the DC. Remember to specify domain credentials.

Reset the DNS server for the Azure virtual network

  1. Reset the DNS forwarder setting on the new DC/DNS server.
    1. In Server Manager, click Tools > DNS.
    2. In DNS Manager, right-click the name of the DNS server and click Properties.
    3. On the Forwarders tab, click the IP address of the forwarder and click Edit. Select the IP address and click Delete.
    4. Click OK to close the editor and Ok again to close the DNS server properties.
  2. Update the DNS server setting for the virtual network.
    1. Click Virtual Networks > double-click the virtual network you created > Configure > DNS servers, type the name and the DIP of one of the VMs that runs the DC/DNS server role and click Save.
    2. Select the VM and click Restart to trigger the VM to configure DNS resolver settings with the IP address of the new DNS server.

Create VMs for domain members

  1. Repeat the following steps to create VMs to run as application servers. Accept the default value for a setting unless another value is suggested or required.

    On this wizard page… Specify these values
    Choose an Image Windows Server 2012 R2 Datacenter
    Virtual Machine Configuration

    Virtual Machine Name: Type a single label name (such as AppServer1).

    New User Name: Type the name of a user. This user will be a member of the local Administrators group on the VM. You will need this name to sign in to the VM for the first time. The built-in account named Administrator will not work.

    New Password/Confirm: Type a password

    Virtual Machine Configuration

    Cloud Service: Choose Create a new cloud service for the first VM and select that same cloud service name when you create more VMs that will host the application.

    Cloud Service DNS Name: Specify a globally unique name

    Region/Affinity Group/Virtual Network: Specify the virtual network name (such as WestUSVNet).

    Storage Account: Choose Use an automatically generated storage account for the first VM and then select that same storage account name when you create more VMs that will host the application.

    Availability Set: Choose Create an availability set.

    Availability set name: Type a name for the availability set when you create the first VM and then select that same name when you create more VMs.

    Virtual Machine Configuration

    Select Install the VM Agent and any other extensions you need.

  2. After each VM is provisioned, sign in and join it to the domain. In Server Manager, click Local Server > WORKGROUP > Change… and then select Domain and type the name of your on-premises domain. Provide credentials of a domain user, and then restart the VM to complete the domain join.

To create the VMs by using Windows PowerShell instead of the UI, see Use Azure PowerShell to create and preconfigure Windows-based Virtual Machines.

For more information about using Windows PowerShell, see Get Started with Azure Cmdlets and Azure Cmdlet Reference.

See Also

Jump to Line
Something went wrong with that request. Please try again.